Airtable is a cloud-based relational database with a user-friendly interface that allows users to create custom databases, spreadsheets, and other applications. It has gained popularity in healthcare data management because of its flexibility and ease of use. Airtable allows users to store and organize data, collaborate with others, and create custom workflows. It also integrates with other applications such as Slack, Google Drive, and Trello. But, is Airtable HIPAA compliant?
The Importance of a HIPAA Business Associate Agreement
There are certain things to look for when determining whether or not a software platform is HIPAA compliant. One of those things is business associate agreements (BAAs).
A HIPAA BAA is a contract between a covered entity and a business associate that ensures the business associate will comply with HIPAA regulations. A BA is any person or entity that performs functions or activities on behalf of a covered entity that involves the use or disclosure of protected health information (PHI). Airtable is considered a business associate if it stores, receives, maintains, or transmits PHI on behalf of a covered entity.
A BAA is essential because it establishes the terms and conditions for protecting PHI and ensures that the business associate will implement appropriate safeguards to prevent unauthorized use or disclosure of PHI. A Business Associate Agreement should be signed before any PHI is disclosed to the BA.
The Importance of HIPAA Security & Safeguarding
The Security Rule’s goal is to make sure that every covered entity has put security measures in place to secure the availability, confidentiality, and integrity of electronic protected health information. To maintain HIPAA compliance, covered entities must ensure that all personnel with access to PHI are trained on HIPAA regulations and the organization’s policies and procedures to protect that information.
Regularly reviewing, updating, and implementing safeguards such as access controls, audit controls and encryption. A healthcare company must enforce HIPAA safeguards to maintain the privacy, accuracy, and accessibility of protected health information. Administrative, physical, and technical safeguards are the three categories that HIPAA divides them into:
- Administrative safeguards are written policies and procedures that dictate the proper uses and disclosures of PHI.
- Physical safeguards are measures that protect an organization’s physical location, such as locks and alarm systems.
- Technical safeguards are measures that protect electronic PHI (ePHI).
Airtable HIPAA Compliance
The philosophy behind the creation of Airtable is that you should control how the software functions, not the other way around. Without ever having to learn how to code, the real-time collaborative Airtable platform enables users to create an almost endless number of useful apps. Airtable is enabling non-technical professionals from all walks of life to rethink decades-old business methods in every field imaginable, from collaborative editorial planning to managing global marketing campaigns to powering an organization’s entire back office.
While Airtable can be a useful tool for any business, healthcare organizations cannot use software in conjunction with PHI if the platform is not HIPAA compliant.
Is Airtable HIPAA compliant? The short answer is no, Airtable is not HIPAA compliant.
Airtable HIPAA compliance boils down to one simple fact, Airtable does not sign a HIPAA BAA.
In regards to an Airtable HIPAA BAA, their site states:
“Airtable does not sign HIPAA business associate agreements (BAA) at this time. We work with a number of companies across medical industries who do use Airtable to manage business, research and other processes, but refrain from storing Personal Health Information (PHI) in doing so.”
The rule is if they dont sign a BAA they are not HIPAA compliant regardless of configurations. Airtable is a secure platform, but users cannot input protected health information into the platform.
Although Airtable is a valuable tool in managing marketing, if your organization needs a tool to use that is HIPAA compliant there are alternatives that can be used:
- Microsoft Planner
Ultimately, HIPAA compliance is extremely important for healthcare organizations. When inputting patient health information into any software, it must be secure, safe, and private at all times. Airtable is a viable tool to use when you aren’t using that type of confidential information, but patient information should never be input into their software.