HIPAA Compliance

HIPAA Compliance

To: Graphly Users

From: Dustin Lunt, Graphly’s Data Protection Officer

Re: Graphly is HIPAA Compatible


Graphly is pleased to announce that our reporting platform may now be used by HIPAA covered entities and business associates to lawfully store, transmit, and otherwise process protected health information (also known as “PHI”).

To satisfy our growing community of healthcare users, Graphly offers customers the opportunity to execute our standard Business Associate Agreement (or “BAA”) that satisfies the applicable subcontracting requirements under HIPAA and the HITECH Act.

Before using Graphly in support of your HIPAA compliance, be sure to do the following:

  • Configure your Graphly app as a HIPAA app by enabling the HIPAA Security Controls. This setting is located in Account Settings, under the section labeled HIPAA.
  • Indicate what records or fields (if any) you wish to exclude from syncing.
  • If desired, restrict the display of identifiable information in the UI.
  • Once the HIPAA Security Control is enabled, review the BAA below, complete all the required fields, and sign the BAA in accordance with the instructions.
  • Be sure to confirm your email address after you sign. To do this, follow the instructions in the email you receive from Adobe® Sign. This verification email will be sent to the email address you specify when signing the Addendum. If you don’t see the email in your inbox, be sure to check your spam folder.
  • A fully executed copy of the BAA will then be emailed to both parties.

Graphly Business Associate Agreement Addendum

Download BAA


Q: What is HIPAA?
A: The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that sets baseline privacy and security standards for medical information. Click here to learn what types of businesses are regulated by HIPAA.

Q: What does enabling HIPAA security controls do for my application?
A: It signals to Graphly that your application contains HIPAA protected information and/or your are an organization that is regulated by HIPAA.  Enabling HIPPA securing controls creates additional logs of who has accessed the account. No fields other than first and last name, email address and phone number are able to be displayed anywhere outside of the app. 

Q: What does enabling HIPAA security controls do for my application?
A: Answer

Q: What is a Business Associate?
A: People and companies that are hired or contracted by HIPAA covered entities. Graphly is a business associate for our small business customers that are covered by HIPAA and have signed the Graphly Business Associate Agreement Addendum.

Q: Is Graphly HIPAA Certified?
A: There is no such thing as “HIPAA Certified”, but the Graphly software application is compatible with HIPAA, and Graphly complies with HIPAA as a business associate as described in our BAA.

Q: I need advice on how to comply with HIPAA. What should I do?
A: Graphly can’t provide any interpretation of HIPAA as it pertains to a customer’s particular circumstances. If you need help with HIPAA, consult a qualified attorney or legal advisor.

Q: Once I sign the BAA, does that mean I’m automatically HIPAA compliant?
A: HIPAA compliance is complicated, and the act of enabling HIPAA Security Controls in your Graphly app does not alone make your business HIPAA compliant. But Graphly is a HIPAA compatible application and can be used by organizations that are regulated by HIPAA to store, transmit, and otherwise process PHI.

Contact Graphly with any further questions:
1 (480) 454-1535
Monday-Friday 8AM – 5PM MT

Start a 14-Day Trial of Graphly for $1