Caretivity Security & HIPAA Compliance Information
Caretivity’s parent organization, Northwoods, has been building software for social services organizations since 2003. We take data security and privacy very seriously and build it into everything we create from the beginning. Here is a list of some of the measures we take to ensure that Caretivity protects your information and remains HIPAA-compliant.
The data users enter into Caretivity is encrypted at in-transit and at-rest. This means that nobody without explicit access is able to read that information. For example, any conversations that occur within the app are encrypted and not able to be read by anyone except for those team members who have been invited to a team to view that information.
Users with authorization to view a Team and its contents, such as Team Name, Team Members, the Case Plan, and the conversations of that Team, will be required to set up a unique username and password. Our password requirements follow industry-standard rules of a minimum of 8 characters, including one upper-case character, one lower-case character, and one number. Users will need to verify their identity by entering this username and password in order to view the contents of their Teams.
Secure Cloud-Storage & Services
The data we collect is stored in a secured cloud-based data warehouse (Amazon Web Services) used by many highly-regulated industries using their HIPAA-compliant and FedRAMP-compliant services. We only use AWS services from this list of HIPAA-eligible services, each configured to be HIPAA compliant.
None of the information you enter into Caretivity is sold or shared to any third-party. As mentioned above, only the third-parties able to view Teams and their contents within the Caretivity app are Team Members who have been explicitly invited by the Team Owner.
Business Associate Agreement (BAA)