Is My Document Scanning App HIPAA Compliant?

updated on 23 March 2023

Mobile document scanning apps have become a commonly used tool by field clinicians for a good reason. They allow for paper documents, insurance cards, and more, to easily be scanned and sent off to another team member or the back office in real-time.

Products like Adobe Scan, CamScanner, and TurboScan offer this half of the equation - the ability to scan and send documents. However, these and similar apps were developed for consumer use, and they lack the other half of the equation - HIPAA compliance. But what exactly makes a document scanner app HIPAA compliant? Here are a few things to look out for:

  • Will the company sign a BAA?

    Since your patient's PHI will be flowing through a third-party scanning application you're required to have a BAA (Business Associate Agreement) with the company to ensure the basic standards of HIPAA compliance.

    At EncryptScan, we offer a BAA that meets all of the requirements to all of our clients, and we also carry Cyber Liability Insurance.

  • Are your documents encrypted at rest and in transit?

    Just because you've signed a BAA does not mean you are out of the woods. Small practices are increasingly becoming the victims of cyber attacks because oftentimes they are the easiest targets due to antiquated security measures.

    EncryptScan secures your documents at rest using AES256, which was established by the U.S. National Institute of Standards and Technology (NIST) and has been adopted as the standard encryption of the government. During transit, your documents are just as secure through the use of HTTPS and TLS 1.2 or greater.

  • Does the app offer a way to securely upload my documents?

    After a document is scanned, it will need to be delivered electronically to the appropriate team member to continue through your workflow. Not only that, but you'll want a standardized process across your entire field staff.

    Many consumer scanning apps allow for the ability to send over email, export the document to the device, and upload it to various different cloud providers. So many options can quickly spell disaster for the efficiency of your back-office staff, but most importantly, these methods aren't secure and mean sensitive documents could end up in multiple insecure locations, such as an employee's personal Google Drive.

    EncryptScan standardizes the process by allowing upload only to our secure cloud storage where the documents can be immediately accessed by back-office staff from a web browser. 

Stop risking a data breach. Get HIPAA-compliant document scanning now.