Health Insurance Portability and Accountability Act (HIPAA)
LawVu enables you to operate LawVu in accordance with your HIPAA compliance obligations. HIPAA is a federal regulation developed by the United States Department of Health and Human Services. It is designed to protect the privacy and security of people's protected health information (PHI or ePHI).
HIPAA applies to covered entities and business associates that create, receive, maintain, access or send PHI or ePHI. It is your responsibility to ensure your compliance with HIPAA and determine whether you must enter into a Business Associate Agreement (BAA) with LawVu.
A BAA is a written contract between a business associate and a covered entity or another business associate. The BAA outlines the terms and conditions to ensure PHI or ePHI is appropriately safeguarded. Under HIPAA, LawVu is considered a business associate. A BAA must be signed before you upload PHI or ePHI to the LawVu Services. To sign a BAA, the Organisation Admin may email legal@lawvu.com.
In the sections below, we will discuss configuring the settings in LawVu to ensure you are using LawVu in a HIPAA-compliant manner.
In this article:
Signing in to LawVu β Two-factor Authentication
When two-factor authentication is enabled, users will encounter the following modal window when signing in, where they will be required to enter a verification code received via email.
Note: Organization administrators can disable this feature; click here to learn more.
Login Statement
The banner appears after sign-in and lets the user know they are subject to having their activities in LawVu monitored and recorded by their organization's personnel. If monitoring reveals evidence of possible criminal activity, the organization may provide the evidence to law enforcement officials. A user cannot use LawVu without clicking 'consent and continue.'
Disable sending User Data via email from LawVu
LawVu will apply settings to restrict information from LawVu from being shared with any third parties via the email functionality in the LawVu platform. This includes:
Permanently disabling external communication tools in LawVu.
Ensuring the email address of a matter, contract or associated conversation is not available to be shared.
Eliminating the option to share files by sending them via email. For example, users can no longer share a contract document or a file within the 'Files' tab of a Matter by sending them via email.
Users will still be able to shares documents via email with other LawVu users in the organisation.
Disable sending User Data in email notifications
LawVu will apply settings to remove certain information from all email notifications sent from the LawVu Platform, such as the matter or contract name, and the content of conversations or assignments, when an email notification is sent from the LawVu Platform. To see the contents of the email notification, a user must log in to their LawVu account.
Setting the Inactivity Period
To enhance security, Organisation Administrators can configure LawVu to automatically log out inactive user accounts after a set duration.
By default, LawVu automatically logs out users after 10 minutes of inactivity, calculated from their last click. Upon automatic logout, users must log in again and be reauthenticated. They will then be redirected to the exact page they were on prio to the inactivity timeout.
Organization Administrators can adjust this inactivity timeout from a minimum of 5 minutes to a maximum of 30 minutes to align with their organization's workstation security policies.
Note: The inactivity timeout feature cannot be disabled.
Your security settings in LawVu can be accessed from Organization Settings > General Settings > Security.
CJIS
LawVu enables you to operate LawVu in accordance with your CJIS compliance obligations. The Criminal Justice Information Services (CJIS) Security Policy is a comprehensive set of guidelines and requirements established by the U.S. Federal Bureau of Investigation (FBI). The CJIS Security Policy is designed to protect the confidentiality, integrity, and availability of Criminal Justice Information (CJI), which is sensitive data used by law enforcement and criminal justice agencies.
It is your responsibility to ensure you meet your CJIS compliance and before you upload CJI to the LawVu Services, you must ensure that you enter into the appropriate contractual terms with LawVu, including purchasing the LawVu Services in our US Government Stack.