SAP is a cloud and enterprise software provider that enables organizations to manage business operations, data analytics, and enterprise resource planning across industries, including healthcare. With SAP, organizations can leverage “HIPAA Eligible Services” to store or process protected health information (PHI) within the platform.
Is SAP HIPAA compliant? SAP can be HIPAA compliant.
Will SAP sign a business associate agreement (BAA)?
Yes, SAP will sign a business associate agreement with customers that intend to store or process PHI in HIPAA Eligible Services. The BAA can be reviewed by contacting your SAP Sales team.
What does the SAP BAA cover?
The SAP BAA establishes contractual assurances about data safeguarding, reporting, and access in accordance with HIPAA regulations. Their BAA covers:
- Protection of PHI through technical, physical, and administrative safeguards
- Breach notifications and reporting obligations
- Data access requirements in line with HIPAA regulations
- Compliance support for customers in their HIPAA efforts
According to SAP: “SAP helps customers support HIPAA compliance by adhering to the HIPAA Security Rule requirements in its capacity as a business associate, including the implementation of the required technical, physical, and administrative safeguards.”
What does the SAP BAA exclude?
SAP’s BAA does not make the customer HIPAA compliant automatically. SAP notes: “By offering a BAA, SAP helps support your HIPAA compliance, but using SAP services or other cloud services doesn't guarantee compliance of such cloud services. Your organization is responsible for ensuring that you have an adequate compliance program and internal processes in place.”
Conclusion
SAP signs a BAA and therefore can support HIPAA compliance, but ultimate responsibility for HIPAA adherence lies with the customer.
Learn more: HIPAA Compliant Email: The Definitive Guide
FAQs
What is a business associate agreement?
A BAA is a legally binding contract establishing a relationship between a covered entity under HIPAA and its business associates. Its purpose is to ensure the proper protection of PHI as required by HIPAA regulations.
What is HIPAA?
HIPAA sets national standards for protecting the privacy and security of certain health information, known as PHI. HIPAA ensures healthcare providers and insurers can securely exchange electronic health information and establishes penalties for violations.
Who does HIPAA apply to?
HIPAA applies to covered entities, including healthcare providers, health plans, and healthcare clearinghouses, as well as business associates performing certain functions or activities on behalf of these covered entities.
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
Kirsten Peremore
