Is Branch HIPAA compliant?

Branch logo

HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards. Covered entities and their business associates must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI).

We know the HIPAA industry is vast and that it is important to work well and communicate with patients while remaining HIPAA compliant.

SEE ALSO: HIPAA compliant email marketing: What you need to know

This is especially true with the recent move toward remote working and the increase in cyberattacks against healthcare. Today, we will determine if Branch is HIPAA compliant or not.

About Branch

Branch is a leading mobile linking and attribution platform with solutions that unify user experience as measured across different devices, platforms, and channels. It gives users a cross-channel, cross-platform view of everything that impacts a company’s marketing activities.

The platform accomplishes this by integrating with email providers, social platforms, data analytics tools, and ad networks.

Branch and the business associate agreement

A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI.

In this instance, Branch is a business associate of a healthcare organization if it works with any data that includes electronic PHI (ePHI), like a name or an email address. Generally, the HIPAA Privacy Rule allows healthcare providers to disclose PHI if they receive assurance that the information is protected through a signed BAA.

According to a Frequently Asked Question, “Branch does not intend uses of the Branch Services to create obligations under [HIPAA] and makes no representations that the Branch Services satisfy HIPAA requirements.” Moreover, it states that “Branch does not enter into Business Associate Addenda because Branch is not subject to HIPAA.”

Data protection and security

While the platform outright states that it is not HIPAA compliant and won’t sign a BAA, it does utilize strong cybersecurity features and is CSA (Cloud Security Alliance) Star certified. Features include:

  • Physical security controls
  • Virus and malware protection
  • Security patch management
  • Encrypt at rest and in transit
  • Security monitoring

Importantly, the company further states that it does not rent or sell personal data. The company notes that it practices data minimization, collecting and storing only information needed to provide a service. Opt-out options on collected information are available though customers would have to know about them. Rather, the company includes a web page on how to avoid sending PII (personally identifiable information).

Is Branch HIPAA compliant?

The BAA is a key component of HIPAA compliance and Branch states that it won’t sign a BAA. If a data breach or HIPAA violation occurs and any PHI is accessed, the covered entity is liable.

Conclusion

Branch is not HIPAA compliant.

Try Paubox Email Suite Plus for FREE today.

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization's security with state-of-the-art email encryption and inbound email security.

Highest rated HIPAA compliant messaging solution on G2

EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport
EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport