SettleTrack SettleTrack
HomeWhy SettleTrackFeaturesSolutionsHow It WorksFAQ
Log inRequest Demo

HIPAA Notice

Effective date · July 13, 2026

SettleTrack is Letter of Protection (LOP) case management software used by personal injury attorneys, ER facilities and notaries. Because LOP cases involve patient information, parts of the data processed in the Service constitute protected health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA). This notice explains the role we play and the safeguards we maintain.

Our role under HIPAA

When an ER facility (a covered entity) or a law firm handling PHI uses SettleTrack, we act as a business associate. We process PHI only to provide the Service, under the terms of a Business Associate Agreement (BAA) executed with the customer. We make BAAs available to every customer whose use of the Service involves PHI.

Note for patients: SettleTrack does not treat patients and does not decide how your health information is used. If you have questions or requests about your health information (access, amendment, restriction or an accounting of disclosures), please contact the healthcare provider or law firm handling your case — we support them in fulfilling those requests.

How we safeguard PHI

SettleTrack is designed around the HIPAA Security Rule's administrative, physical and technical safeguard requirements:

Technical safeguards

  • Encryption in transit — TLS 1.2 or higher on every connection.
  • Encryption at rest — AES-256 encryption for PHI fields, with managed key rotation.
  • Role-based access control — least-privilege by design; a notary never sees billing detail, and a front desk never sees settlement terms.
  • Audit trails — every access to and modification of PHI is timestamped and attributed to a named user, and export-ready when an auditor or court asks.
  • Session controls — automatic session timeout and secure authentication.

Administrative safeguards

  • Access is provisioned per role and per organization, and revoked promptly when no longer needed.
  • Security practices are reviewed on an ongoing basis and modeled on recognized control frameworks.
  • Workforce access to production PHI is restricted, logged and reviewed.

Data handling practices

  • PHI never appears in system logs, error messages or analytics.
  • PHI is never used for marketing or advertising and is never sold.
  • Only the minimum necessary information is requested and displayed for each role's task.
  • Encrypted backups support recovery without weakening confidentiality.

Subcontractors

Where infrastructure providers (such as cloud hosting, database or file storage) may handle PHI on our behalf, we put appropriate agreements in place so HIPAA obligations follow the data downstream.

Breach notification

In the unlikely event of a breach of unsecured PHI, we will notify affected customers without unreasonable delay and within the timeframes required by the HIPAA Breach Notification Rule and our BAAs, and we will cooperate fully in investigation, mitigation and any required notifications.

A note on terminology

HIPAA does not provide a government “certification” for software. SettleTrack is built and operated to support our customers' HIPAA compliance obligations as described above; each customer remains responsible for their own policies, workforce training and appropriate use of the Service.

Contact us

For questions about this notice, our safeguards, or to request a BAA, email hello@settletrack.io. See also our Privacy Policy and Terms of Service.

SettleTrack

LOP management software for attorneys, ER facilities and notaries.

PRODUCT

FeaturesHow It WorksWhy SettleTrackResources

SOLUTIONS

For AttorneysFor ER FacilitiesFor NotariesReferral Partners

COMPANY

What is an LOP?FAQRequest DemoContact

LEGAL

Privacy PolicyTerms of ServiceHIPAA Notice
© 2026 SettleTrack. All rights reserved. settletrack.io