Business Associate Agreements: Is Adobe Scan HIPAA Compliant?
All businesses that create, transmit, process, store, receive, or maintain PHI or ePHI must be HIPAA compliant. Any vendors used for those purposes must also be HIPAA compliant.
In addition, a signed Business Associate Agreement must be in place before PHI or ePHI transfers between organizations. This agreement must clearly state the responsibilities of each company regarding PHI.
Transferring PHI without a BAA is a clear violation of HIPAA. Adobe is considered a business associate, so organizations must have a signed BAA with Adobe to use their services.
Adobe Scan integrates with Adobe Document Cloud. As another article on our blog mentions, Adobe will sign a BAA with Adobe Document Cloud clients, but only for those on an Enterprise Plan.
Final Analysis: Is Adobe Scan HIPAA Compliant?
So, is Adobe Scan HIPAA compliant? The answer is not straightforward. While Adobe is willing to sign a business associate agreement, they only do so for specific products and plan levels. So while some Adobe Cloud products are HIPAA compliant, others are not.
Additionally, Adobe makes it overly complicated for users to get a BAA, responding to users inquiring about an Adobe Sign BAA on their support forum, “This information can only be shared by Adobe Sign support team via phone or chat. So we request you to please contact Adobe Sign support team by logging into your account. Click on the “?” icon at the upper right corner of the page and refer to your support options.” Adobe users also reported on the forum that upon calling Adobe to request a BAA, they were transferred to several departments and given mixed information on the pricing required to obtain one.
Healthcare organizations that wish to use Adobe’s services