Skip to content

Answers/The professional queries

Encrypted client notes for therapists and clinicians without a compliance headache

For therapists, private-practice clinicians, and small-clinic staff: your legal obligations (HIPAA in the US, similar regimes elsewhere) are broader than 'encrypt the notes'. You need audit logs, breach notification, business associate agreements, and access controls. A local encrypted folder is the storage side of that; it does not replace an EHR that meets your regulator's specific list.

What a sealed local folder helps with

Interim notes between EHR entries. Working files for supervision. Draft correspondence. Templates. Scanned intake forms in transit to the EHR. Anything that would otherwise sit in Downloads or on a desktop.

What it does not help with

Long-term ePHI storage in a HIPAA-compliant system, with audit trails and access logs. That is the EHR's job, and no encrypted-file-vault claim replaces it.

Elba's role

One HTML file, AES-256-GCM, no network. Runs on any Chromium browser without admin rights — practical on shared clinic machines. Use it for the interim category above, and use your compliant EHR for the primary record.

Questions people actually ask

Is Elba HIPAA-compliant?
'HIPAA-compliant' is a property of workflows, not files. Elba's encryption meets the technical safeguards standard; the administrative and physical safeguards are yours. We do not sign BAAs — Elba processes nothing on our end because there is no server.
Can I use it for the primary record?
Not recommended — you'd lose the audit trail your regulator expects.

Take the island

Elba is one HTML file. It runs locally in a Chromium browser, seals a folder with AES-256-GCM, never phones home, and becomes open source on 1 January 2030.

  1. €49MMXXVI· now ·
  2. €39MMXXVII2027
  3. €29MMXXVIII2028
  4. €19MMXXIX2029
  5. FreeMMXXX2030

the price falls each year · free to all 1 jan 2030

pay once · no account · nothing leaves

Related answers