Clinify is now HIPAA compliant for clinics using our US data residency region.

What this means

The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient data in the United States. Compliance means we meet the requirements for how protected health information (PHI) is stored, transmitted, and accessed.

Clinics that select US East as their data residency region will see a HIPAA compliant badge in their settings — confirming that their patient data is handled in accordance with HIPAA's Privacy, Security, and Breach Notification Rules.

What we've done

• Encryption at rest and in transit for all clinical data in the US region
• Access controls ensuring only authorized users can view patient information
• Audit logging for access to protected health information
• Data retention controls that align with HIPAA's minimum necessary standard
• Business Associate Agreements (BAAs) with all third-party sub-processors handling PHI

Who this applies to

Any clinic that has selected US East as their data residency region. If you haven't set a region yet, go to Clinic Settings > Data Residency to choose one.

This builds on our existing compliance work — including Australian Privacy Principles compliance and data residency controls — as we continue expanding support for regional regulatory frameworks.

Updated Policies

We've updated our Privacy Policy to reflect our HIPAA compliance obligations and data handling procedures for the US region.