HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.
We know the HIPAA industry is vast and that it is important to correctly create notations for proper patient care while remaining HIPAA compliant.
SEE ALSO: HIPAA compliant email
Today, we will determine if Notion is HIPAA compliant or not.
Notion is note-taking and project-management software for personal and/or collaborative work. It is an all-in-one workspace for notes, docs, wikis, and projects.
Users can create their dashboards for optimal use. Created by Notion Labs, Inc. in 2016, the app is available for Mac, iOS, Windows, Android, and the Internet.
Notion utilizes markdown language for text formatting and includes typical editing features. It is possible to embed various file types into a Notion document.
There are several plans available for Notion. For no charge, personal users have access to unlimited pages and can sync across all devices. For a monthly fee, teams can use Notion in a collaborative environment.
Notion and the business associate agreement
A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI.
There is no mention of HIPAA or a BAA on the Notion website. Rather, customers sign a Master Subscription Agreement, which is similar in content but not a BAA.
Notion and cybersecurity
Notion utilizes the cloud for storage within a virtual private network (VPN) inaccessible through the Internet.
This means that employees could see and access PHI. However, Notion’s Twitter maintains:
Notion employees are only able to access your data with your explicit consent via an inbound inquiry, and are legally bound to keeping your data entirely private.
The Security & privacy web page further declares, “No user content is exposed to any third-party service.”
Is Notion HIPAA compliant?
The BAA is a key component of HIPAA compliance and Notion does not appear to sign a BAA. Moreover, Notion lacks end-to-end encryption and while the company is emphatic about not accessing customer data, it is a possibility.
Notion is not HIPAA compliant.