![MediSprout_Logo_Dark.png]](https://knowledge.medisprout.com/hs-fs/hubfs/MediSprout_June2019%20Theme/Images/MediSprout_Logo_Dark.png?height=40&name=MediSprout_Logo_Dark.png){kind=logo}
Secure and HIPAA-compliant video visits.
MediSprout is built from the ground up to protect patient health information (PHI) and meet U.S. healthcare privacy and security standards. This article summarizes how MediSprout meets HIPAA and HITECH requirements, the security measures in place across the platform, and what patients and providers should know about how their data is handled.
Regulatory compliance
- HIPAA — the MediSprout platform meets all standards and guidelines dictated by the Health Insurance Portability and Accountability Act of 1996. That includes provisions for electronic healthcare transactions and code sets, unique health identifiers, and security.
- HITECH — MediSprout is also compliant with the 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act, which strengthens HIPAA's privacy and security provisions.
- Business Associate Agreement (BAA) — MediSprout signs a BAA with healthcare organizations that use the platform, formalizing the safeguards both parties commit to in handling PHI.
How MediSprout protects your data
In transit
- All connections between your device and MediSprout are encrypted using industry-standard TLS (HTTPS).
- Video visits and chat are delivered over encrypted channels — audio, video, and messages are not exposed in transit.
At rest
- Data stored on MediSprout servers is encrypted at rest, including patient records, notes, audio, and documents.
- Backups are encrypted with the same standards as the primary data store.
Access controls
- Role-based access — patients see only their own information; providers, administrators, schedulers, and billers each have specific capabilities and visibility scoped to their organization.
- Two-factor authentication (2FA) is supported on sign-in for added account protection. Some organizations may require it.
- Sessions expire automatically after a period of inactivity to limit risk on shared devices.
Audit and monitoring
- System access and changes to records are logged for audit purposes.
- Administrators within an organization have visibility into who has access to patient information and can manage that access through the personnel features.
Patient transparency and AI consent
MediSprout is transparent with patients about how their data is used. From My Information → Privacy, patients can:
- Review the Notice to Patients on the use of Artificial Intelligence in MediSprout.
- Grant or withdraw consent for AI-powered features (such as AI Notes) at any time.
AI features only run on a patient's visit after the patient has granted consent. For more, see the article How to use AI Notes.
Infrastructure and scaling
MediSprout's infrastructure is designed to scale with your organization while maintaining compliance and security integrity at every step. Adding new providers, patients, or services does not weaken the security posture — controls are applied automatically to new accounts.
Want more information?
Contact MediSprout support using the chat function in the same window you are using or call +1 866-896-1431. For specific compliance questions or to request a copy of our Business Associate Agreement, email support@medisprout.com.