PatientPop calls itself a “practice growth platform” that can help healthcare providers establish a web presence, automate front office operations, and modernize the patient experience.
While there are many platforms that claim to be HIPAA compliant, some of them don’t actually meet HIPAA security standards. So where does PatientPop stand in complying with HIPAA?
PatientPop and the business associate agreement
The business associate agreement (BAA) is a critical component of HIPAA compliance. A third-party vendor that has access, stores, or transmits protected health information (PHI) is considered a business associate and needs to meet HIPAA security rules with safeguarding PHI.
A covered entity needs assurance that a business associate is protecting PHI, and that’s when the BAA comes into play. It outlines the duties and responsibilities of a business associate in safeguarding the PHI that it receives from a covered entity.
If there’s no BAA in place, then the business associate is not in compliance with HIPAA.
PatientPop and data security
Another factor that covered entities need to consider is what security safeguards are in place to protect PHI. Not all security systems are equally protected. You may find that a different company has implemented more safeguards than another company.
So what does PatientPop do to protect its network? It’s hard to say because the PatientPop website doesn’t explain any details about the safeguards for data it collects.
The only mention of safeguards are in its BAA, which states, “Business Associate agrees that it will (a) protect and safeguard from any disclosure (whether oral, written or otherwise) all PHI with which it may come into contact with in accordance with the HIPAA Rules and more stringent state laws and regulations governing the handling of such information; and (b) use appropriate safeguards to prevent use or disclosure of PHI other than as permitted by the Terms of Service Agreement or this Agreement or as Required by Law.”
Is PatientPop HIPAA compliant?
With a signed BAA in place, PatientPop can be HIPAA compliant.
The company is willing to participate in a BAA, but it doesn’t elaborate what safeguards are used to protect PHI. You may find other companies are more transparent about their network security protocols.
How can you provide better care for your patients?
Healthcare providers know that clear and efficient communication with patients is a key component of running their practice. But you don’t need to rely on patient portals to communicate safely.
HIPAA compliant email is more necessary than ever, and Paubox Marketing sends healthcare marketing emails directly to your patients’ inboxes. This increases patient activation and keeps patients engaged with their healthcare treatment.
Paubox Marketing allows you to securely communicate with patients about:
- Appointment reminders
- Patient feedback
- Treatment information
- And many more uses
Paubox is dedicated to providing the highest quality of security to healthcare providers. Our products are HITRUST CSF certified which means we have met key regulatory requirements and industry-defined requirements and are appropriately managing risk.