1 min read

Is Spok Mobile HIPAA compliant? (2025 update)

Picture of Kirsten Peremore Kirsten Peremore April 19, 2024

HIPAA compliant software
Is Spok Mobile HIPAA compliant? (2025 update)

Spok Mobile is a clinical communications platform designed to enhance workflow and collaboration among healthcare teams through secure messaging, critical alerting, and mobile communications.

With Spok Mobile, healthcare organizations can improve clinician communication while leveraging the platform for paging, messaging, and alerting services.

Is Spok Mobile HIPAA compliant? Yes, Spok Mobile can be HIPAA compliant when used in accordance with applicable privacy and security obligations. 

 

Will Spok Mobile sign a business associate agreement (BAA)?

Yes, Spok will sign a business associate agreement when necessary for HIPAA compliance. 

 

What does the Spok Mobile BAA cover?

Spok’s BAA governs the handling of protected health information (PHI) in line with HIPAA regulations. Their Acceptable Use Policy states, "For certain health care industry customers of Spok, Spok may access, use or disclose protected health information subject to the Health Insurance Portability and Accountability Act ('HIPAA'). In such instances, Spok complies with applicable privacy and security obligations as a 'business associate' under HIPAA."

Their BAA typically covers:

  • Protection of PHI during transmission and storage
  • Compliance with privacy and security requirements under HIPAA
  • Permitted uses and disclosures of PHI on behalf of covered entities
  • Access to transactional information and content in accordance with HIPAA obligations

What does the Spok Mobile BAA exclude?

Spok also clarifies the "conduit exception," stating: "An entity that merely acts as a conduit for PHI…does not access it other than on a 'random or infrequent basis as necessary to perform the transportation service or as required by law.'"

This means that for wireless services, Spok may function as a conduit for PHI without being a business associate, and the BAA does not cover PHI that is simply transported or transmitted without being created, maintained, or accessed for service purposes.

 

Conclusion

Spok Mobile signs a BAA for applicable healthcare customers and is therefore HIPAA compliant when used according to its Acceptable Use Policy and HIPAA obligations. Users should ensure proper configuration and adherence to HIPAA requirements for handling PHI.

Learn more: HIPAA Compliant Email: The Definitive Guide

 

FAQs

What is a business associate agreement?

A BAA is a legally binding contract establishing a relationship between a covered entity under HIPAA and its business associates. 

 

What is HIPAA?

HIPAA sets national standards for protecting the privacy and security of certain health information. 

 

Who does HIPAA apply to?

HIPAA applies to covered entities, including healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates.
Send PHI securely—No portals required. The all-in-one email security suite for healthcare. HIPAA compliant email with Google and Microsoft.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.