Healthcare IT professionals must employ effective monitoring and security of a company’s network. Datadog could be a tool to help with that goal. But is it compliant with HIPAA security standards?
What is Datadog?
Datadog is a monitoring and analytics tool for cloud-scale applications. It helps organizations monitor servers, databases, and manage log data.
Does Datadog have a business associate agreement?
The first hurdle a covered entity needs to pass is ensuring that a business associate is protecting electronic protected health information (ePHI). To receive this confirmation, both parties must sign a business associate agreement (BAA).
A BAA will outline the responsibilities of both parties in securing ePHI and keeping it safe from unauthorized users. The BAA will make sure that a business associate is implementing the necessary safeguards required by the HIPAA Security Rule.
If you are an organization that transmits ePHI, Datadog will sign a BAA. There is one catch. Datadog’s BAA is only applicable to its log management and security monitoring products. All of the other products are not eligible for a BAA, and therefore, not HIPAA compliant.
What is Datadog’s data security?
Data security features can range from the necessities to all of the bells and whistles. Datadog implements a few different tactics to ensure HIPAA compliance, including:
- Maintaining SOC 2 Type II compliance
- Encrypting data in transit with Transport Layer Security (TLS)
- Rendering data inaccessible if encryption is interrupted
- Supporting two-factor authentication
- Monitoring and logging data access
- Supporting customizable threat detection rules
- Not allowing HIPAA compliant users to request support via chat
You can read a full list of security features by clicking here. Covered entities need to configure settings to ensure HIPAA compliant when working with Datadog.
Is Datadog HIPAA compliant?
Yes, some Datadog products can be HIPAA compliant.
A covered entity can only use Datadog’s log management and security monitoring software since those are the only products covered under a BAA.
Don’t forget to protect your email
Paubox is easy for your employees to use since it easily integrates with platforms like Google Workspace and Microsoft 365. It automatically encrypts all emails the user sends, and it arrives directly in a patient’s inbox. No need to use patient portals or third-party apps to safely communicate with your patients.
Paubox is dedicated to providing the latest email security technology. Not only can Paubox stop email threats like spam and malware from entering your inbox, but we’ve also recently added a zero trust feature for our Plus and Premium customers. Zero Trust Email is an extra layer of protection to ensure that emails are genuine and not phishing emails.
A BAA is included in all plans, so you can rest assured that Paubox will continue to protect ePHI that your company sends in emails.