Paubox blog: HIPAA compliant email made easy

Is MedChat HIPAA compliant?

Written by Caitlin Anthoney | July 05, 2024

MedChat is a secure communication platform designed specifically for healthcare providers and patients. It facilitates real-time messaging while automating workflows and increasing productivity with AI agents.

Is MedChat HIPAA compliant? Yes, based on our research, MedChat can be HIPAA compliant.

 

Will MedChat sign a business associate agreement (BAA)?

Yes, MedChat will sign a business associate agreement, which can be reviewed under their terms of service.

More specifically, their terms state,When you access or use the Services, you automatically enter into the business associate agreement (“BAA”) attached hereto as Exhibit A with Medchat. In the event of any conflict between these Terms and the BAA as to any PHI, the terms of the BAA shall control.”

 

What does the MedChat BAA cover?

The MedChat BAA covers the use and disclosure of protected health information (PHI) stating, itacknowledges and agrees that all protected health information that is created, maintained, transmitted or received by covered entity and disclosed or made available in any form, including paper record, oral communication, audio recording, and electronic display by covered entity or its operating units to business associate, or protected health information which, on behalf of covered entity, is created, maintained, transmitted or received by business associate or a subcontractor, shall be subject to this BAA."

 

Their BAA covers:

  • Business associate obligations
  • Obligations of the covered entity
  • Availability of PHI
  • Notifications of security incidents (like unauthorized access or use)
  • Termination of services 

 

What does the MedChat BAA exclude?

According to their BAA, usersagree that the laws of the State of North Carolina, without regard to principles of conflicts of laws, will govern [their terms] and any dispute of any sort that might arise between [users] and Medchat.”

Furthermore, their users mustagree that the exclusive jurisdiction (personal and, as allowed, subject matter) and venue for any action relating to these Terms shall be the state or federal course located in Charlotte, North Carolina, and you hereby consent to such jurisdiction and venue.”

Ultimately, this could impact how legal issues are interpreted and resolved, potentially affecting the enforcement and scope of the BAA's provisions.

 

Conclusion

MedChat signs a BAA and is, therefore, HIPAA compliant, but covered entities should evaluate jurisdictional clauses, document changes for compliance, and stay updated on legal developments affecting BAA enforceability.

Learn more: 

 

FAQs

What is a business associate agreement?

A business associate agreement (BAA) is a legally binding contract establishing a relationship between a covered entity under the Health Insurance Portability and Accountability Act (HIPAA) and its business associates. The purpose of this agreement is to ensure the proper protection of personal health information (PHI) as required by HIPAA regulations.

 

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) sets national standards for protecting the privacy and security of certain health information, known as protected health information (PHI).

HIPAA is designed to protect the privacy and security of individuals’ health information and to ensure that healthcare providers and insurers can securely exchange electronic health information. Violations of HIPAA can result in significant fines and penalties for covered entities.

 

Who does HIPAA apply to?

HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.