The Klara platform is compliant thanks to the safeguards we use to receive, transmit, and store PHI (protected health information). Klara uses AES-128/SSL encryption and exercises physical, technical, and administrative safeguards to protect all messages, files, and data. This means our database is a) stored securely by our web hosting company, with whom we have a BAA, b) encrypted at rest and while data is in transit, and c) accessible only to HIPAA-trained technicians.

These security mechanisms ensure the highest standards of patient confidentiality and overall data protection with regards to PHI, in accordance with HIPAA, HITECH, and other industry regulations.

For providers: there is a HIPAA Business Associates Agreement  (BAA) built into each provider account, which can be accessed here. Acceptance of the BAA is required for provider and staff use of Klara.

For patients: there is an Online Privacy Policy (OPP) built into each patient account, which can be accessed here. Acceptance of the OPP is required for patient use of Klara.

Provider accounts are also equipped with an auto-logout mechanism after 30 minutes of inactivity. In the event of a security breach, Klara personnel will take all necessary measures to report what protected information was disclosed and which unauthorized parties may have gained access to it.

Please write to us from the bubble to the bottom right of this page with any further questions.

Did this answer your question?