Administrative safeguards are written policies and procedures that dictate the proper uses and disclosures of PHI.
Physical safeguards are measures that protect an organization’s physical location, such as locks and alarm systems.
Technical safeguards are measures that protect electronic PHI (ePHI).
While administrative and physical safeguards are important, technical safeguards are generally the determining factor of a software provider’s HIPAA compliance. Technical safeguards that you should keep an eye out for include encryption, user authentication, access controls, and audit controls.
Why is a Business Associate Agreement Important?
Business associate agreements are a key determinant of HIPAA compliance. Even the most secure software platform is NOT HIPAA compliant is they will not sign a business associate agreement (BAA).
A BAA is a legal agreement that requires each signing party to be HIPAA compliant, and be responsible for maintaining compliance. As such, a BAA limits the liability for both singing parties in the event of a breach or OCR audit, as only the negligent party would be held culpable.
Is HelloSign HIPAA Compliant?
So, does HelloSign meet HIPAA standards? Is HelloSign HIPAA compliant? Yes, HelloSign is HIPAA compliant for users with an annual Standard or Premium plan. According to HelloSign’s website, they meet HIPAA security standards and are willing to sign a BAA.
However, users must have a signed BAA with HelloSign and MUST configure the platform accordingly prior to use. Please click here for information on HelloSign HIPAA compliant configurations.