Is Privy HIPAA Compliant: Business Associate Agreements
As a software provider with the potential to access PHI, Privy is considered a business associate. Under HIPAA, healthcare organizations are required to have a signed business associate agreement with their business associates before it is permitted to use the service in conjunction with PHI. Many software providers have business associate agreements available through their websites or the software platform.
Although Privy is willing to sign a business associate agreement with their healthcare clients, they don’t make the agreement readily available.
Privy advises on their website, “If you are a covered entity under HIPAA, you agree to contact us at [email protected] in order to request a business associate agreement prior to using the Privy Service with your subscribers. If we agree to enter into a business associate agreement with you, you may include protected health information, subject to this Agreement and the terms of the business associate agreement (additional fees may apply).”
From this, we can infer that Privy will sign a business associate agreement, however, it seems to be on a case by case basis.
To view Privy’s Acceptable Use Policy, please click here.
Is Privy HIPAA Compliant?
Is Privy HIPAA compliant? Yes, provided that you contact them to sign a business associate agreement, and they agree to sign it, before use. Additionally, software compliance ultimately comes down to how it is used by the end user. As such, you must ensure that you are using Privy in accordance with HIPAA standards by training all staff that will use the platform.