Since Paubox is a Business Associate to thousands of customers, we’ve been wondering if they are able to use Asana in a HIPAA compliant manner. In fact, we've noticed more vendors, customers, and prospects asking about HIPAA compliant services. This is especially true now as we see an accelerated, long overdue adoption of digital transformation in healthcare.
We know the HIPAA industry is vast, so we can empathize with just how many people need to use cloud services in this sector. Today we will determine if Asana offers HIPAA compliant service or not.
Asana is a cloud service designed to improve team collaboration and work management. Teams can create projects, assign work to teammates, specify deadlines, and communicate about tasks directly in Asana. Asana was founded in 2008 by Justin Rosenstein and Facebook co-founder Dustin Moskovitz. The company is based in San Francisco.
See Related: Is Trello a HIPAA Compliant Cloud Service?
A Business Associate is a person or company that performs certain functions or activities that involve the use or disclosure of protected health information (PHI) for a Covered Entity. In a nutshell, the role of a Business Associate is to help Covered Entities comply with the HIPAA Privacy Rule
Read full article: What does it mean to be a Business Associate?
If a Business Associate provides services to a Covered Entity, then a Business Associate Agreement (BAA) must be in place. A BAA is a written contract between a Covered Entity and a Business Associate and is required by law for HIPAA compliance. At a minimum, a Business Associate Agreement contains 10 provisions.
Read full article: Business Associate Agreement Provisions
From these pages, we can see that:
See Also: HIPAA Breaches and Cloud Providers
Conclusion: Asana is not a HIPAA compliant cloud service.