HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards. Covered entities and their business associates must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI). We know the HIPAA industry is vast and that it is important to correctly communicate with other providers and patients while remaining HIPAA compliant.
SEE ALSO: HIPAA compliant email
This is especially true with the recent move toward remote working and the increase in cyberattacks against healthcare. Today, we will determine if GlobalMeet is HIPAA compliant or not.
GlobalMeet is a business communications platform from PGi. PGi offers various solutions for online meetings and large-scale events. As its flagship product, GlobalMeet was designed to meet the needs of business professionals with solutions for web, video and audio conferencing, screen sharing, webinars and webcasting, project management, and productivity.
RELATED: Is Google Jamboard a HIPAA compliant solution?
A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI. In this instance, GlobalMeet is a business associate of a healthcare organization if any stored or transmitted data includes electronic PHI (ePHI), like a name or an email address.
Generally, the HIPAA Privacy Rule allows healthcare providers to disclose PHI if they receive assurance that the information is protected through a signed BAA. There is no mention of HIPAA or a BAA on the GlobalMeet website, though a 2020 blog mentions the importance of healthcare communication.
In addition, PGi’s network employs industry-leading encryption during transmission as well as Transport Layer Security (TLS) for web-based communication. Finally, GlobalMeet utilizes an administrative console that customers set up themselves to meet a variety of security and compliance standards. And within meetings, customers can lock meeting rooms with personal password security.
The BAA is a key component of HIPAA compliance and PGi does not appear to sign a BAA. While PGi employs stringent cybersecurity measures, if a data breach or HIPAA violation occurs and any PHI is breached, the covered entity is liable.
Conclusion GlobalMeet may not be HIPAA compliant.