We've been seeing more vendors, customers, and prospects asking about HIPAA compliant email marketing services. Since Paubox is a Business Associate to thousands of customers, we’ve been wondering if they are able to use Podio in a HIPAA compliant manner. We know the HIPAA industry is vast, so we can empathize with just how many people need to use cloud services in this sector. Today we will determine if Podio offers HIPAA compliant email marketing service or not.
Podio is a project management platform for organizing team communication, business processes, data, and content. Citrix acquired Podio in 2012.
A Business Associate is a person or company that performs certain functions or activities that involve the use or disclosure of protected health information (PHI) for a Covered Entity. In a nutshell, the role of a Business Associate is to help Covered Entities comply with the HIPAA Privacy Rule Read full article: What does it mean to be a Business Associate?
If a Business Associate provides services to a Covered Entity, then a Business Associate Agreement (BAA) must be in place. A BAA is a written contract between a Covered Entity and a Business Associate and is required by law for HIPAA compliance. At a minimum, a Business Associate Agreement contains 10 provisions.
Read full article: Business Associate Agreement Provisions
We checked the Podio site for mention of their ability to sign a Business Associate Agreement (BAA). We found several mentions of their stance on HIPAA compliance in their Help Center ( here, here, and here). All of them had the same answer: Podio will not sign a BAA with its customers.
The Business Associate Agreement (BAA) is a key component to HIPAA compliance between a Covered Entity and a Business Associate. Conclusion: Podio does not offer a Business Associate Agreement with its customers. Podio is not a HIPAA compliant solution provider.