Medical Billing Forum

HIPAA => HIPAA => Topic started by: aknittel914 on October 23, 2014, 12:50:47 PM

Title: BAA - Microsoft and MetroFax
Post by: aknittel914 on October 23, 2014, 12:50:47 PM
Hello Everyone,

I am in negotiations with hopefully my first client and I am trying to make sure all of my HIPAA ducks are in a row.

I no that I need a BAA with my client (who has never heard of it and wants me to draft one, which I am working on).

I no that I need a BAA with my subcontractors, also working on that.

I use Microsoft Office 365 (cloud based email and storage) and MetroFax. Does anyone know if these companies comply and will sign a BAA. Also will they provide one to me? I assume I should disclose my relationship with these companies in my BAA with the client.

Are there any other BAA's that I may need? The software and clearinghouse is all setup through the provider, so I don't believe I need to worry about those.

Thanks in advance!!
Title: Re: BAA - Microsoft and MetroFax
Post by: PMRNC on October 25, 2014, 09:29:04 AM
There are many cloud storage systems out there, some claim to be HIPAA compliant, some will not, some say they will be, you have to do risk assessment of any cloud storage. You definetly want to follow both state and federal privacy policies. Here is a good article from just this past May about some companies that are NOT or are HIPAA compliant.  http://telehealth.org/blog/which-cloud-storage-services-are-hipaa-compliant/  I was surprised to learn there are things that have to be done for Google apps (gmail, calandar, etc) to be HIPAA compliant and Apple Icloud is NOT HIPAA compliant either. Glad I don't do anything business on my phone at all aside from talking. :) Apple refuses to sign a BAA.   Here's another that does mention Office 365 as one who will sign a BAA : http://www.adeliarisk.com/hipaa-compliant-cloud-storage/

If you are not utilizing a PM system with HIPAA compliant cloud system, my best advice is to go with an external hard drive, much more reliable and easier to keep in compliance. I have a very large external drive which actually gets disconnected
 every night and locked in my fireproof safe .. EVERY night.

Title: Re: BAA - Microsoft and MetroFax
Post by: aknittel914 on October 26, 2014, 10:30:50 AM
Thanks Linda!
I did find Office 365's HIPAA info in their trust center. And they have the BAA right there.
Thanks for the articles!
Title: Re: BAA - Microsoft and MetroFax
Post by: Christy on October 27, 2014, 07:44:10 AM
I switched from Metrofax to S- fax. S Fax will gladly sign a BAA . I've been happy with the service as well.

Good luck!