HIPAA & Data Compliance

PowerZone is designed to support therapists and coaches in building and scaling their business, including features that can be configured to support HIPAA compliance.

HIPAA-Enabled Accounts

HIPAA compliance is not automatically enabled on all accounts.

To use PowerZone in a HIPAA-compliant way:

You must ensure your account has HIPAA mode activated

A Business Associate Agreement (BAA) must be in place Read and sign the document here to be the HIPAA Complaint

You must follow proper handling of Protected Health Information (PHI)

If you are unsure whether your account is HIPAA-enabled, please contact support immediately.

Our Role

PowerZone operates as a Business Associate using secure infrastructure provided by HighLevel.

We have a signed BAA with our platform provider to ensure:

Secure handling of data

Appropriate safeguards

Compliance-ready infrastructure

Your Responsibility (VERY IMPORTANT)

Users are responsible for:

Ensuring HIPAA settings are enabled

Using the platform in a compliant manner

Managing how PHI is collected, stored, and shared

Ensuring email/SMS communications meet HIPAA requirements

Important Limitations

Not all communication channels are automatically HIPAA-compliant - including email, SMS, and certain automation workflows.

While PowerZone provides the infrastructure and tools to support HIPAA-compliant operations, compliance depends on how those tools are configured and used.

Email & SMS Communications

Standard email and SMS are not inherently secure or encrypted in a way that guarantees HIPAA compliance.

To use these channels compliantly, you must:

Obtain proper client consent where required

Avoid transmitting sensitive Protected Health Information (PHI) unless safeguards are in place

Ensure your workflows align with HIPAA privacy and security standards

Automation & Workflows

Automations (including follow-ups, reminders, and pipelines) must be configured carefully.

Improper setup may result in:

Unintentional sharing of PHI

Data being sent through non-secure channels

Breaches of client confidentiality

Account Configuration Matters

HIPAA compliance is only supported when:

HIPAA mode is properly enabled

Required agreements (such as a BAA) are in place

Security settings are correctly configured

If these are not set up correctly, your account should not be used to store or transmit PHI.

What PowerZone Does NOT Do

PowerZone does not:

Monitor or control how you use PHI

Automatically prevent non-compliant communication

Guarantee compliance based on platform access alone

Your Responsibility as the User

You are fully responsible for:

How client data is collected, stored, and shared

Ensuring your communication methods are compliant

Training your team (if applicable) on proper data handling

Following all applicable HIPAA regulations

The Reality (plain English)

PowerZone gives you the engine.

But if you drive it off-road with client data… that’s on you.

Business Associate Agreements

If you require a BAA for your practice, Read and sign the document here to be the HIPAA Complaint