Signup status
Self-serve signup is unlocked for HIPAA-covered categories including medspa, mental health, optometry, nutrition, and other clinical businesses.
UnlockedHIPAA-covered businesses can start, with clinical safeguards still on.
PointMintz now allows medspa and healthcare-scope self-serve signup while keeping HIPAA category detection active for consent, audit, encrypted PHI surfaces, role controls, training, and retention workflows. Tenant owners remain responsible for their own covered-entity obligations and for executing any required BAA package before processing live PHI.
Safeguard status
HIPAA-covered category detection remains active, so clinical businesses keep the higher-safeguard workflow.
Controls activeEvidence status
BAA, encryption, audit-log, and vendor-risk evidence belongs in private operational records, never committed to source control.
Private evidenceControls wired today
- HIPAA-covered category detection in the compliance helper.
- Clinical consent templates and staff training gates.
- Encrypted clinical notes and appointment-photo paths for HIPAA-covered tenants.
- Clinical audit-log, disclosure-accounting, and BAA-tracking admin routes.
- Tenant Compliance Dashboard status rollup.
What still requires operational proof
- Executed BAAs with applicable infrastructure and communications vendors.
- Tenant-specific policies for PHI handling, staff access, and incident response.
- Encryption-at-rest evidence and PHI access-log verification retained outside Git.
- Counsel review before marketing any tenant as HIPAA compliant.
Related trust pages
Security overview · Trust center · Privacy policy · DPA summary · Sub-processors