Table of Contents
The Gnosis platform its-self is HIPAA compliant, hosted in a HIPAA certified data center, and includes HIPAA-level back-end security standards.
Gnosis can also be configured to enforce compliance with HIPAA operational standards if the client's CPO notifies us of that requirement. Thirty days after such notification, we will formally provide Gnosis services as a HIPAA-defined Business Associate.  Fee's apply for such enforcement and are outlined below.
While most of our clients are content with our system operating in a HIPAA compliant environment if an organization wants to increase the level of security applicable to their system, any of the following options may be enabled without enforcing full HIPAA compliance:
  • All user passwords may be forced to expire and users are prompted to choose new complex passwords for access to Gnosis
  • User accounts may auto-logout after specified minutes of inactivity.
  • Participant/Donor/Volunteer auto-login functionality via Gnosis emails and text messages may be disabled.

Operating a Gnosis system with enforced HIPAA compliance includes periodic HIPAA security and compliance audit reports provided to the client organization's CPO, enforces all of the above security options.  This incurs a HIPAA configuration fee ($750 as of the date of this article) that covers the initial configuration of the system and the setup of security audits.  Thereafter, a monthly fee (currently $125) is charged for regular systems audit reporting and monthly compliance management reporting to the client's CPO.

If you wish to activate enforced HIPAA compliance mode for your system, please request your designated CPO to send an email to with the request.



Please sign in to leave a comment.