Is PRACTIS HIPAA compliant?

Yes, PRACTIS is fully HIPAA compliant with SOC 2 Type II certification, AES-256 encryption, comprehensive audit logging, and executed BAAs with all customers.

Where is my data stored?

All data is stored in HIPAA-compliant US-based data centers with redundant backups and 99.99% uptime SLA.

Compliance & SecurityUpdated Dec 20, 2025

HIPAA Compliance in PRACTIS

How PRACTIS ensures HIPAA compliance with encryption, access controls, audit logging, and Business Associate Agreements.

1

Data encryption

PRACTIS encrypts all data at rest (AES-256) and in transit (TLS 1.3). Protected Health Information (PHI) is stored in HIPAA-compliant data centers with SOC 2 Type II certification.

2

Access controls

Role-based access control (RBAC) ensures team members only access data relevant to their role. Admins can configure granular permissions for each user, and all access is logged for audit purposes.

3

Audit logging

Every access to PHI is logged with timestamp, user identity, action performed, and data accessed. Audit logs are retained for 7 years and can be exported for compliance reviews.

4

Business Associate Agreement

PRACTIS executes a BAA with every customer before any PHI is processed. The BAA covers all subprocessors and is available for download from Settings > Compliance > BAA.

Frequently Asked Questions

Newsletter

Get our weekly PT practice insights

Join 2,400+ practice owners receiving actionable tips on AI automation, billing optimization, and compliance every Thursday.

2,400+ subscribers

No spam, ever. Unsubscribe anytime.

PreviousAPI Access and Webhooks NextBusiness Associate Agreement Setup