TextExpander
+ HIPAA compliance

What to know about using TextExpander in HIPAA-compliant environments

Is TextExpander HIPAA compliant?

TextExpander is compliant with HIPAA Security, Privacy, and Breach Notification rules.

If you require a BAA (business associate agreement) in order to comply with HIPAA, please be aware that currently, we can enter into BAAs only for qualified TextExpander Enterprise plans. This allows us to process these requests promptly and efficiently. Customers must agree to TextExpander’s Business Associate Agreement and utilize TextExpander in a manner that complies with HIPAA, the BAA, and the HIPAA Product Configuration Guide. If you are interested in the TextExpander Enterprise plan, please contact our Sales team.

Tips for Configuring TextExpander for HIPAA

TextExpander Snippets are user-created content and should not contain any patient personal health information (PHI).

Ensure your Snippet Library is configured for HIPAA compliance

Read article

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a US federal law that was enacted in 1996 that requires the protection and confidential handling of protected health information (PHI) by covered entities such as healthcare providers, health plans, and healthcare clearinghouses, as well as their business associates.

FAQ

TextExpander never stores or sends your keystrokes anywhere. TextExpander logs up to 30 keystrokes to volatile memory. This small amount of keystroke data in memory enables TextExpander to do its filtering. TextExpander clears the keystroke log when you use a keyboard shortcut or arrow key when you switch applications, and of course, it clears the log when you quit.

While TextExpander does track a small number of keystrokes, “tracking” does not mean TextExpander keeps a list of the actual characters you type. Instead, it keeps an encoded record (called a “hash”) of that group of characters, similar to the way a password is securely stored so that no one reading it knows what it is. You might type “yourpetsname” but what TextExpander sees and records is “1739405847385.”

Yes. For qualified customers on the Enterprise plan, TextExpander signs a Business Associate Agreement (BAA).
HIPAA compliance is available free of charge to qualified customers on the Enterprise plan.

Users may not include PHI specifically in any of the following fields or functionality:

  • Snippets, Snippet Groups
  • Name of user groups
  • Team Names
  • Support requests and attachments to a support request must not include any PHI.
Data at rest is encrypted using AES-256. Data in transit is encrypted via TLS v1.2 or later.
TextExpander undergoes regular third-party independent security audits, and we can provide our SOC 2 and SOC 3 report upon request. Check out our trust page for additional information about our security practices.
Our providers, Amazon Web Services, and MongoDB are covered by the BAA.
Please contact our Sales team at sales@textexpander.com.
TextExpander
Learn
Blog
Company

© 2025 TextExpander, Inc. TextExpander is a registered trademark.

Do not sell or share my personal information Notice at collection