Is Trello HIPAA Compliant: Business Associate Agreements
Although security is an important aspect of determining a software’s HIPAA compliance, even the most secure software is not necessarily HIPAA compliant. This is because under HIPAA, software providers are considered business associates when they are used in conjunction with protected health information. As such, healthcare organizations are required to have signed business associate agreements with their software providers before they can filter patient information through the software.
Business associate agreements (BAAs) are important because they require each signing party to be HIPAA compliant, and be responsible for maintaining their compliance. They also determine which party is responsible for reporting a breach should one occur. Without a signed BAA, healthcare organizations can be held liable for their business associates’ breach, and are subject to HIPAA fines. On Trello’s website, they state that they are unable to sign a business associate agreement.
Is Trello HIPAA Compliant?
Is Trello HIPAA compliant? No, Trello is not HIPAA compliant, therefore patient information cannot be input into the software. But that does not mean that it cannot be used by healthcare organizations. Healthcare organizations can still use the software for project management as long as they do not put any patient information in the platform, that includes attaching files that contain PHI.