Offenders.io supports HIPAA-compliant Enterprise workflows for approved healthcare customers under a separately executed Business Associate Agreement. Healthcare systems, SNFs, home health teams, and compliance platforms can use an approved Enterprise endpoint to run source-verified registry screening against official public records across all 50 states, territories, and tribes.
Purpose-built access patterns for regulated healthcare teams that need registry screening without pushing PHI through standard self-service channels.
HIPAA-compliant access requires a separately executed Business Associate Agreement and Enterprise approval.
Enterprise customers use an approved workflow and endpoint; standard public API endpoints are not for PHI or ePHI.
API traffic is encrypted in transit. Request telemetry is minimized and sanitized for operational monitoring.
Controls are designed around security, availability, confidentiality, access review, and change management.
Only the search inputs needed for the approved workflow should be transmitted.
Returned registry records come from official public sources and are not clinical advice or medical determinations.
The standard API is fast to evaluate. HIPAA-compliant production use requires Enterprise review first.
Tell us what data you plan to send, where it originates, and whether PHI or ePHI is involved.
Approved Enterprise customers sign a separate BAA before transmitting regulated data.
We provision the agreed Enterprise workflow and keep support channels free of PHI/ePHI.
Use request IDs, sanitized telemetry, and documented controls for support and audit review.
HIPAA-compliant sex offender API workflows are available for Enterprise customers who need BAA-backed registry screening.
Pre-admission and compliance screening where state rules require sex offender registry checks.
Registry screening for workflows involving vulnerable populations and in-home care operations.
Enterprise registry checks that can fit into credentialing, compliance, or safety workflows.
Screening support for regulated residential and patient-safety workflows.
API-first access for compliance software teams that need a BAA-backed vendor workflow.
Batch and API workflows for teams managing many facilities or high-volume screening needs.
Clear boundaries help customers avoid sending regulated data through the wrong path.
| Channel or tier | HIPAA-compliant? | Boundary |
|---|---|---|
| Enterprise workflow with executed BAA | Yes | Approved workflow only, under the signed agreement |
| Self-service or On Demand API | No | No BAA; do not submit PHI or ePHI |
| Free trial or test key | No | Evaluation only; no regulated data |
| Dashboard, support, email, chat | No | Never send PHI/ePHI through support channels |
| Registry records returned by the API | N/A | Official public-record data, not medical advice |
If your workflow may involve PHI or ePHI, contact us before sending production traffic.
Offenders.io supports HIPAA-compliant Enterprise workflows only for approved customers under a separately executed BAA. Self-service, free trial, and standard API accounts are not HIPAA-compliant workflows and must not transmit PHI or ePHI.
No. BAA access is available only for approved Enterprise customers under a separately executed Business Associate Agreement.
Yes. HIPAA-compliant Enterprise workflows use an approved access path. Standard public API endpoints are for non-PHI evaluation and regular non-HIPAA use cases.
No. Registry results returned by Offenders.io are sourced from official public records. They are not medical information, not medical advice, and not a clinical determination.
Yes. You can evaluate data quality with a standard test or self-service key, but do not send PHI or ePHI until a BAA is executed and the approved Enterprise workflow is provisioned.
Tell us about your healthcare workflow. We will review BAA eligibility and the approved API path before production use.