Today we’ll research whether Halp provides HIPAA compliant service or not.
WHY IT MATTERS
Organizations that fall under HIPAA regulations face hefty fines for using cloud software that isn’t HIPAA compliant.
THE BIG PICTURE
Halp is a ticketing and conversational platform built specifically for teams that use Slack. It allows teams to manage requests, incidents, and tasks from within the Slack workspace, without having to switch to another tool or interface.
Halp enables users to create tickets directly from Slack conversations, which helps to streamline communication and collaboration among team members. It also provides a variety of features such as custom ticket fields, automation rules, and integrations with other tools like Jira, Zendesk, and Microsoft Teams, which help to improve productivity and reduce response times.
Halp is made by Atlassian.
Halp and the business associate agreement
There’s a primary item to consider when it comes to Halp and its ability to provide a HIPAA compliant service.
First, let’s start with a quick recap of terms. The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that protects the privacy of individuals’ personal health information, otherwise known as protected health information (PHI).
As we’ve previously discussed, HIPAA applies to covered entities, which includes healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.
A business associate agreement (BAA) is a written contract between a covered entity and a business associate. It is required by law for HIPAA compliance. In the case of Halp, the service would certainly fall into the category of business associate if it’s servicing customers that would store, process, or transmit PHI on its platform.
We checked the Atlassian site and found:
In a nutshell:
- Atlassian will sign a BAA, but customers must be on an Enterprise plan and the BAA only applies to two of its products: Jira and Confluence.
- “Currently, we’re able to sign BAAs for Jira Software and Confluence for customers with Enterprise plans.”
Are we sure Halp is HIPAA compliant?
The BAA is a key component to HIPAA compliance between a covered entity and a business associate.
While Atlassian, the company that makes Halp, will sign a BAA with customers, there are two important caveats:
- Customers must enter an Enterprise plan
- The BAA only applies to Jira and Confluence
Conclusion: Halp is not covered by the Atlassian BAA and is therefore not HIPAA compliant.