CentralReach and the business associate agreement
Covered entities can't overlook the business associate agreement ( BAA ) when choosing a scheduling software. Anytime that you use a third-party vendor with access to protected health information ( PHI ), the vendor is considered a business associate and needs to sign a BAA. A BAA ensures that the business associate is following HIPAA security rules and protecting data. If you don't have a BAA signed, your healthcare organization and the business associate are violating HIPAA.
CentralReach includes a BAA as part of its service agreement as described in the Terms of Service .
CentralReach and data security
CentralReach including a BAA is a good sign that data security is in HIPAA compliance. Not all data security is built the same though. CentralReach advertises that it has HIPAA compliant security features, and it employs the following security measures:
- Data encryption
- SSL protected data transport
- Systematic backups
- Role-based access control (prevents unauthorized employees from obtaining access to data)
- Password-protected access
- Unique user identification
It's important to note that healthcare organizations are also responsible for ensuring that they configure settings to match their needs while staying in compliance with HIPAA.
Is CentralReach HIPAA compliant?
Yes, CentralReach can be HIPAA compliant. CentralReach has robust security tools that are in compliance with HIPAA standards. The company is also willing to sign a BAA, which is key to HIPAA compliance.