Is Switch HIPAA compliant?

HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards. Covered entities and their business associates must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI). We know the  HIPAA industry is vast and that it is important to easily communicate while remaining HIPAA compliant.

SEE ALSO:  HIPAA compliant email

This is especially true with the recent move toward remote working and the increase in cyberattacks against healthcare.

Today, we will determine if Switch is HIPAA compliant or not.

About Switch

Switch is a direct mailing automation service developed by the Quadient team. Quadient specializes in mailing equipment, business process automation, and customer experience management. The idea is for SMBs (small and midsize businesses) to use Switch to program and control mail just like email.

RELATED: Social media and email marketing for healthcare: a virtuous circle

Mail can be easily and remotely printed, sent, and tracked to any address within the U.S.

Switch and the business associate agreement

A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI. In this instance, Switch is a business associate of a healthcare organization if it accesses any electronic PHI (ePHI), like an address.

RELATED: Is a name PHI?

Generally, the HIPAA Privacy Rule allows healthcare providers to disclose PHI if they receive assurance that the information is protected through a signed BAA. While there is no mention of a BAA on the Switch or Quadient websites, HIPAA is mentioned several times. Moreover, a Quadient blog about HIPAA compliance says that customers should contact a compliance specialist to learn more.

Switch and HIPAA direct mail marketing

The HIPAA Privacy Rule defines marketing as “a communication about a product or service that encourages recipients of the communication to purchase or use the product or service.” HIPAA compliance for marketing concerns both stored and transmitted information.

RELATED:  HIPAA definition of marketing explained Switch emphatically states, “Our mailing process uses secure data encryption technology and is completely automated with no human interaction.” According to its Trust Center, Switch hosts its data in a state-of-the-art high security data center and uses Secure Sockets Layer (SSL) protocol to safeguard data in transit.

RELATED: What is transport layer security (TLS)?

Finally, there are several mentions of Switch documents (whether process, stored, or printed) being compliant with HITRUST, SOC (System and Organization Controls) 2 Type 1, HIPAA, and Cloud Security Alliance, along with others. Unfortunately, there are no specifics of how compliance is achieved.

Is Switch HIPAA compliant?

The BAA is a key component of HIPAA compliance and Switch does not mention a BAA though HIPAA and compliance is mentioned several times.

Conclusion Switch may be HIPAA compliant; organizations should speak to a Quadient specialist to learn more.

HIPAA compliant email marketing

Healthcare providers know that clear and efficient communication with patients is a key component of running their practice. Email marketing can be a compliment or replacement to direct mail marketing to promote your business. Paubox Marketing sends healthcare marketing emails directly to your patients’ inboxes. This increases  patient activation and keeps patients engaged with their healthcare treatment.

Paubox Marketing allows you to securely communicate with patients about:

• Appointment reminders
• Patient feedback
• Treatment information
• And many more uses

SEE ALSO:  Why Paubox Marketing is the best HIPAA email marketing solution available

Paubox is dedicated to providing the highest quality of security to healthcare providers. Our products are  HITRUST CSF certified which means we have met key regulatory requirements and industry-defined requirements and are appropriately managing risk.