Since Paubox is a Business Associate to thousands of customers, we’ve been wondering if they are able to use Basecamp in a HIPAA compliant manner. In fact, we've noticed more vendors, customers, and prospects asking about HIPAA compliant services. This is especially true now as we see an accelerated, long overdue adoption of digital transformation in healthcare.
We know the HIPAA industry is vast, so we can empathize with just how many people need to use cloud services in this sector. Today we will determine if Basecamp offers HIPAA compliant service or not.
Basecamp is an online project management service. Its primary features are to-do lists, milestone management, forum-like messaging, file sharing, and time tracking. Basecamp was launched in 2014 and is in fact the origin of the Ruby on Rails web application framework. The company is a strong proponent of the remote office model.
A Business Associate is a person or company that performs certain functions or activities that involve the use or disclosure of protected health information (PHI) for a Covered Entity. In a nutshell, the role of a Business Associate is to help Covered Entities comply with the HIPAA Privacy Rule
Read full article: What does it mean to be a Business Associate?
If a Business Associate provides services to a Covered Entity, then a Business Associate Agreement (BAA) must be in place. A BAA is a written contract between a Covered Entity and a Business Associate and is required by law for HIPAA compliance. At a minimum, a Business Associate Agreement contains 10 provisions.
Read full article: Business Associate Agreement Provisions
On that page, we clearly see that:
See Also: Is Asana a HIPAA Compliant Cloud Service?
Conclusion: Basecamp is not a HIPAA compliant cloud service.