Today we received an inbound inquiry from an owner of a small medical office in Northern California. She asked whether it’s possible to use our HIPAA compliant email solution with her email provider, Sonic.
We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.
In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:
- Amazon CloudFront
- Apple iCloud
- Citrix ShareFile
- Google Calendar
- Google Docs
- Google Drive
- Google Forms
- Google Hangouts
- Google Slides
- Google Voice
- Office 365
The purpose of this post is to determine if Sonic offers HIPAA compliance or not.
SEE ALSO: HIPAA Breaches and Cloud Providers
Sonic is a telecom and ISP based in Santa Rosa, California. It also acts as a competitive local exchange carrier in the San Francisco Bay Area and Sacramento.
Sonic and the Business Associate Agreement
We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.
We checked Sonic’s site and found no reference of them offering to sign a BAA or their aptitude for providing HIPAA compliant email services.
We did however, find an interesting forum post entitled, HIPAA compliance, dated 27 March 2014.
In it, a user asks:
“Is the fax line service HIPAA compliant?”
Less than an hour later, Sonic CEO Dane Jasper replies:
“No, we do not certify HIPAA compliance for our FaxLine service. Please do not use the service where HIPAA is required.”
Does Sonic Offer HIPAA Compliant Service?
The Business Associate Agreement is a key component to HIPAA compliance between a Covered Entity and a Business Associate.
Sonic makes no official reference to signing a BAA or offering HIPAA compliant services on their corporate site.
In addition, their CEO specifically stated in their user forum not to use their infrastructure for HIPAA compliant faxing.
Conclusion: Sonic does not appear to offer HIPAA Compliant Email.
We therefore cannot recommend using their email service for HIPAA compliant email.