Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

Is Practice Fusion HIPAA compliant?

Picture of Kirsten Peremore Kirsten Peremore August 31, 2023

HIPAA Compliance
Is Practice Fusion HIPAA compliant?

Practice Fusion is an EHR system used by healthcare providers to ensure that their practice is run efficiently. The service is HIPAA compliant and offers a business associate agreement to users.

 

What is Practice Fusion?

Practice Fusion is a cloud-based Electronic Health Record (EHR) system tailored for healthcare practices aiming to streamline patient care and practice management. It offers a user-friendly interface for independent medical practices seeking to enhance efficiency and focus on patient well-being. Practice Fusion's features include:

  • Customizable chart templates.
  • Seamless prescription management (including controlled substances).
  • Integration with local pharmacies and labs.
  • Support for quality initiatives like MIPS reporting.
  • An expert customer support team.

This HIPAA compliant EHR ensures secure data handling and accessibility through automatic updates, making it a valuable tool for healthcare professionals to manage patient information and streamline their practice operations.

See also: Is Simply.Coach HIPAA compliant?

 

Practice Fusion and Business Associate Agreement (BAA)

Under HIPAA, a BAA is a crucial document that outlines the responsibilities of third-party vendors when handling protected health information (PHI). Any software or service that stores, processes, or transmits PHI on behalf of a healthcare entity is considered a business associate and should, therefore, sign a BAA. Given Practice Fusion's functionalities, such as its electronic health record (EHR) platform tailored for healthcare practices and its handling of patient information, it would be categorized as a business associate.

We reviewed their Healthcare Provider User Agreement and other relevant terms. Practice Fusion states: "We may use Your Information for the proper management and administration of the Services and our business, and to carry out our legal responsibilities, which may include us disclosing such information to one of our business associates that has entered into a business associate agreement…" 

Therefore, Practice Fusion does offer a Business Associate Agreement (BAA) as part of its services to healthcare providers, confirming HIPAA compliance.

 

Practice Fusion and data security

Technical safeguards

  • Implementation of appropriate security measures consistent with the requirements of the HIPAA Security Rule.
  • Automatic updates to ensure the latest features without requiring additional software installations.
  • Secure backup of data in multiple locations daily.
  • Protection against cyberattacks with regular testing by industry experts.

Physical safeguards

  • There is no software to download or hardware to manage, as it is a cloud-based EHR.
  • Data is stored in secure data centers with controlled physical access.

Administrative safeguards

  • Compliance with HIPAA regulations, ensuring the safety of patients' data.
  • Expert support was provided throughout the implementation process and beyond.
  • Guided implementation of cloud-based EHR features.
  • Access to tailored onboarding, person-to-person support, live webinars, and on-demand training.

See also: Is Dropbox Sign HIPAA compliant?

 

Is Practice Fusion HIPAA compliant?

Practice Fusion is HIPAA compliant. It demonstrates a strong commitment to data security through its comprehensive range of technical, physical, and administrative safeguards, as outlined in its provided documentation. Practice Fusion explicitly states its willingness to sign a BAA in accordance with HIPAA standards. 

See also: HIPAA Compliant Email: The Definitive Guide

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.