Since Paubox is a Business Associate to thousands of customers, we’ve been wondering if they are able to use Airtable in a HIPAA compliant manner.
In fact, we’ve noticed more vendors, customers, and prospects asking about HIPAA compliant services.
This is especially true now as we see an accelerated, long overdue adoption of digital transformation in healthcare.
We know the HIPAA industry is vast, so we can empathize with just how many people need to use cloud services in this sector.
Today we will determine if Airtable offers HIPAA compliant service or not.
Airtable
Airtable is a very popular cloud-based productivity tool that directly competes with Microsoft Excel and Google Sheets.
In a nutshell, Airtable is spreadsheet-database hybrid: It has the features of a database and the look and feel of a traditional spreadsheet.
The fields in an Airtable table are similar to cells in a spreadsheet, but have types such as checkbox, phone number, and drop-down list. It can also reference file attachments like images.
Users can create a database, set up column types, add records, link tables to one another, collaborate, sort records, and publish views to external websites.
What is a Business Associate?
A Business Associate is a person or company that performs certain functions or activities that involve the use or disclosure of protected health information (PHI) for a Covered Entity.
In a nutshell, the role of a Business Associate is to help Covered Entities comply with the HIPAA Privacy Rule
Read full article: What does it mean to be a Business Associate?
Business Associate Agreement provisions
If a Business Associate provides services to a Covered Entity, then a Business Associate Agreement (BAA) must be in place.
A BAA is a written contract between a Covered Entity and a Business Associate and is required by law for HIPAA compliance.
At a minimum, a Business Associate Agreement contains 10 provisions.
Read full article: Business Associate Agreement Provisions
Airtable and the Business Associate Agreement
We’ve previously talked about how a Business Associate Agreement is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.
We checked Airtable’s site and found the answer we were looking for in the Product Suggestions section of Airtable Community.
On a Product Suggestion page called HIPAA Compliance, we found:
Katherine_Duh of Airtable:
HIPAA compliance is certainly something that we’re considering. We’d love to hear the specifics of how you would use Airtable if it were HIPAA-compliant!
We also checked their Privacy Policy and Terms of Service pages and could not find any mention of HIPAA, PHI, Business Associate Agreement, or Covered Entity.
Does Airtable Offer HIPAA Compliant Service?
The Business Associate Agreement is a key component to HIPAA compliance between a covered entity and a business associate.
Within a ten minutes, we concluded that Airtable is not currently in the business of providing HIPAA compliant service.
Conclusion:
Airtable is not currently HIPAA compliant.
