Sectegrity - Allow No Harm




HIPAA Compliant

HIPAA
Compliant No Data Stored on Local Device Business Associate Agreement


HIPAA doesn't just apply to medical professionals. Any professional (Lawyers, Accountants, Educators, etc...) who works with protected health information (PHI) can potentially fall under HIPAA. As an information security consulting company, we are well aware of the complexities of HIPAA. We designed SecurePaging™ to be the very best, HIPAA compliant, urgent messaging solution. We offer a standard "Business Associate Agreement" (BAA) without additional charge.

Other "HIPAA Compliant" products store messages on the local device (smartphone). SecurePaging™ does NOT store messages on local devices. Many vendors will tell you their product is "HIPPA compliant" because the data stored on your telephone is encrypted and technically, they are correct. What they don't tell you is that a lost or stolen device that contains (encrypted) PHI is a reportable event, that is, unless a risk assessment is performed which demonstrates the device was in compliance with both policy and technical controls at the time of loss! Some of these products don't even offer a BAA.

Our BAA allows for the use of the following SecurePaging interfaces for transmitting PHI:
  • API
  • Mobile 1st User Web Interface
  • Voicemail
  • WebForms
We have excluded Email from the BAA covered interfaces due to the nature of Email and the need to service clients' use of the email interface in ways which would not be HIPAA complaint. Of course, those who require HIPAA compliance can still use the e-mail interface, just not for transmitting PHI.