The best way to protect patient data? Barely hold any.
applaud is fully HIPAA-compliant — BAA signed with every practice, safeguards enforced in software. But our real advantage is simpler: we were designed to work with almost no data at all. Your clinical records never leave your EHR, because we never ask for them.
- A first name
- A phone number
- An email address (optional)
- The date you added them
That's the entire list. Enough to say “Hi Jane, how did your recent visit go?” — and nothing more.
- Diagnoses or conditions
- Treatments or procedures
- Visit notes or clinical records
- Doctor or provider names
- Appointment details or medical dates
- Insurance or billing codes
Your EHR stays the system of record. applaud is a contact layer, not a records system.
Compliance that's enforced in software, not promised in a PDF.
A BAA with every practice
Our Business Associate Agreement is built into the same signature as your service agreement — you're covered from day one, before a single message sends.
Clinical language is blocked in software
Every outbound message passes a PHI filter that blocks clinical terms before sending. Messages only ever say “your recent visit” — never why anyone visited.
Conversations don't linger
When a patient's review journey completes, the conversation is purged. We keep the outcome, not the chat log — minimum-necessary by design.
Everything is auditable
Every send, opt-out, and staff action lands in an append-only audit log. Opt-outs are enforced instantly and permanently, and messages respect quiet hours.
What this means for your practice
Because a patient's connection to your practice is itself protected information, we treat everything we touch with HIPAA care — BAA, safeguards, audit trail. But since we never hold clinical data, your exposure from using applaud stays as small as it can possibly be. Compliance isn't a feature we added; it's the shape of the product.
This page is a plain-English summary, not legal advice. The binding detail lives in your BAA & HIPAA terms.