HIPAA Standards & Data Security

Built to protect sensitive medical records from day one.

Our approach to data security

When attorneys trust us with medical records, they're trusting us with some of the most sensitive information that exists. We take that seriously.

Our platform is built to HIPAA Security Rule standards from the ground up. We operate on AWS with a signed Business Associate Agreement and carry cyber liability and errors & omissions insurance.

Encryption

All documents are encrypted at rest using AES-256 encryption—the same standard used by financial institutions and government agencies.

All data in transit is encrypted using TLS—the same protection used by online banking.

Document access links expire automatically. There are no permanent links to medical records.

Access controls

Every account requires multi-factor authentication (a code sent to your email in addition to your password).

Attorneys, nurses, and firm owners each have distinct roles with separate dashboards and capabilities.

Account registration is admin-only. No one can create their own account.

Each firm's data is completely isolated at the database level. No firm can access another firm's records through the application.

Audit trail

Every time a document is accessed, downloaded, or modified, it's logged.

Audit logs are retained for seven years in a dedicated, encrypted archive.

System logs are automatically scrubbed of patient information before storage.

Data integrity

Documents are versioned—every change creates a new version, and previous versions are preserved.

The database supports point-in-time recovery, so data can be restored to any moment in the event of an issue.

Threat detection

Automated threat monitoring runs continuously across the platform.

A web application firewall with rate limiting protects against common attacks.

Questions about security?

Contact us at security@casenurse.com or book a demo to discuss your firm's requirements.

Compliance documentation and security questionnaires are available to prospective and current clients.

This page describes the technical security controls implemented in the Case Nurse platform. It is provided for informational purposes only and does not constitute a warranty, certification, or compliance attestation. The processing of customer data is governed exclusively by the agreements executed between Case Nurse and each client. For questions about our security practices, contact security@casenurse.com.

Learn more about Case Nurse

About Meet the team behind Case Nurse FAQ Common questions answered