BambooHR is an HR platform that helps companies manage employee records, payroll add-ons, benefits administration, and applicant tracking. With BambooHR, employers can centralize HR data, run payroll modules, and automate HR workflows.
Is BambooHR HIPAA compliant? No, based on our review, BambooHR is not HIPAA compliant.
No, BambooHR does not act as a HIPAA Business Associate and will not sign a BAA. The company explicitly states that it is not a Business Associate as defined under HIPAA and requires customers not to upload or store PHI in the service.
BambooHR does not sign a BAA and is therefore not HIPAA compliant for handling PHI.
Learn more: HIPAA Compliant Email: The Definitive Guide
A BAA is a legally binding contract between a HIPAA-covered entity and a vendor that handles PHI. It requires the vendor to protect PHI and follow HIPAA security and privacy rules.
HIPAA sets national standards for protecting the privacy and security of certain health information. HIPAA requires covered entities and their business associates to safeguard PHI and limits how it can be used or disclosed.
HIPAA applies to covered entities (healthcare providers, health plans, and healthcare clearinghouses) and their business associates, vendors that create, receive, maintain, or transmit PHI on behalf of those covered entities.