Administrative safeguards are written policies and procedures that dictate proper uses and disclosures of PHI.
Physical safeguards like locks and alarm systems protect an organization’s physical location.
Technical safeguards are measures that protect electronic PHI (ePHI).
While administrative and physical safeguards are essential, technical safeguards are generally the determining factor of a software provider’s HIPAA compliance. You should expect technical safeguards to include encryption, user authentication, access controls, and audit controls.
Why is a Business Associate Agreement Important?
Business associate agreements are a vital determinant of HIPAA compliance. Even the most secure software platform is NOT HIPAA compliant is they will not sign a business associate agreement (BAA).
A BAA is a legal agreement that requires each signing party to be HIPAA compliant and be responsible for maintaining compliance. As such, a BAA limits the liability for both singing parties in the event of a breach or OCR audit, as only the negligent party would be held culpable.
Is Genius Scan HIPAA Compliant?
Is Genius Scan HIPAA compliant? Genius Scan appears to have all of the necessary technical safeguards, provided it is appropriately configured for use in a HIPAA compliant manner. Their parent company is based in France, and the software meets the strict privacy requirements demanded by the European Union’s General Data Protection Regulation (GDPR).
However, there is no mention of Business Associate Agreements anywhere on their developer website. Lacking a direct statement regarding the willingness to enter into a BAA, the wisest path is to assume Genius Scan is not HIPAA compliant.