Is New Relic HIPAA compliant?

Is New Relic HIPAA Compliant? - Paubox

New Relic allows businesses to access, visualize, and troubleshoot their entire software stack. It also helps monitor user behavior in various applications.

But can covered entities use New Relic and still be HIPAA compliant? Let’s review New Relic to see if it qualifies to work with healthcare organizations.

Does New Relic sign a business associate agreement?

When a covered entity wants to work with a third-party vendor, it needs to determine if that vendor is a business associate. One of the key criteria to qualify as a business associate is if the vendor stores, transmits, or has access to protected health information (PHI)

In that case, covered entities need to ensure that the business associate protects PHI as required by HIPAA. Both parties must sign a business associate agreement (BAA) to ensure HIPAA compliance. The BAA will outline the responsibilities of the business associate and confirm that it is implementing the necessary safeguards to protect sensitive information.

According to New Relic’s Terms of Service, the company is not willing to participate in a BAA. “New Relic is not a Business Associate as defined under HIPAA. Therefore, notwithstanding anything else in this Agreement, New Relic has no liability for Prohibited Data processed, or High Risk Activity-related use, in connection with the Service.”

However, a customer service representative seems to suggest that a BAA may be considered, but a covered entity would have to reach out to New Relic to discuss this possibility.

What is New Relic’s data security?

New Relic claims to be compliance-friendly, including with HIPAA regulations. Some of the ways that New Relic protects data includes:

  • Managed access for authorized users
  • Encrypting data at rest
  • Single sign-on (SSO) authentication
  • Audit logs
  • Annual employee training on security and privacy 
  • Data backed up daily
  • Firewalls

Is New Relic HIPAA compliant?

New Relic might be HIPAA compliant. A covered entity will need to discuss getting a BAA signed before working with New Relic. Without the BAA, New Relic can’t be a HIPAA compliant vendor.

Keep sensitive information secure in emails

You need HIPAA compliant vendors for your organization to keep patient data secure. Paubox Email Suite helps you send HIPAA compliant email to your patients. 

With Paubox, encrypted emails are the default. Employees can communicate directly with patients by email. You can say goodbye to patient portals and forgotten passwords. 

It’s also easy to implement since it can integrate into your current email provider, including Google Workspace and Microsoft 365

Our HITRUST CSF certified software provides a BAA for all plans. So you can rest assured that PHI is protected when you send emails with Paubox.

Try Paubox Email Suite Plus for FREE today.

About the author

Sara Nguyen

Read more by Sara Nguyen

Get started with
end-to-end protection

Bolster your organization's security with state-of-the-art email encryption and inbound email security.

Highest rated HIPAA compliant messaging solution on G2

EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader