Skip to main content
AboutHow It WorksPricingBlog
Coming Soon

The modern marketplace for healthcare professionals — launching soon. Join thousands of clinicians and facilities already on the waitlist.

HIPAA-ready platform
SOC 2 Type II infrastructure

Be first in line

Get priority access when we launch. No credit card required.

Stay Updated

Get launch updates and healthcare industry insights.

Get Started

  • Request Early Access
  • Create Account
  • Sign In
  • How It Works
  • Pricing

Platform

  • For Clinicians
  • For Facilities
  • Enterprise
  • Testimonials
  • Case Studies

Resources

  • Blog
  • FAQ
  • Trust & Safety
  • Legal
  • Contact Us

Company

  • About Us
  • Careers
  • Press

Follow Us

  • LinkedIn
  • Twitter
  • Facebook
  • Instagram
Privacy Policy•Terms of Service•HIPAA•

© 2026 HealthSquire. All rights reserved. A GradeCircle product.

HIPAA Compliance

Our commitment to protecting Protected Health Information (PHI)

Last updated: May 30, 2026

On this page

  1. 1. Our Commitment
  2. 2. What is HIPAA?
  3. 3. Our Role as a Business Associate
  4. 4. Administrative Safeguards
  5. 5. Physical Safeguards
  6. 6. Technical Safeguards
  7. 7. Breach Notification
  8. 8. User Responsibilities
  9. 9. Compliance Monitoring
  10. 10. Questions or Concerns

Our Commitment

HealthSquire is committed to full compliance with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations. We understand the critical importance of protecting Protected Health Information (PHI) and have implemented comprehensive administrative, physical, and technical safeguards to ensure the security, confidentiality, and integrity of all PHI we handle.

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that establishes national standards for protecting sensitive patient health information. HIPAA requires covered entities and their business associates to implement safeguards to protect PHI and ensure its confidentiality, integrity, and availability.

Our Role as a Business Associate

HealthSquire acts as a Business Associate under HIPAA when we handle PHI on behalf of healthcare facilities (Covered Entities). We enter into Business Associate Agreements (BAAs) with all facilities that use our platform to ensure compliance with HIPAA requirements. Facilities can generate and manage BAAs through our platform; for details see our Data Processing Agreement.

Administrative Safeguards

We have implemented comprehensive administrative safeguards, including:

  • Security Officer: Designated HIPAA Security Officer responsible for overseeing our compliance program
  • Workforce Training: Regular HIPAA training for all employees who may come into contact with PHI
  • Access Controls: Role-based access controls ensuring only authorized personnel can access PHI
  • Audit Logs: Comprehensive logging of all access to PHI for monitoring and auditing purposes
  • Incident Response: Established procedures for identifying, reporting, and responding to security incidents
  • Business Associate Agreements: BAAs with all third-party service providers who may handle PHI

Physical Safeguards

Our physical safeguards include:

  • Secure Data Centers: PHI is stored in secure, compliant cloud infrastructure with physical access controls
  • Workstation Security: Policies and procedures for secure use of workstations and electronic media
  • Device Controls: Controls on the removal of hardware and electronic media containing PHI
  • Facility Access Controls: Limited physical access to facilities where PHI is stored or processed

Technical Safeguards

We employ state-of-the-art technical safeguards:

  • Encryption: All PHI is encrypted in transit using TLS/SSL and at rest using AES-256 encryption
  • Access Controls: Unique user identification, automatic logoff, and multi-factor authentication
  • Audit Controls: Hardware, software, and procedural mechanisms to record and examine access to PHI
  • Integrity Controls: Measures to ensure PHI is not improperly altered or destroyed
  • Transmission Security: Technical security measures to guard against unauthorized access to PHI during electronic transmission

Breach Notification

In the unlikely event of a security breach involving PHI, we will:

  • Notify affected Covered Entities within 60 days of discovery
  • Provide detailed information about the breach and affected individuals
  • Assist with breach notification to affected individuals if required
  • Report to the Department of Health and Human Services (HHS) as required by law
  • Take immediate corrective action to prevent further breaches

User Responsibilities

All users of HealthSquire, including healthcare professionals and facility staff, are responsible for:

  • Maintaining the confidentiality of login credentials
  • Using PHI only for authorized purposes
  • Reporting any suspected security incidents immediately
  • Following all platform security policies and procedures
  • Completing required HIPAA training

Compliance Monitoring

We regularly monitor and audit our HIPAA compliance through:

  • Regular security assessments and penetration testing
  • Internal compliance audits
  • Third-party security reviews
  • Continuous monitoring of access logs and security events
  • Regular updates to policies and procedures

Questions or Concerns

If you have questions about our HIPAA compliance or wish to report a security concern, please contact us:

HIPAA Security Officer: hipaa@healthsquire.com

Phone: 1-800-NURSE-PRO

Address: HealthSquire, 123 Healthcare Way, San Francisco, CA 94102

Important Notice

This HIPAA Compliance Statement is provided for informational purposes. For specific compliance questions or to request a Business Associate Agreement, please contact our HIPAA Security Officer.