Paubox blog: HIPAA compliant email made easy

Is QliqChat HIPAA compliant?

Written by Caitlin Anthoney | August 22, 2024

QliqChat is a mobile app operated by QliqSOFT, Inc. marketed towards healthcare organizations for provider communications, patient engagement, and virtual visits.

 

Is QliqChat HIPAA compliant? 

No, based on our research, QliqChat is not HIPAA compliant.

 

Will QliqChat sign a business associate agreement (BAA)?

No, QliqChat does not sign a BAA and therefore is not HIPAA compliant. 

According to QliqSOFT’s HIPAA statement, “QliqSOFT does not fit the definition of a covered entity or a business associate.” Instead, QliqSOFT states it is a “conduit for the information” and claims it does not access the information in a manner that would require HIPAA compliance, referencing the Federal Register (Vol. 75, No. 134, p. 40873) to support this stance.

However, the QliqChat privacy policy states that it collects personally identifiable information (PII), which “may include but is not limited to [the user’s] email address, first name and last name, phone number, address, state, province, ZIP/postal code, city, cookies, and usage data.”

Furthermore, their privacy policy states, “While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.”

Since QliqChat collects and handles PII that can be linked to protected health information (PHI), they must sign a BAA to be HIPAA compliant. 

For example, if a healthcare provider uses QliqChat to communicate with patients and shares PII, like the patient’s name, email address, and appointment details, it can be connected to their PHI. In this case, QliqChat would be responsible for securing this information and maintaining HIPAA compliance.

More specifically, a BAA would outline QliqChat’s responsibilities in handling PHI creation, receipt, maintenance, or transmission on behalf of a covered entity. The agreement would detail the security measures, breach notification protocols, and requirements for managing PHI.

Ultimately, without signing a BAA, QliqChat cannot safeguard PHI and meet HIPAA requirements, making it unsuitable for healthcare providers.

Go deeper: 

 

Conclusion

QliqChat does not sign a BAA and is, therefore, not HIPAA compliant.

 

FAQs

What is a business associate agreement?

A business associate agreement (BAA) is a legally binding contract establishing a relationship between a covered entity under the Health Insurance Portability and Accountability Act (HIPAA) and its business associates. The purpose of this agreement is to ensure the proper protection of personal health information (PHI) as required by HIPAA regulations.

 

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) sets national standards for protecting the privacy and security of certain health information, known as protected health information (PHI). 

HIPAA is designed to protect the privacy and security of individuals’ health information and to ensure that healthcare providers and insurers can securely exchange electronic health information. Violations of HIPAA can result in significant fines and penalties for covered entities.

 

Who does HIPAA apply to?

HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.