Skip to main content

Enabling HIPAA Compliance in Read AI Workspaces

Updated

Available In: Enterprise+

If your organization requires HIPAA compliance, this guide explains the steps necessary to configure your Read Workspace appropriately. 

Overview

Setting up your Read AI workspace for HIPAA compliance process involves three key steps:

1. Ensuring you're organization is on the Enterprise+ plan (10 license minimum)

2. Signing of a Business Associates Agreement, which outlines the responsibilities and obligations for HIPAA compliance.

3. Working with your Account Manager to verify your Workspace settings and permissions are properly configured for a HIPAA compliance.

Unsure who your Read AI Account Manager is? Contact support@read.ai for assistance

HIPAA Requirement Read AI Setting
Access Control + Unique User Identification
  • Enable Domain Capture to prevent unauthorized signups from your domain
  • Enable SAML-based SSO 
  • Verify your Workspace's Domain
Data Integrity Controls
  • Disable Meeting Report Downloads
  • Adjust Report Distribution Settings to 'No Access' for Internal and External Participants
  • Disable Public Link Access and Domain Discovery
  • Disable distribution of Meeting Recaps, Pre-Reads, Topic Summaries, and Live Meeting Dashboard Links
  • Select appropriate Integrations available to your users at the Workspace level
Data Retention
  • Data Retention settings can be configured by your Account Manager, for instance automatically deleting Meeting Reports after 30 days. Without a Data Retention period set, your Meeting Reports will be retained for as long as your Read AI account is active
Emergency Access
  • Workspace user audit log can be provided upon request to your Account Manager
Transmission Security
  • Customer data is encrypted at rest using at least AES-256
  • Data is encrypted in transit with TLS 1.2 or greater.

 

Additional Information and Best Practices

  • Your default workspace permissions will be customized to minimize the potential for improper sharing or viewing of ePHI
  • A Business Associates Agreement (BAA) is required to enable HIPAA support
  • Do not include ePHI in:
    • Meeting Titles
    • Calendar events/descriptions
    • Support tickets

Related articles