by Hoala Greevy Founder CEO of Paubox
Article filed in
Is BlueJeans by Verizon HIPAA Compliant?
by Hoala Greevy Founder CEO of Paubox
Since Paubox is a Business Associate to thousands of customers, we’ve been wondering if they are able to use BlueJeans by Verizon in a HIPAA compliant manner.
In fact, we’ve noticed more vendors, customers, and prospects asking about HIPAA compliant services.
This is especially true now as we see an accelerated, long overdue adoption of digital transformation in healthcare.
We know the HIPAA industry is vast, so we can empathize with just how many people need to use cloud services in this sector.
Today we will determine if BlueJeans by Verizon offers HIPAA compliant phone service or not.
BlueJeans by Verizon
BlueJeans by Verizon is a cloud-based video conferencing service. Originally named Bluejeans Network, it was acquired by Verizon in May 2020 and subsequently renamed to Bluejeans by Verizon.
BlueJeans was founded in 2009 by Krish Ramakrishnan and Alagu Periyannan.
What is a Business Associate?
A Business Associate is a person or company that performs certain functions or activities that involve the use or disclosure of protected health information (PHI) for a Covered Entity.
Read full article: What does it mean to be a Business Associate?
Business Associate Agreement provisions
If a Business Associate provides services to a Covered Entity, then a Business Associate Agreement (BAA) must be in place.
A BAA is a written contract between a Covered Entity and a Business Associate and is required by law for HIPAA compliance.
At a minimum, a Business Associate Agreement contains 10 provisions.
Read full article: Business Associate Agreement Provisions
BlueJeans by Verizon and the Business Associate Agreement
We checked the BlueJeans site for mention of their ability to sign a Business Associate Agreement (BAA).
We found the following pages:
On those pages, we can see that:
- On one hand, the Bluejeans Anywhere Telehealth Care in the Cloud PDF document claims: “Blue Jeans Network does not store any video conference content, in any format. This security
infrastructure means Blue Jeans has no control over the content you share via video conference. It is the
responsibility of HIPAA covered entity to comply with HIPAA regulations, and our secure infrastructure can be
part of your compliance solution.”
- In their Terms and Conditions however, Bluejeans by Verizon states: “Customer agrees not to cause, or otherwise request that BlueJeans create, receive, maintain or transmit protected health information (as defined at 45 C.F.R. § 160.103) for or on behalf of Customer in connection with the Service or in any manner that would make BlueJeans a business associate (as defined at 45 C.F.R. § 160.103) to Customer.”
In a nutshell, Bluejeans is trying to eat its cake and have it too.
Bluejeans by Verizon claims you can use their product as part of a HIPAA compliance regime. This claim is likely led by their Sales and Marketing departments.
When you actually read their Terms and Conditions however, Bluejeans states customers cannot use their platform to store or transmit protected health information. This was likely written by Legal department and leads us to conclude that Bluejeans will not sign a BAA.
Does BlueJeans by Verizon offer HIPAA Compliant Service?
The Business Associate Agreement (BAA) is a key component to HIPAA compliance between a Covered Entity and a Business Associate.
We were able to learn the following about BlueJeans by Verizon about their ability to be considered a HIPAA compliant solution:
- BlueJeans by Verizon explicitly states their customers are not allowed to store or transmit PHI on their platform.
- While we found a PDF that leads the reader to believe Bluejeans by Verizon is part of a HIPAA compliance regime, this is in fact not the case.
Plain and simple: If a cloud vendor will not sign a BAA with its customers, they are not a HIPAA compliant vendor.
Conclusion: BlueJeans by Verizon is not a HIPAA compliant cloud service.