How Yapi Leap Helps Your Practice Stay HIPAA-Compliant
At Yapi, we know that protecting patient information is important to upholding federal guidelines and fostering trust between you and your patients. This is why we've put safeguards in place both as a business and through the Yapi Leap web application to keep your patient's information safe. Below, you'll learn about the ways we've made Leap HIPAA-compliant.
Business Associate Addendums - Within our Terms of Use 
, we have a Business Associate Addendum that creates an agreement between us and your practice to safeguard your patient's Protected Health Information (PHI). This applies to all employees that have contact with PHI and makes it possible for our teams to help and guide you while keeping your patients' information protected. All our employees are trained annually on HIPAA laws and their responsibilities to patients, just like we were an extension of your practice.
Upon your request, we can also send you a signed Business Associate Agreement, naming your practice as a Covered Entity and YAPI as a Business Associate. Just send your request to our Billing Team via email at billing@yapicentral.com .
We Protect All Cached Data on Secure Servers - To best serve you, we store some information for Web App features - like patient data, email and text communication, and your practice's schedule - so it's easily available to you when you need it. This data is stored securely through our partner AWS and is protected by HIPAA law through our Business Associate Agreement with them. This ensures they're taking appropriate measures to safely store any and all PHI data.
Individual Logins & Automatic Logout - We require each Leap user to create an individual login and password, giving you the freedom to choose who can (and can't) use it. This also allows you to assign Admin access to some team members and more limited User access to others. And if a staff member leaves your practice, you can deactivate their login without affecting the rest of your team. Users are also logged out automatically after two hours of inactivity to maintain security.
PHI Is Encrypted - When patient information is pulled from your practice server to be displayed on your screen in Leap, YAPI encrypts it on its way there. Once it reaches Leap, YAPI then decrypts it automatically for you to view.
Appointment Details are Stored Securely - Patient appointment information is cached via HIPAA-protected services and we only cache the amount of appointment information needed to best serve you.
Authentication for Online Scheduling - To verify the identity of existing patients in your system, Online Scheduling requires patients to enter their correct birth date to schedule appointments online. Existing patients must also schedule via a unique link sent directly by Leap's automated system.
Authentication & Encryption for Online Forms - If you send forms to patients via email or text, they're required to enter their correct date of birth and ZIP/Postal Code to access any forms you've sent. These forms are also encrypted on their way to the patient and on their way back to you. As soon as they land securely on your practice's office server, Leap unencrypts them for you automatically so you can review and sign them if needed.
Please feel free to contact your Customer Success Manager if you have any questions about our data protection practices. If you need, you can also request a signed copy of our Business Associate Agreement (BAA), naming your practice as a Covered Entity and Leap as a Business Associate. Just send your request to our Billing Team via email at billing@yapicentral.com .