Today we'll research whether Beacons provides HIPAA compliant service or not.
WHY IT MATTERS
Organizations that fall under HIPAA regulations face hefty fines for using cloud software that isn't HIPAA compliant.
THE BIG PICTURE
Beacons is an all-in-one link-in-bio platform with a broad range of tools for creators to build a custom page, grow a fanbase, take payments, schedule appointments, and sell products.
While initially popularized by creators, Beacons is used by therapists, chiropractors, and many other single-person covered entities. Because Beacons provides a convenient link to place in a social media profile's bio, it's occasionally used by larger healthcare organizations on their social media properties.
Beacons offers scheduling, forms, email marketing, and communication tools, so HIPAA compliance is an important consideration.
Beacons and the business associate agreement
There's a primary item to consider when it comes to Beacons and their ability to provide a HIPAA compliant service.
First, let's start with a quick recap of terms. The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that protects the privacy of an individual's personal health information, otherwise known as protected health information (PHI).
As we've previously discussed, HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.
A business associate agreement (BAA) is a written contract between a covered entity and a business associate. It is required by law for HIPAA compliance. In the case of Beacons, the service would certainly fall into the category of business associate if it's servicing customers that would store, process, or transmit PHI on its email platform.
We checked the Beacons.ai site and found no mention of HIPAA compliance or willingness to sign a BAA in their website documentation.
Is Beacons HIPAA compliant?
The BAA is a key component to HIPAA compliance between a covered entity and a business associate. While Beacons won't sign a BAA, it's possible to use Beacons within HIPAA guidelines. For example, you can link to a HIPAA compliant scheduling tool or direct people to a HIPAA compliant form.
Ultimately, Beacons may not be HIPAA compliant, and it's important to be careful about using them if you'll be storing or transmitting PHI.
Conclusion: Beacons may not be HIPAA compliant, but we recommend you contact them directly.