ClinicTracker EHR meets all the requirements to provide your organization with HIPAA compliant security for your patients.


  • Industry-Standard Security Measures

    Meets HIPAA's "Minimum Necessary Requirement"

    Automated backups and database maintenance
    Click For Product Screenshots

We understand that securing your Electronic Health Records is about more than simply safeguarding data. It's about protecting the people you serve. We help you preserve the privacy and security of each client's chart and other Protected Health Information (PHI) by:

  • Controlling Access: Only authorized people in designated roles have access to relevant patient records (what, in HIPAA parlance, is termed the "Minimum Necessary Requirement")
  • Instituting Multiple Safeguards: Password protection, idle timeouts, automatic logouts, and secure server access 
  • EHR Caretaking: Daily backups ensure that you don't lose patient information due to technical glitches or user error

Controlled Access

The HIPAA Privacy Rule dictates that access to patients' protected health information should be reasonably limited to the minimum number of people necessary to accomplish your intended purpose (learn more). ClinicTracker offers many ways for you to limit your staff members' access to various parts of the EHR. You can also configure which users can see which patient records. Some examples of how you can use ClinicTracker's security features are:

  • Restrict a staff member who works in Location A from accessing patient records in Location B
  • Allow an administrative assistant to enter demographic information, but only view progress notes
  • Give permission for a compliance officer to view documentation, but not make changes
  • Confine access to the records of staff who participate in an Employee Assistance Program
  • Preclude a particular clinician from viewing  information about patients on someone else's caseload


The HIPAA Security Rule requires each covered entity to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting electronic protected health information (learn more). ClinicTracker helps you meet these requirements by providing you with the ability to:

  • Specify individual user system access and edit permissions
  • Limit patient record access in a variety of ways
  • Require a password at each log in
  • Specify your password complexity, age, and history requirements
  • Lock users out of the EHR after a number of incorrect password entries or after a number of days of inactivity
  • Review audit logs to see a history of who has viewed, saved, exported, printed, or deleted a patient record

EHR Caretaking

Loss of patient information is simply unacceptable. We protect your agency's information by running daily maintenance routines and creating nightly backups. If you access ClinicTracker from our Hosting Service, we completely manage backup retention and offsite storage for you. If your software is installed locally, you are only responsible for ensuring that the nightly backups are securely stored to an off-site location.