Freedcamp is a web-based collaboration and project management tool that stores and shares data within an organization. In healthcare practices, this information could include sensitive patient data. Therefore any healthcare organization considering Freedcamp should first evaluate its HIPAA-compliant status.
What is Freedcamp?
Freedcamp aims to streamline project management and facilitate collaboration within teams for organizations of different sizes. There are both free and paid plans on offer, with the paid plans providing additional features and capabilities, such as access to Google Drive and Dropbox within your interface.
Freedcamp privacy policy
Freedcamp offers several security measures aimed at protecting user data. These include:
- Background checks: All are subject to the check and prohibited from accessing data unless for diagnostic purposes.
- Certified hosting environment: Freedcamp maintains various certifications, including ISO 27001, PCI, and SOC reports.
- Disaster recovery procedures: There is redundant storage of user data in multiple locations and well-tested backup and restoration procedures.
- Network protection: This includes the implementation of firewalls and SELinux, as well as host management, including regular patching and intrusion detection.
- Breach notification policy: There are procedures that allow for users to be notified in the event of a breach.
- Security audits: External security audits are conducted regularly to verify security practices and address vulnerabilities.
Beyond these features, Freedcamp offers additional security benefits to business and enterprise users such as two-step authentication known as 2FA.
Business associates agreement
The BAA establishes the legal obligations and responsibilities of both parties regarding the safeguarding and proper handling of PHI. By signing a BAA, the business associate agrees to comply with HIPAA regulations and take appropriate measures to protect the confidentiality, integrity, and availability of PHI.
Without a signed BAA in place, a business associate is not authorized to handle PHI on behalf of a covered entity, which would violate HIPAA regulations. Therefore, for HIPAA compliance, covered entities must ensure that any third-party service providers, including Freedcamp, are willing to sign a BAA before handling PHI.
Related: Business associates agreement provision
Freedcamp and a business associates agreement
We have found no mention on Freedcamp's website of a BAA. It also does not explicitly advertise or claim to be HIPAA compliant on its website or documentation.
Conclusion
Freedcamp may not be HIPAA compliant. While they have implemented strict controls over employee access to user data and maintain various security measures, including data encryption and network protection, they do not provide explicit details about their HIPAA compliance status or offer a specific HIPAA-compliant plan.
Subscribe to Paubox Weekly
Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.