Is Retool HIPAA compliant?

Retool is a tool for creating custom interfaces and applications without extensive coding. Tailored for developers, Retool streamlines the development of internal tools. Retool can be used to build dashboards for managing patient information, appointment scheduling, and communication in healthcare.

Is Retool HIPAA compliant? 

Retool's standard cloud-based platform is not HIPAA compliant. However, it is possible to use their on-site, self-hosted deployment in a HIPAA compliant way. 

A Retool employee stated in their community forum, "When it comes to self-hosting, Retool itself does not access or interact with your data. The execution of all queries happens within your network, in your self-hosted Retool instance. This setup allows you to maintain your existing control over data access and security protocols related to your sensitive information."

Will Retool sign a business associate agreement (BAA)?

No, Retool will not sign a business associate agreement.

In their Customer-Specific Supplement, they state, "Customer acknowledges that Retool is not a Business Associate or subcontractor (as those terms are defined in the Health Insurance Portability and Accountability Act and related amendments and regulations as updated or replaced "HIPAA") and accordingly, Customer is solely responsible for complying with any obligations thereunder."

Conclusion

Retool does not sign a BAA; therefore, their cloud-based platform is not HIPAA compliant. 

Learn more: HIPAA Compliant Email: The Definitive Guide

FAQs

What is a business associate agreement?

A business associate agreement (BAA) is a legally binding contract establishing a relationship between a covered entity under the Health Insurance Portability and Accountability Act (HIPAA) and its business associates. The purpose of this agreement is to ensure the proper protection of personal health information (PHI) as required by HIPAA regulations.

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) sets national standards for protecting the privacy and security of certain health information, known as protected health information (PHI).

Who does HIPAA apply to?

HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.