To main content

Confrere is HIPAA compliant

Confrere makes it easy to offer telemedicine services on video in full compliance with HIPAA


...or see pricing

With Confrere, you can be certain your patients’ health information is handled in an ethical, respectful and lawful manner, and that you comply with HIPAA (Health Insurance Portability and Accountability Act) when offering your services over video. (Anyone conducting healthcare services in the US is required to comply.)

Business Associate Agreements

We provide a Business Associate Agreement (BAA) for each Confrere organization that operates within the American healthcare sector.

The BAA protects you (the covered entity) and requires that we (the business associate) handle all Protected Health Information disclosed via Confrere in accordance with the Privacy Rule.

See an example of our BAA.

Protected Health Information

Protected Health Information (PHI) and electronic Protected Health Information (ePHI) is any information about health, healthcare provision or payment for healthcare that can be linked to an individual. We do not permanently store health information, and any information that links visitors to a single Confrere is automatically deleted after 2 years. This period of time can be set to as low as 1 day by the individual Confrere organization.

Health information exchanged between a professional and a patient or client is completely secure.

Secure video calls

Confrere video call are encrypted end-to-end. Only the two parties involved in a call have access to it. It cannot be listened in to digitally or accessed by a third party.

Safeguarding your privacy

We don’t track visitor browsing patterns through third-party tools in video calls, nor do we set any marketing cookies for remarketing (ads that follow you based on the knowledge that you have visited a certain website) or analytics use.

We never ask for data you won’t need, and we don’t store it longer than necessary.

We do risk assessments and security audits

We regularly do risk assessments with the healthcare sector in mind. You may request to see our risk assessment documentation. We also do regular security audits to continually improve our security. Our last such audit was done by Ernst&Young in 2019.

Anonymization of personal info

Personal information is automatically removed from email and text message notifications for Confrere organizations in the healthcare sector.

Support and payment

Our support personnel does not have access to personal information about visitors. They can only see technical metadata to help with troubleshooting, such as browser make and version, operating system and network quality. This is automatically deleted after 14 months. Visitors areencouraged to remain anonymous and not disclose personal information in technical support conversations.

We offer up-front payment with credit and debit cards through Stripe. We do not offer additional services like invoicing or financial analytics.

Questions and feedback

We are always grateful to those who take the time to point out what we’re not doing well enough. It’s our strongly held belief that business should be conducted in an ethical and respectful manner, and that includes adhering to the spirit and not just the letter of the law. If you think we could do a better job with health information privacy, please let us know so we can improve.

You can also read about our security and how we make a tool that can be used by anyone.

Questions?

Get in touch with Svein Willassen. He speaks to new and existing customers every day, and is part of Confrere's founding team.