Data Security (CJIS and HIPAA Compliance)

LawVu enables you to operate LawVu in accordance with your HIPAA compliance obligations. HIPAA is a federal regulation developed by the United States Department of Health and Human Services. It is designed to protect the privacy and security of people's protected health information (PHI or ePHI).

HIPAA applies to covered entities and business associates that create, receive, maintain, access or send PHI or ePHI. It is your responsibility to ensure your compliance with HIPAA and determine whether you must enter into a Business Associate Agreement (BAA) with LawVu.

A BAA is a written contract between a business associate and a covered entity or another business associate. The BAA outlines the terms and conditions to ensure PHI or ePHI is appropriately safeguarded. Under HIPAA, LawVu is considered a business associate. A BAA must be signed before you upload PHI or ePHI to the LawVu Services. To sign a BAA, the Organisation Admin may email legal@lawvu.com.

In the sections below, we will discuss configuring the settings in LawVu to ensure you are using LawVu in a HIPAA-compliant manner.

In this article:

When two-factor authentication is enabled, users will encounter the following modal window when signing in, where they will be required to enter a verification code received via email.

Note: Organization administrators can disable this feature; click here to learn more.

The banner appears after sign-in and lets the user know they are subject to having their activities in LawVu monitored and recorded by their organization's personnel. If monitoring reveals evidence of possible criminal activity, the organization may provide the evidence to law enforcement officials. A user cannot use LawVu without clicking 'consent and continue.'

LawVu will apply settings to restrict information from LawVu from being shared with any third parties via the email functionality in the LawVu platform. This includes:

Users will still be able to shares documents via email with other LawVu users in the organisation.

LawVu will apply settings to remove certain information from all email notifications sent from the LawVu Platform, such as the matter or contract name, and the content of conversations or assignments, when an email notification is sent from the LawVu Platform. To see the contents of the email notification, a user must log in to their LawVu account.

To enhance security, Organisation Administrators can configure LawVu to automatically log out inactive user accounts after a set duration.

By default, LawVu automatically logs out users after 10 minutes of inactivity, calculated from their last click. Upon automatic logout, users must log in again and be reauthenticated. They will then be redirected to the exact page they were on prio to the inactivity timeout.

Organization Administrators can adjust this inactivity timeout from a minimum of 5 minutes to a maximum of 30 minutes to align with their organization's workstation security policies.

Note: The inactivity timeout feature cannot be disabled.

Your security settings in LawVu can be accessed from Organization Settings > General Settings > Security.

LawVu enables you to operate LawVu in accordance with your CJIS compliance obligations. The Criminal Justice Information Services (CJIS) Security Policy is a comprehensive set of guidelines and requirements established by the U.S. Federal Bureau of Investigation (FBI). The CJIS Security Policy is designed to protect the confidentiality, integrity, and availability of Criminal Justice Information (CJI), which is sensitive data used by law enforcement and criminal justice agencies.

It is your responsibility to ensure you meet your CJIS compliance and before you upload CJI to the LawVu Services, you must ensure that you enter into the appropriate contractual terms with LawVu, including purchasing the LawVu Services in our US Government Stack.