The short answer is Yes. We meet the administrative, physical and technical safeguards as required by HIPAA, with the exception of data encryption, which is not a ‘required’ element of HIPAA. While we do encrypt passwords, we do not encrypt all data stored on our servers. Data transmission is done via HTTPS. The business associate agreement should be assessed by your compliance legal department, and a signed copy can obtained from us.