Security and HIPAA at Case Log Pro

At Case Log Pro we take the security of Protected Health Information (PHI) seriously.

Encryption PHI is encrypted at rest using AES-256-GCM and in transit over HTTPS/TLS. We do not store or transmit PHI in plain text.

Access control Access is tied to authenticated users and sessions. We support optional app lock and biometrics on device. Session timeouts and secure logout help protect shared devices.

Audit logging Every access to PHI is logged: who, what, when, and from where. Logs are retained for 6 years and monitored for suspicious activity.

Data retention and deletion We retain PHI and audit logs according to HIPAA and our policy. When you delete your account, we delete or anonymize data subject to legal retention. We never sell your data.

Business Associate Agreements (BAAs) If you are a Covered Entity under HIPAA and will disclose PHI to us, a BAA may be required. Contact us at contact@caselogpro.com to execute a BAA before using the Service with PHI.

For security or compliance questions, reach out anytime.