Security - Notehouse

Secure & Compliant Case Management

Notehouse is HIPAA and GDPR compliant for organizations handling confidential health and social service information. We combine strong safeguards with an interface your team will actually use.

Access Controls

Define exactly who can see what. Role-based permissions and granular access rules ensure that only authorized team members can view, edit, or share protected information.

Encrypted Connections

Data is encrypted in transit and at rest using modern, industry-standard protocols. Sensitive information stays protected whether it's being viewed, stored, or transferred.

Infrastructure Safeguards

Your data runs on hardened, professionally managed infrastructure with continuous monitoring, redundancy, and automated backups.

Audit-Ready Logging

Every action is tracked automatically. Built-in audit trails record logins, updates, and data access events, giving you clear visibility for reviews and internal oversight.

Secure Authentication

Multi-factor authentication and strong credential policies ensure only verified users can access protected data—reducing the risk of compromised accounts.

Continuous Monitoring

Real-time system monitoring and alerting help catch unusual access patterns early, strengthening overall security posture and compliance readiness.

Questions & Answers

What is HIPAA?+

HIPAA is a U.S. federal law that establishes standards for protecting sensitive health information, including details about diagnosis, treatment, and clinical history. It defines who can access protected health information and requires organizations to implement specific administrative, physical, and technical safeguards to keep it private and secure.

Is Notehouse HIPAA-compliant?+

Notehouse can be used in a HIPAA-compliant way when account owners implement the required administrative and procedural measures within their organization. Our platform provides the technical security features needed to support HIPAA compliance, including end-to-end encryption, granular access controls, and comprehensive audit logs.

How can I sign a Business Associate Agreement (BAA)?+

A Business Associate Agreement can be signed during the sign-up process and is also available at getnotehouse.com/baa. The BAA formally documents our responsibilities for safeguarding your protected health information under HIPAA regulations.

What is GDPR?+

GDPR (General Data Protection Regulation) is a European Union law that regulates how personal data of EU residents is collected, stored, and protected. It grants individuals strong rights over their personal data—including the right to access, correct, and delete it—and requires organizations to implement appropriate security measures to protect that data.

Is Notehouse GDPR-compliant?+

Yes, Notehouse is fully GDPR compliant and meets all EU data protection requirements. Our platform includes robust encryption, role-based access controls, and detailed audit logs to help you manage client data securely while meeting your regulatory obligations.

How can I sign a Data Processing Agreement (DPA)?+

When you create an account, accepting the Terms of Service and Privacy Policy also constitutes acceptance of our Data Processing Agreement. No separate signature is required—your acceptance at sign-up is legally binding under GDPR, and the DPA remains in effect for as long as you use the service.

Important information about HIPAA

Notehouse provides tools that can be used in a HIPAA-compliant way, but your organization is responsible for how you configure and use the platform, and for meeting all applicable HIPAA requirements. This page is for general information only and is not legal advice.