Data Security (CJIS and HIPAA Compliance)

LawVu enables you to operate your legal workspace in accordance with your HIPAA compliance obligations. HIPAA is a federal regulation developed by the United States Department of Health and Human Services. It is designed to protect the privacy and security of people's protected health information (PHI or ePHI).

HIPAA applies to covered entities and business associates that create, receive, maintain, access, or send PHI or ePHI. It is your responsibility to ensure your compliance with HIPAA and determine whether you must enter into a Business Associate Agreement (BAA) with LawVu.

The BAA outlines the terms and conditions for safeguarding PHI or ePHI. Under HIPAA, LawVu is considered a business associate. Therefore, a BAA must be signed before you upload PHI or ePHI to the LawVu services. To request a BAA, your Organization Admin should email legal@lawvu.com.

The sections below explain how to configure LawVu settings to ensure your workspace is used in a HIPAA-compliant manner.

In this article:

When two-factor authentication is enabled, users will see a modal window during sign-in that requires them to enter a verification code sent via email.

Note: Organization administrators can disable this feature. Click here to learn more.

Where CJIS compliance is required, the banner appears after sign-in. It informs the user that their activities in LawVu may be monitored and recorded by their organization's personnel. If monitoring reveals evidence of possible criminal activity, the organization may provide the evidence to law enforcement officials. A user cannot use LawVu without clicking 'consent and continue.'

LawVu will apply settings to restrict the sharing of information with third parties via the email functionality in the LawVu platform.

The matter or contract name, as well as the content of conversations or assignments, will be removed from all email notifications sent from the LawVu platform.

To enhance security, Organization Administrators can configure LawVu to automatically log out inactive user accounts after a set duration.

By default, LawVu automatically logs out users after 10 minutes of inactivity, calculated from their last click. Upon automatic logout, users must log in again and be reauthenticated. They will then be redirected to the exact page they were on before the inactivity timeout.

Organization Administrators can adjust this inactivity timeout from 5 to 30 minutes to align with their organization's workstation security policies.

Please note: The inactivity timeout feature cannot be disabled.

Your security settings in LawVu can be accessed from Organization Settings > General Settings > Security.

LawVu enables you to operate LawVu in accordance with your CJIS compliance obligations. The Criminal Justice Information Services (CJIS) Security Policy is a comprehensive set of guidelines and requirements established by the U.S. Federal Bureau of Investigation (FBI). The CJIS Security Policy is designed to protect the confidentiality, integrity, and availability of Criminal Justice Information (CJI), which is sensitive data used by law enforcement and criminal justice agencies.

It is your responsibility to ensure you meet CJIS compliance requirements. Before you upload CJI to the LawVu Services, you will need to make sure that you enter into the appropriate contractual terms with LawVu, including purchasing the LawVu Services in our US Government Stack.