HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards. Covered entities and their business associates must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI). We know the HIPAA industry is vast and that it is important to correctly communicate with other providers and patients while remaining HIPAA compliant.
SEE ALSO: HIPAA compliant email
This is especially true with the recent move toward remote working and the increase in cyberattacks against healthcare. Today, we will determine if GlobalMeet is HIPAA compliant or not.
About GlobalMeet
GlobalMeet is a business communications platform from PGi. PGi offers various solutions for online meetings and large-scale events. As its flagship product, GlobalMeet was designed to meet the needs of business professionals with solutions for web, video and audio conferencing, screen sharing, webinars and webcasting, project management, and productivity.
RELATED: Is Google Jamboard a HIPAA compliant solution?
GlobalMeet and the business associate agreement
A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI. In this instance, GlobalMeet is a business associate of a healthcare organization if any stored or transmitted data includes electronic PHI (ePHI), like a name or an email address.
Generally, the HIPAA Privacy Rule allows healthcare providers to disclose PHI if they receive assurance that the information is protected through a signed BAA. There is no mention of HIPAA or a BAA on the GlobalMeet website, though a 2020 blog mentions the importance of healthcare communication.
GlobalMeet and cybersecurity
A PGi security whitepaper states that the company completes an SOC (System and Organization Controls) 2 Type 2 audit annually. Furthermore, the company states that it uses security controls to block third-party access to data such as:- Physical controls
- Firewalls
- Intrusion detection systems
- Authentication management
- Regular scans of its system
- Antivirus software
- Patch management
In addition, PGi’s network employs industry-leading encryption during transmission as well as Transport Layer Security (TLS) for web-based communication. Finally, GlobalMeet utilizes an administrative console that customers set up themselves to meet a variety of security and compliance standards. And within meetings, customers can lock meeting rooms with personal password security.
Is GlobalMeet HIPAA compliant?
The BAA is a key component of HIPAA compliance and PGi does not appear to sign a BAA. While PGi employs stringent cybersecurity measures, if a data breach or HIPAA violation occurs and any PHI is breached, the covered entity is liable.
Conclusion GlobalMeet may not be HIPAA compliant.
Subscribe to Paubox Weekly
Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.