Trello is a project management software tool that allows users to track a project’s progress, and who is working on it. Project management software can be useful for any business, but when a healthcare organization utilizes such software for projects related to specific patients, they must ensure that the software is HIPAA compliant. So, is Trello HIPAA compliant? The answer to if this project management software is HIPAA compliant is discussed below.
Is Trello HIPAA Compliant: Security Features
When determining whether or not a project management software product is HIPAA compliant, it is important to assess the security measures that they have in place to protect the data shared through their platform. Software products that lack adequate security measures can inadvertently expose their clients’ data should vulnerabilities in their software be exploited through a hacking incident.
To protect client data, Trello utilizes end-to-end encryption, which protects data as it is being sent, received, and stored. They also backup data daily to prevent data loss, and conduct regular vulnerability scans and penetration testing. Through this information, we can make the determination that Trello is pretty secure.
Is Trello HIPAA Compliant: Business Associate Agreements
Although security is an important aspect of determining a software’s HIPAA compliance, even the most secure software is not necessarily HIPAA compliant. This is because under HIPAA, software providers are considered business associates when they are used in conjunction with protected health information. As such, healthcare organizations are required to have signed business associate agreements with their software providers before they can filter patient information through the software.
Business associate agreements (BAAs) are important because they require each signing party to be HIPAA compliant, and be responsible for maintaining their compliance. They also determine which party is responsible for reporting a breach should one occur. Without a signed BAA, healthcare organizations can be held liable for their business associates’ breach, and are subject to HIPAA fines. On Trello’s website, they state that they are unable to sign a business associate agreement.
Is Trello HIPAA Compliant?
Is Trello HIPAA compliant? No, Trello is not HIPAA compliant, therefore patient information cannot be input into the software. But that does not mean that it cannot be used by healthcare organizations. Healthcare organizations can still use the software for project management as long as they do not put any patient information in the platform, that includes attaching files that contain PHI.