Adobe Cloud consists of several products including Adobe Document Cloud, Adobe Experience Cloud, and Adobe Creative Cloud. Many of these products are used by businesses to perform administrative tasks that help them to effectively run their businesses, but as a healthcare organization, you must consider HIPAA. Is Adobe Cloud HIPAA compliant?
Is Adobe Document Cloud HIPAA Compliant?
Adobe Document Cloud is made up of different services including Sign, Acrobat, and PDF Services API. While each of these meet the HIPAA Security Rule requirement to ensure the confidentiality, integrity, and availability of protected health information (PHI), only Adobe Sign can be used in a HIPAA compliant manner.
Why is this so?
Well, as part of HIPAA requirements, you must have signed business associate agreements (BAAs) with any vendor that has the potential to access PHI (business associates). When a healthcare organization uses Adobe Document Cloud for managing patient documents, Adobe is considered a business associate; and therefore healthcare organizations must have a signed BAA with Adobe to use their services. Adobe will sign a BAA with Adobe Sign clients, but only for those on the Enterprise Plan. So is Adobe Sign HIPAA compliant? Yes, but only for Enterprise Plan clients that have secured a BAA.
What Other Adobe Products Are HIPAA Compliant?
Adobe products that can be HIPAA compliant (with a signed BAA secured from Adobe before its use), include:
- Adobe Sign for Enterprise
- Adobe Managed Services (Connect and Adobe Experience Manager (AEM) [2] only)
- Adobe Marketo Engage, Bizible, and Adobe Workfront
What Adobe Cloud Products Are Not HIPAA Compliant?
Adobe Cloud products that are not HIPAA compliant include:
- Adobe Acrobat
- Adobe PDF Services API
- Adobe Experience Cloud
- Adobe Creative Cloud
Is Adobe Cloud HIPAA Compliant?
So, is Adobe Cloud HIPAA compliant? Well the answer is not straight forward. While Adobe is willing to sign a business associate agreement, they only do so for specific products and for specific plan levels. So while some Adobe Cloud products are HIPAA compliant, others are not.
Additionally, Adobe makes it overly complicated for users to get a BAA, responding to users inquiring about an Adobe Sign BAA on their support forum, “This information can only be shared by Adobe Sign support team via phone or chat. So we request you to please contact Adobe Sign support team by logging into your account. Click on the “?” icon at the upper right corner of the page and refer to your support options.” Adobe users also reported on the forum that upon calling Adobe to request a BAA, they were transferred to several departments, and given mixed information on pricing required to obtain one.
Healthcare organizations that wish to use Adobe’s services in conjunction with PHI must be diligent to ensure that the product they are using can be HIPAA compliant, and that Adobe will sign a BAA with them at their service plan level.
For more information on Adobe and compliance, please click here.