During this week's Social Mixer in Nashville, one of our customers suggested we look into Grasshopper and whether it can be used in a HIPAA compliant manner. As an aside, we’ve been seeing more vendors, customers, and prospects asking about HIPAA compliant services.
Here's what we'll be covering in this post:
- Grasshopper
- What is a Business Associate?
- Business Associate Agreement provisions
- Grasshopper and the Business Associate Agreement
- Does Grasshopper offer HIPAA Compliant Service?
We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud services in this sector. Today, we will determine if Grasshopper offers HIPAA compliant service or not.
Grasshopper
Grasshopper is a virtual phone system that allows customers to have a professional phone number that can be used on existing landlines or cell phones. It primarily targets the SMB market (i.e., small business owners).
What is a Business Associate?
A Business Associate is a person or company that performs certain functions or activities that involve the use or disclosure of protected health information for a Covered Entity. In a nutshell, the role of a Business Associate is to help Covered Entities comply with the HIPAA Privacy Rule. Read full article: What does it mean to be a Business Associate?
Business Associate Agreement provisions
If a Business Associate provides services to a Covered Entity, then a Business Associate Agreement must be in place. A Business Associate Agreement is a written contract between a Covered Entity and a Business Associate and is required by law for HIPAA compliance. At a minimum, a Business Associate Agreement contains 10 provisions. Read full article: Business Associate Agreement Provisions
Grasshopper and the Business Associate Agreement
We checked the Grasshopper site for mention of their ability to sign a Business Associate Agreement. We quickly found the information we were looking for in a Help Center page:"At this time, Grasshopper is not HIPAA compliant. In order to assist our customers with any technical issues they are experiencing, our support team must have access to the account settings and information. This includes messages that may pass through the Grasshopper system, like text messages, faxes, and voicemails. By having access to such content, we are able to help when troubleshooting is required. Conclusively, we cannot sign a Business Associate Agreement ( BAA)."
Does Grasshopper offer HIPAA Compliant Service?
The Business Associate Agreement (BAA) is a key component to HIPAA compliance between a Covered Entity and a Business Associate. We were able to learn the following about Grasshopper and their stance on HIPAA compliance:- Grasshopper is not in the business of providing HIPAA compliant phone service
Conclusion: Grasshopper is not a HIPAA compliant phone service.