Paubox blog: HIPAA compliant email made easy

Uber Health: Is it HIPAA compliant? (Update 2024)

Written by Tshedimoso Makhene | March 11, 2018

Uber Health is a platform that makes arranging transport for patients more straightforward and cost-effective. The service benefits patients and providers alike, although questions have been raised about HIPAA and whether Uber Health is HIPAA compliant. 

Uber’s willingness to enter into a business associate agreement with the undersigned company and its data security measures make it HIPAA compliant.

 

What is Uber Health?

Uber Health offers a platform for healthcare organizations to arrange rides for patients who need transportation to and from medical appointments.

Healthcare providers can use Uber Health to schedule and manage patient transportation, particularly for non-emergency medical trips. This service addresses transportation barriers that patients face, ensuring they can access necessary healthcare services conveniently.

Uber Health provides features like centralized billing, allowing healthcare organizations to cover transportation costs for patients. It also offers flexibility in scheduling and monitoring rides, ensuring patients arrive on time for their appointments.

 

Uber Health and business associate agreements (BAAs)

Under HIPAA, business associates must sign a business associate agreement (BAA) with their healthcare clients. A BAA is a legal document that dictates a business associate's security measures to secure protected health information (PHI). It also requires each signing party to be responsible for maintaining their HIPAA compliance.

Uber Health explicitly offers transportation services to healthcare organizations, making it a business associate when it comes into contact with PHI. 

Upon reviewing the Uber Health business associate addendum, Uber Health explicitly states its willingness to enter into a BAA “by and between the company identified within the Uber Health sign-up process (“Company”) and Uber Health, LLC (“Uber Health”).”

 

Uber Health and data security

Uber’s data notice states it is committed to protecting its "users’ personal data regardless of where they are located, where, or by whom their personal data is processed.” The data security measures that Uber has implemented to ensure the security of its uses include:

  • Encryption of data in transit and at rest
  • Privacy and data security training for its employees
  • Implementation of internal policies and procedures to limit access to, and the use of its users’ data
  • The limitation of government and law enforcement access to user data, except where required by law

These measures showcase Uber’s commitment to ensuring user data remains confidential and secure.

See alsoUnderstanding and implementing HIPAA rules

 

Is Uber Health HIPAA compliant?

Uber is committed to signing a BAA to ensure that the PHI it comes into contact with for the users of Uber Health is safeguarded according to HIPAA standards. It also has data security measures in place, such as encryption, limiting access to user data unless required by law, and employee training on privacy and data security standards. These measures are compliant with HIPAA standards for protecting user PHI. 

Based on these factors, Uber Health is HIPAA compliant.

 

Understanding HIPAA Compliance:

HIPAA compliance extends beyond just technical safeguards and software solutions. When evaluating a tool's or service's compliance, consider the following:

  • Technical Safeguards: While tools like Uber Health play an important role, other technical measures, such as HIPAA compliant email, are equally vital.
  • Employee Training: It is important to have all staff members fully knowledgeable in HIPAA regulations and best practices. Organizing regular training sessions can mitigate the risk of inadvertent breaches occurring.
  • Regular Audits: Regular evaluations of all systems and processes guarantee that they adhere to HIPAA standards and adjust to any alterations in the regulation.
  • Data Access Controls: HIPAA compliance is founded on the implementation of rigorous restrictions pertaining to who can acquire access to safeguarded health data, as well as when they may do so.