PlanPlus Online is a cloud-based customer relationship management (CRM) platform that offers a combination of sales, marketing, and collaboration features to help businesses centralize contacts, prioritize the right tasks, and boost overall productivity. While CRMs can be a valuable way to strengthen operations, it is crucial for covered entities to make HIPAA compliance a priority.
Let’s find out if PlanPlus Online meets these important security standards.
SEE ALSO: HIPAA compliant email
Third-party vendors that store, access, or send protected health information (PHI) are considered business associates. When covered entities work with business associates, a business associate agreement (BAA) must be signed by both parties. This is a written document that outlines the responsibilities of the business associate to keep PHI secure.
Without a signed BAA, the vendor cannot be considered HIPAA compliant. PlanPlus Online’s HIPAA compliance policy states that the company agrees to provide services that may involve the “creation, receipt, maintenance, or transmission of PHI” and “a full BAA documentation is available for any customer” through its sales representatives.
Beyond the BAA, data protection is another key element of HIPAA compliance. Therefore, covered entities should evaluate the specific protocols that a vendor has in place to keep PHI secure. According to the company’s website, PlanPlus Online's robust application security model prevents customers from accessing each other's information and all data is automatically backed up on a nightly basis.
The company also uses a minimal number of controlled access points to all production servers, hardens systems by removing unnecessary users and processes, and protects the network with multiple firewalls and intrusion detection tools. PlanPlus Online additionally encrypts each user’s login information, noting that “customers must accept shared responsibility for keeping passwords and authentication to individual accounts.”
The company’s end user agreement reiterates that customers are fully liable for “all activities that occur under the password.” Other internal safeguards include network address translation, port redirection, and non-routable IP addressing schemes, but it is up to the customer to “set up their permissions within their own account.”
Yes, PlanPlus Online can be made HIPAA compliant with a signed BAA. However, it is the covered entity’s responsibility to ensure that all additional configurations are made to minimize risks and maintain security standards.
Although PlanPlus Online may be built to meet HIPAA requirements, healthcare providers should be taking extra steps to proactively safeguard PHI with better email security. Designed to seamlessly integrate with your existing email platform such as Google Workspace or Microsoft 365, Paubox Email Suite enables HIPAA compliant email by default and automatically encrypts every outbound message.
This means you don’t have to spend time deciding which emails to encrypt and your patients can receive your messages right in their inbox without having to navigate any additional passwords or portals. Paubox Email Suite’s Plus and Premium plan levels also come with innovative inbound email security tools that provide an additional layer of protection from potential threats.
Our patent-pending Zero Trust Email feature uses email AI to confirm an email’s legitimacy, while ExecProtect works quickly to intercept display name spoofing attempts.