All of the above mentioned security controls are sufficient to ensure that PHI is secure, however, just because a platform is secure, doesn’t make it HIPAA compliant.
Zapier Business Associate Agreements
When using Zapier with your software applications that have the potential to access PHI, Zapier is considered a business associate. HIPAA requires healthcare organizations to have signed business associate agreements (BAAs) with all of their business associates before using their services.
Will Zapier sign a business associate agreement? No, Zapier does not sign BAAs with their healthcare clients. They state on their site, “Zapier does not claim HIPAA compliance, and cannot advise on how Zapier usage may or may not comply with your unique requirements.”
Is Zapier HIPAA Compliant?
So, is Zapier HIPAA compliant? No, Zapier is not HIPAA compliant as they will not sign a BAA. However, healthcare organizations can still use Zapier to connect software platforms that DO NOT have the potential to access PHI.
To read more about Zapier’s data safeguards and privacy measures, please click here.