Paubox blog: HIPAA compliant email made easy

Is Spruce Health Care Messenger HIPAA compliant?

Written by Caitlin Anthoney | June 21, 2024

Spruce Health Care Messenger is a messaging and collaboration platform tailored for the healthcare industry, allowing communication and document exchange among healthcare professionals.

Is Spruce Health Care Messenger HIPAA compliant? 

Yes, based on our research, Spruce Health Care Messenger can be HIPAA compliant.

 

Will Spruce Health Care Messenger sign a business associate agreement (BAA)? 

Yes, Spruce Health will sign a business associate agreement, which can be reviewed under their terms of service for organizations.

 

What does the Spruce Health Care Messenger BAA cover?

The Spruce Health BAA covers the use and disclosure of protected health information (PHI) as stated in their terms of service for organizations,in conformity with the HIPAA Standards, Business Associate has, and/or will create, receive, maintain, or transmit certain Protected Health Information ("PHI") of Covered Entity pursuant to the services provided under the Terms of Service.”

Their BAA covers:

  • Permitted uses and disclosures of PHI
  • Limitations on uses and disclosures of PHI
  • Safeguards against misuse of information
  • Reporting of disclosures of PHI
  • Notification of breach
  • Agreement with third parties
  • Mitigation of harm
  • Access to information
  • Availability of protected health information for amendment
  • Availability of books and records
  • Accounting of disclosures
  • Minimum necessary standard
  • Remuneration in exchange for PHI
  • Performance of covered entity's obligations
  • Standard transactions
  • Unsecure communications

 

Conclusion

Spruce Health Care Messenger signs a BAA and is, therefore, HIPAA compliant.

See also: HIPAA privacy and security guidelines as they relate to telehealth

 

FAQs

What is a business associate agreement?

A business associate agreement (BAA) is a legally binding contract establishing a relationship between a covered entity under HIPAA and its business associates. It ensures proper protection of personal health information (PHI) as required by HIPAA regulations.

 

What is HIPAA?

HIPAA (Health Insurance Portability and Accountability Act) sets national standards for protecting the privacy and security of certain health information (PHI). It applies to healthcare providers, health plans, and healthcare clearinghouses, as well as their business associates.

 

Who does HIPAA apply to?

HIPAA applies to covered entities (healthcare providers, health plans, and healthcare clearinghouses) and their business associates, which perform functions or activities involving PHI on behalf of covered entities.