by Sara Nguyen
Article filed in
Is CentralReach HIPAA Compliant?
by Sara Nguyen
Your practice management software is an important part of running your healthcare organization. CentralReach is one popular option that has features like scheduling appointments and creating a waitlist.
But is it HIPAA compliant? Let’s review CentralReach and if it meets security standards.
CentralReach and the business associate agreement
Covered entities can’t overlook the business associate agreement (BAA) when choosing a scheduling software. Anytime that you use a third-party vendor with access to protected health information (PHI), the vendor is considered a business associate and needs to sign a BAA.
A BAA ensures that the business associate is following HIPAA security rules and protecting data. If you don’t have a BAA signed, your healthcare organization and the business associate are violating HIPAA.
CentralReach includes a BAA as part of its service agreement as described in the Terms of Service.
CentralReach and data security
CentralReach including a BAA is a good sign that data security is in HIPAA compliance. Not all data security is built the same though.
CentralReach advertises that it has HIPAA compliant security features, and it employs the following security measures:
- Data encryption
- SSL protected data transport
- Systematic backups
- Role-based access control (prevents unauthorized employees from obtaining access to data)
- Password-protected access
- Unique user identification
It’s important to note that healthcare organizations are also responsible for ensuring that they configure settings to match their needs while staying in compliance with HIPAA.
Is CentralReach HIPAA compliant?
Yes, CentralReach can be HIPAA compliant.
CentralReach has robust security tools that are in compliance with HIPAA standards. The company is also willing to sign a BAA, which is key to HIPAA compliance.
Don’t forget HIPAA compliant email
Email may be one of the most common forms of online communication with patients. HIPAA compliant email is critical to protecting PHI and preventing unauthorized access to sensitive data.
Paubox Email Suite Plus is the solution for top security and easy email communication. Paubox can integrate with email providers like Google Workspace and Microsoft 365. This allows your employees to send emails directly from their inbox to a patient’s inbox. You don’t need to worry about client portals or passwords ever again.
Paubox also has robust inbound security tools to prevent cyberattacks. It stops threats from even entering a user’s inbox, including spam, viruses, phishing, and malware. You also get access to our patented ExecProtect feature that stops display name spoofing emails.
All Paubox plans come with a BAA included, so you can rest assured that we are proactively working to stay in compliance with HIPAA security standards.