The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach notification Rule, and Health Information Technology for Economic and Clinical Health Act) ("HIPAA"), requires Covered Entities and Business Associates
to take certain measures to protect health information that can identify an individual. It also provides certain rights to individuals.
Qntrl does not collect, use, store or maintain health information protected by HIPAA for its own purposes. However, Qntrl provides certain features (as described below) to help its customers use Qntrl in a HIPAA compliant manner.
HIPAA requires Covered Entities to sign a Business Associate Agreement (BAA) with its Business Associates. You can request our BAA template by sending an email to
HIPAA compliance in Qntrl
Workflows of health care organizations can be automated using Qntrl and hence safely preserving the electronic health records of these organizations in Qntrl is crucial.
To ensure the security of your information, we support the following actions in Qntrl:
Mark ePHI (Electronic Protected Health Information) or Encrypt fields in forms.
Set roles and privileges for users.
Export audit logs to monitor operational activities.
Mark ePHI or Encrypt fields in forms
You can mark a field as ePHI if it contains the health information of your customers or patients. ePHI field values will be
, both in transit and at rest.
To mark fields that contain personal health data:
Select the Orchestration from the list.
You will be navigated to
Step 1: Create Form. Hover over the field that you would like to mark as PHI and select .
in the dropdown.
Toggle the button next to Encrypt or PHI to turn it ON/OFF.
Confirm your action and click
Set roles and privileges for users
Each user added to Qntrl can be set a
based on which their level of data access will depend in the Qntrl organization. Additionally, each field in the form can also be set privileges for
read or write access
Audit log allows you to track the actions executed by users in your organization along with a trail of automated events that are configured to be triggered. If you want to preserve this log for a long period, you can periodically export it using the
Export Audit Log
If you have any other queries on the features of Qntrl that supports HIPAA compliance, please email us at