Healthcare professionals use work management software for a variety of reasons like operations or strategic planning. But HIPAA compliant entities need to use software that can meet HIPAA security guidelines. Otherwise, they risk losing their sensitive data to cybercriminals.
Read on to learn more about Smartsheet and if covered entities can use it under the HIPAA Security Rule.
Smartsheet and the business associate agreement
If any protected health information (PHI) is stored, accessed, or transmitted through work management software, then the company is considered a business associate. Covered entities need to ensure that any work management software allows them to meet their HIPAA compliance requirements.
Which means that both parties need to sign a business associate agreement (BAA). A BAA will outline the legal responsibilities and duties of a business associate to protect PHI. If there is no BAA in place, then it's not a HIPAA compliant vendor.
Smartsheet does offer a BAA to select customers. You can view the full BAA here.
Smartsheet and data security
While Smartsheet is willing to sign a BAA, it's important for covered entities to do further research to ensure there are appropriate safeguards to protect sensitive data. Some healthcare organizations may want features that may or may not be offered by the business associate. Smartsheet has several data security features, including:
- Regular security testing
- Firewalls
- Anti-malware software
- Access controls
- TLS encryption
To review a full list of security features, you can view it here .
Is Smartsheet HIPAA compliant?
Yes, Smartsheet can be HIPAA compliant. Healthcare providers are eligible to sign a BAA only if they sign up for the Enterprise (excluding Legacy Enterprise) plan.
The Enterprise plan has the features needed to maintain HIPAA compliance. Covered entities may be responsible for configuring security settings to meet HIPAA standards.
Don't forget to keep your email communication HIPAA compliant
Covered entities are obligated to keep PHI secure and that includes keeping employee inboxes safe from cybercriminals.
Paubox Email Suite Plus is the solution you need to send HIPAA compliant email and stop malicious emails from infiltrating your network. Our robust inbound security tools monitor for threats like phishing, spam, viruses, and malware and quarantines suspicious emails.
Our technology is powerful but easy to use. Your employees won't struggle with using Paubox because it seamlessly integrates with popular email providers such as Google Workspace orMicrosoft 365.
They will never forget to encrypt emails containing PHI, which makes it easier to directly communicate with patients.
Since Paubox is designed exclusively for healthcare organizations, our email security software has a BAA included in all plans. We're committed to ensuring your emails are kept protected and away from cybercriminals.
Subscribe to Paubox Weekly
Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.