Get started with FrameShare in our Help & Tutorials Section! Visit Help & Tutorials

What's New

Latest updates and announcements

October 29, 2025

We are rolling out First Access!

We are happy to share what we have built so far with the community and look forward to any therapist interesting to try us out. You can sign up directly and start using or contact us at support@frameshare.org to get a personal intro and tour of FrameShare (from Stefan himself!) and how we hope to add to your practice and workflow.

We have a 1 month free trial, no auto renew or anything trying to trap you into any payment. If you like what we offer we are happy to keep working with you.

We will listen to you to where we can add new features that would make your life easier, and part of our current development focus is all around building what is needed most.

January 15, 2025
AATA 2025 Conference Logo
Stefan, Founder at Booth 38

We will be at this year's AATA!

We are excited to be able to show our progress in creating a tool aimed to ease your efforts and expand your patient reach. Meet our founder Stefan (pictured for reference) at Booth 38 on Thursday between 6:30 and 8:30 PM to learn all about it and score a trial!

If you can't make it but still would like a chat, feel free to reach out anytime at hello@frameshare.org.

This will be our first ever Therapy conference, and we are excited to both share our vision and get to meet the caring people we want to help!

January 5, 2025

How FrameShare Ensures HIPAA Compliance

FrameShare implements comprehensive security measures that meet and exceed HIPAA Security Rule requirements. Here's how we protect your clients' Protected Health Information (PHI):

Your Sessions Are Completely Private

  • No Sharing Without Consent

    Drawings, chat messages, and session notes are NEVER shared or visible to anyone except the therapist and their authorized patients. Each session is completely isolated.

  • Self-Hosted Video

    Unlike other platforms that use third-party services (Zoom, Google Meet, etc.), we host all video sessions on our own secure servers. Your therapy sessions never leave our HIPAA-compliant infrastructure.

  • Zero Platform Visibility

    Even FrameShare's administrators cannot view your encrypted session content, messages, or patient data. Only you and your authorized patients have access.

Administrative Safeguards

  • Comprehensive Audit Logging (§164.312(b))

    Every access to PHI is tracked: WHO accessed WHAT, WHEN, and from WHERE. Audit logs are immutable and include all creates, reads, updates, and deletes.

  • Automatic Session Timeout

    Sessions automatically expire after 30 minutes of inactivity, preventing unauthorized access from unattended devices.

  • Account Security & Lockout

    Accounts are locked for 10 minutes after 5 failed login attempts, protecting against brute force attacks. IP-based tracking identifies suspicious access patterns.

Technical Safeguards

  • Field-Level Encryption (§164.312(a)(2)(iv))

    All sensitive data is encrypted using AES-128 encryption (Fernet). This includes patient profiles, session notes, messages, and drawing data - both in transit and at rest.

  • Data Integrity Controls (§164.312(c)(1))

    SHA-256 checksums verify data hasn't been tampered with. Any unauthorized modifications are immediately detectable.

  • Complete Data Recovery (§164.308(a)(7))

    Full history tracking allows recovery of any accidentally deleted or modified data. Every change is versioned with timestamps and user attribution.

  • Secure Infrastructure

    All data transmission uses HTTPS/TLS encryption. AWS infrastructure provides additional security layers with VPC isolation and security groups.

Data Protection Features

  • Soft Delete Protection

    PHI is never permanently deleted immediately. Deleted records are retained and can be restored if needed, preventing accidental data loss.

  • Role-Based Access Control

    Therapists can only access their own clients' data. Staff have restricted access based on their role. All access is logged and auditable.

  • Privacy-First Design

    Therapist locations shown only at state level. Anonymous visitor tracking respects privacy. Patient data is segregated and encrypted.

  • Complete Data Isolation

    No artwork, chat messages, or session notes are ever shared without explicit consent. Only the therapist who created the session and their authorized patients can access session data.

  • Self-Hosted Video Infrastructure

    All video sessions are self-hosted on our secure servers. No third-party video services have access to your therapy sessions, ensuring complete privacy and HIPAA compliance.

  • Therapist-Controlled Data

    All patient data, health records, and session content is encrypted and saved exclusively with the therapist's account. No other users, including platform administrators, can view this protected information.

HIPAA-Compliant Technology Stack

  • django-auditlog

    Provides comprehensive, immutable audit trails for all PHI access and modifications.

  • django-simple-history

    Maintains complete version history of all records, enabling data recovery and change tracking.

  • django-fernet-fields

    Implements transparent field-level encryption using industry-standard AES-128 encryption.

  • django-axes

    Monitors and blocks suspicious login attempts, preventing unauthorized access.

HIPAA Compliance Summary

Access Control (§164.312(a)(1))
Audit Controls (§164.312(b))
Integrity Controls (§164.312(c)(1))
Transmission Security (§164.312(e))
Data Recovery (§164.308(a)(7))
Access Management (§164.308(a)(4))

Need more information about our HIPAA compliance?

Contact us at support@frameshare.org

We can provide our complete HIPAA compliance documentation, Business Associate Agreement (BAA), or schedule a security assessment review.