PathwayNotes HIPAA Compliance: What It Means for Your Practice

HIPAA Compliance Overview

PathwayNotes is designed for clinical use where protected health information may be involved. When a covered entity uses PathwayNotes with PHI, HIPAA-related responsibilities are addressed through the PathwayNotes Business Associate Agreement.

HIPAA refers to the federal law and related rules that protect certain health information. PHI means Protected Health Information. ePHI means Electronic Protected Health Information.

The BAA explains the responsibilities of PathwayNotes as the Business Associate and the accepting provider or organization as the Covered Entity. It covers permitted uses and disclosures of PHI, safeguards, breach reporting, subcontractors, access and amendment support, termination, and data export.

The BAA states that PathwayNotes uses reasonable and appropriate safeguards, including encryption of ePHI in transit and at rest, access controls, audit logging, workforce training, and a written information security program.

Clinicians and practice administrators should review the official BAA before using PathwayNotes with protected health information.

    • Related Articles

    • What Clinicians Can See — and What Stays Private for Clients

      What clinicians can see All journal entries the client has shared (Shared with counselor toggle is on), mood selections, weekly and monthly summaries, all messages exchanged between the client and the AI, all direct messages to the clinician, ...

    • How Content Awareness Flags Work

      WEB APP ONLY Content Awareness Flags are a clinician web dashboard feature only. They do not appear in the iPhone app for clinicians or clients. Content awareness runs silently on every journal entry and message submitted. The AI scans for language ...

    • The Business Associate Agreement (BAA)

      A Business Associate Agreement, or BAA, is a HIPAA-related agreement between a covered entity and a service provider that may create, receive, maintain, or transmit protected health information on the covered entity’s behalf. The PathwayNotes BAA ...

    • Data Handling, Storage, and Protection

      PathwayNotes handles account information, login information, journal entries, mood selections, messages, assessment information, client profile information, AI-generated summaries or insights, and protected health information when used by a covered ...