Paubox blog: HIPAA compliant email made easy

Is Trillian HIPAA compliant?

Written by Caitlin Anthoney | April 10, 2024

Trillian is a multi-platform instant messaging application designed to consolidate multiple messaging services, like AIM, ICQ, Windows Live Messenger and Yahoo Messenger, into one interface. 

It’s HIPAA compliant messaging for clinical environments, allows secure communication among doctors, nurses, receptionists and medical billing teams.

Is Trillian HIPAA compliant? Yes, based on our research, Trillian can be HIPAA compliant.

 

Will Trillian sign a business associate agreement (BAA)?

Yes, Trillian will sign a business associate agreement, which can be reviewed here.

 

What does the Trillian BAA cover?

The Trillian BAA covers the use and disclosure of protected health information (PHI), stating that it "acknowledges and agrees that to the extent that it receives and maintains PHI, it is a Business Associate of Customer for purposes of HIPAA and this BAA."

  • Permitted Uses of PHI
  • Permitted Disclosures of PHI
  • Minimum Necessary PHI Usage
  • Appropriate Safeguards for PHI Protection
  • Measures for Subcontractors' Compliance
  • Compliance with HITECH Omnibus Rules
  • Access and Amendment Rights for Customer
  • Accounting of Disclosures
  • Access by Secretary
  • Reporting, including:
  • Notice of Security Breach
  • Mitigation of Security Breaches
  • Handling of Unsuccessful Security Breaches

 

What does the Trillian BAA exclude?

The BAA excludes Cerulean, the company behind Trillian, from assuming the role or responsibilities of a Business Associate under HIPAA for Customer Data once it leaves the Trillian Services environment.

More specifically, the BAA states "Cerulean does not act as, or have the obligations of, a Business Associate under HIPAA with respect to Customer Data once it is sent to or from Customer outside the Trillian Services over the public Internet, or if Customer fails to follow applicable instructions regarding physical media transported by a common carrier."

 

Conclusion

Trillian signs a BAA and is therefore HIPAA compliant. However, Trillian only offers HIPAA compliant messaging within healthcare organizations; it is not intended for direct use by patients.

Learn more: HIPAA Compliant Email: The Definitive Guide

 

FAQs

What is a business associate agreement?

A business associate agreement (BAA) is a legally binding contract establishing a relationship between a covered entity under the Health Insurance Portability and Accountability Act (HIPAA) and its business associates. The purpose of this agreement is to ensure the proper protection of personal health information (PHI) as required by HIPAA regulations.

 

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) sets national standards for protecting the privacy and security of certain health information, known as protected health information (PHI).

 

HIPAA is designed to protect the privacy and security of individuals’ health information and to ensure that healthcare providers and insurers can securely exchange electronic health information. Violations of HIPAA can result in significant fines and penalties for covered entities.

 

Who does HIPAA apply to?

HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.