Optimizing YAPI for HIPAA Compliance

When it comes to protecting patient information, we've provided multiple safeguards within YAPI to help your practice stay HIPAA-compliant.  Any tool, however, is only as strong as its user.  Below, we've put together a list of best practices your team can implement to use YAPI effectively while still protecting your patients' data.

Table of Contents


Hide Patient Information on Workstations

  • Hide Patient Last Names on the Dashboard - For workstations that are visible to patients (like those in an operatory or open hallway), you can configure the Dashboard to only show patient first names plus their last initial.  To do this, follow the steps in Hiding a Patient's Protected Information for any patient-facing workstations.

  • Only Display Patient Texts on Specific Workstations - While you can enable two-way text communication with patients on any workstation in your office, we recommend only having this feature enabled for workstations that are hidden from patient view like front desk and treatment coordinator computers.  This setting is turned off by default but if you need to check, follow the instructions in Setting Your Workstation to Receive Patient Texts.

  • Use the Dashboard Privacy Screen When You're Away - The Dashboard has a built-in privacy screen you can use when you leave a workstation. Just click the red bar on the left!  To view the Dashboard again, click anywhere on the orange screen:



Secure Your iPads

  • Set Up Password Protection for the iPad App - For any iPads you plan to use with patients (for example, to fill out forms), adding a password to the app is absolutely essential for keeping patient information protected.  This allows patients to complete forms while preventing them from accessing any other part of the YAPI app like the Dashboard, your Huddle, and your KPI report.  To set your password, follow the instructions in Setting Up Basic Security for the YAPI iPad App.

  • Set Up Guided Access for Your iPads - If you want to keep patients in the YAPI app so they don't wander outside of it, you can set up Guided Access on your iPad.  Check out our article Setting Up & Using iPad Guided Access for a step by step guide to using this iPad feature. 

    Note: Guided Access is not a YAPI feature. If you have issues setting up Guided Access, we recommend reaching out to Apple directly.
  • Add Extra Protection with Other Basic & Advanced Security Features - Like the desktop version of YAPI, the iPad app has multiple security features that keep your patients' information safe.  These include:

    • Hiding patient information on the iPad Dashboard
    • Password-protecting patient details 
    • Creating a shared secret that links each iPad to your server through an additional password.

    To set these up, follow the steps in both Setting Up Basic Security for the YAPI iPad App and Setting Up Advanced Security for the YAPI iPad App.


Create a New Administrative Password

YAPI is automatically installed with a default administrative password (or what we often call the "YAPI password").  Your installer will share this with you, giving you access to admin features like Global Setup, Recall settings Recall_Manager.png, and Administrative Tools Tools.png.  For added protection, we recommend you change this password as soon as possible after installation.  To update your password, follow the instructions in Changing Your YAPI Dashboard Password


Utilize the Private Message Feature

All Broadcast and Provider messages within Office Messaging include a Private message option:


Selecting the Private checkbox on a message forces the message to display without its text until a team member clicks the lock icon to unlock it:


This is a great option when sending messages that contain PHI or other information you don't want to show on patient-facing screens.


Use Forms to Obtain Consents for Communication and Inform Patients of HIPAA Rights

YAPI's paperless forms help you obtain consent to transmit HIPAA-sensitive information and inform patients of their rights when it comes to PHI.  We recommend:

A Notice of HIPAA Privacy Practices Acknowledgement comes pre-installed with YAPI and you can download and import the Consent to Electronic Communications from our Forms Library.  There, we also have additional HIPAA forms as well as versions of our HIPAA and consent forms in Spanish.


Connect an Email Encryption Service

While all of YAPI's automated email templates are HIPAA-compliant out of the box, each user should always exercise discretion when handling PHI through email.  If you need to send PHI by email, we recommend you purchase a 3rd-party email encryption service and connect it to YAPI in YAPI's Global Setup. 


For more information on connecting an email encryption service to YAPI, see Connecting an Encrypted Email Service to YAPI.


Create Separate Users for POP

Because YAPI's Practice Online Portal (POP) is accessible outside your office, we strongly recommend creating separate POP user accounts for each member of your team.  This allows you to control what access each user has and if someone leaves your practice, you can simply deactivate their account without affecting anyone else's.  For more about creating users in POP, check out Inviting Users to the Practice Online Portal (POP).


Using Yapi Leap (our new web app) instead of POP? 🤔 Learn about HIPAA protections in Leap by checking out our related topic in the
Leap Help Center:

Dentrix Users | Open Dental Users | Eaglesoft Users


Related Articles


Please note, the content above is not legal advice.  We recommend always consulting your practice's HIPAA officer when making decisions related to HIPAA and patients' Protected Health Information.


Was this article helpful?
0 out of 0 found this helpful