Caretivity Security & HIPAA Compliance Information
Caretivity’s parent organization, Northwoods, has been building software for social services organizations since 2003. We take data security and privacy very seriously and build it into everything we create from the beginning. Here is a list of some of the measures we take to ensure that Caretivity protects your information and remains HIPAA-compliant.
The data users enter into Caretivity is encrypted in transit and at rest. This means that nobody without explicit access is able to read that information. For example, any conversations that occur within the app are encrypted and not able to be read by anyone except for those team members who have been invited to a team to view that information.
Users with authorization to view a team and its contents, such as team name, team members, the case plan, and the conversations of that team, will be required to set up a unique username and password. Our password requirements follow industry-standard rules of a minimum of 8 characters, including one uppercase character, one lowercase character, and one number. Users will need to verify their identity by entering this username and password in order to view the contents of their teams.
Secure Cloud Storage & Services
The data we collect is stored in a secured, cloud-based data warehouse (Amazon Web Services, used by many highly-regulated industries) using their HIPAA-compliant and FedRAMP-compliant services. We only use the services from this list of HIPAA-eligible services, each configured to be HIPAA compliant.
None of the information you enter into Caretivity is sold or shared to any third party. The only third parties able to view teams and their content within the Caretivity app are team members who have been explicitly invited by the team owner.
Business Associate Agreement (BAA)