HIPAA Compliance

Is Spruce HIPAA-compliant?

Yes. Spruce can be used in a HIPAA-compliant manner. You electronically agreed to our BAA when you created your Spruce account and agreed to our provider terms which can be found here: https://www.sprucehealth.com/terms-organizations.

Any communication that occurs entirely on Spruce (app-to-app messaging with providers or patients, or telemedicine within a secure messaging thread) is inherently secure and encrypted. Communication through standard channels (e.g., email or texting) that occurs over Spruce can also be HIPAA-compliant, but this is situation-dependent. We wrote a white paper on the topic that you can read here.

Standard telephone calls made via Spruce are compliant with the technical requirements of HIPAA, and Spruce stores any voicemails left for you in a way that is compatible with HIPAA.

Still need help? Contact Us Contact Us