How Knack can Help you Build a HIPAA Compliant App

How Knack can Help you Build a HIPAA Compliant App

Knack enables healthcare professionals, law firms, business professionals, and more to build no-code HIPAA-compliant apps seamlessly. From data management to custom CRMs, Knack provides a secure back-end environment so that you can be sure you’re protecting your patients.

What is HIPAA?

Anyone who provides treatment, payment, or operations in healthcare, as well as anyone who has access to protected health information (PHI) or provides support in treatment, payment, or operations in healthcare, is subject to the requirements of the US law, HIPAA. These covered entities and business associates are responsible for ensuring their compliance with the law. Unfortunately, we are unable to provide advice on whether or not an individual or organization needs to be HIPAA-compliant, but we can help you build a HIPAA-compliant app.

Knack and HIPAA Compliance

Healthcare, business, and law professionals are using Knack functionality to stay HIPAA compliant through a variety of use cases.

Patient Data Management and Online Databases

There are many healthcare professionals who are still working off of spreadsheets for data management. Spreadsheets are wonky, don’t always show realtime data, and won’t integrate with the rest of your automated workflows. By building an online database with Knack, you can be sure that private information like birth date, illnesses, credit card information, and more are kept secure.

Patient Portals

In this digital age, patients expect their healthcare provider to offer a patient portal web app. Patient portals allow patients to schedule appointments, send notifications for reminders, get their FAQs answered in a secure environment, and get healthcare news all in the same app.

Knack is ideal for building HIPAA compliant patient portals due to our secure user login functionality, multi-factor authentication requirements, protected servers, user-friendly formats, and more.

View ourcustomer portal template here >>

Custom CRMs

With no-code to low-code development, Knack customers are building their own HIPAA compliant CRMs at a fraction of the cost of more common CRMs. Healthcare professionals who want to take their online database one step further can develop it into a full-scale CRM, meaning better workflows and streamlined processes.

Inventory Management

Inventory management is a use case we often see built out as an expansion of a provider’s custom CRM or online database. It can be difficult to run a full-scale medical office, but inventory management can help you. Plus, instead of using different systems for patient management and inventory management, you can store everything in Knack.


Knack also has a variety of integrations when leveraging Zapier or Make, so that you can plug your Knack app right into your workflow and other automations. Our API is made so that you can keep building your app to fit any need you may have.

HIPAA Compliance Regulations

Knack customers who wish to store PHI in their applications must ensure they are HIPAA compliant. As per HIPAA regulations, Knack is the Business Associate and the customer is the Covered Entity. To ensure the PHI is properly protected, both parties must abide by the explicitly defined terms, policies, and security measures set forth by HIPAA. This relationship is governed by a Business Associate Agreement (“BAA”).

Some key components of the BAA include outlining the following:

  • Knack’s compliance with HIPAA standards as outlined by the Federal Department of Health and Human Services.
  • Knack’s obligations and activities with regards to PHI, including security safeguards and breach reporting.
  • Knacks’ permitted uses and disclosures with regards to PHI.
  • Your obligations and requirements as a Covered Entity.

What makes Knack plans HIPAA compliant?


Knack values the security of our customers’ data as sacred. We’ve built our platform to safeguard Knack users from hacking or data leaks.

  • HIPAA-only hosting on a security-enhanced infrastructure in Amazon’s cloud that meets the strictest government security requirements (GovCloud)
  • Additional logging and auditing around all data access
  • End-to-end data encryption
  • Minimum password requirements in the Builder and Live Application
  • Inactivity timeout – automatic logout after 15 minutes of inactivity in the Builder
  • Live App force HTTPS redirect – all communication between your browser and the website is encrypted

We have internal policies that cover the key topics required to be HIPAA compliant, including accounting of disclosures, incident response, identity and access management, and so forth.


“Logging” refers to tracking and documenting events that happen in software. Logging can happen to document errors, but it also helps developers of all skill levels keep track of changes being made. Knack focuses on logging for securiy by:

  • Logging to monitor activity by internal users (Note: all logging is for internal use only.)
    • Logon successes and failures
    • Password changes
    • Additions/deletions/changes to user and/or group access
    • Logon attempts for disabled, service, system and non-existing accounts
    • VPN activity
  • System and application crashes, shutdowns, restarts, and critical errors
  • Additions/changes/deletions to network services
  • Changes to system and other key files
  • Application installs and updates
  • Database backups

HIPAA Compliance Database Solution Guide

Download our full guide on HIPAA Compliance