Is Bear HIPAA compliant?

Featured image

Share this article

Bear Logo

HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.

Covered entities and their business associates must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI).

We know the HIPAA industry is vast and that it is important to correctly create notations for proper patient care while remaining HIPAA compliant.

SEE ALSO: HIPAA compliant email

This is especially true with the recent move toward remote working and the increase in cyberattacks against healthcare.

Today, we will determine if Bear is HIPAA compliant or not.

About Bear

Bear is a flexible writing app for Apple products (iPhone, iPad, Mac, and Apple Watch) used to craft notes and prose.

The app was created by Shiny Frog, an “artisanal app crafting team” from Italy, Ireland, and the U.S. Bear is their latest project and is currently only available for Apple. However, the app can export and import several file types.

It utilizes markdown language for text formatting and can include images and other file types. Users create and store notes on a simple interface rather than in a folder system using tags to keep the notes organized.

The majority of Bear’s features are free. Bear Pro, available for a monthly or yearly subscription, includes:

  • Syncing between all devices via iCloud
  • Advanced exports to PDF, HTML, DOCX, JPG, EPUB
  • A dozen new writing themes

Bear includes an edit mode to allow for easy, simple editing.

Bear and the business associate agreement

A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI.

In this instance, Bear is a business associate of a healthcare organization if a note includes any electronic PHI (ePHI), like a name or an email address.

Generally, the HIPAA Privacy Rule allows healthcare providers to disclose PHI if they receive assurance that the information is protected through a signed BAA.

There is no mention of HIPAA or a BAA on the Bear or Shiny Frog website.

Bear and cybersecurity

Bear’s privacy policy states that the app uses Apple’s CloudKit technology to sync notes. The CloudKit framework provides an interface for moving data between an app and iCloud.

According to Shiny Frog on the privacy policy:

We chose CloudKit instead of a file based solution like iCloud, DropBox, or Google Drive because it performs much faster. Plus, CloudKit doesn’t require any registration or login to work; it relies on your iCloud credentials already stored in your devices.

Apple’s private keys encrypt information that passes through CloudKit. Moreover, all data transmits over Secure Sockets Layer (SSL).

RELATED: What is transport layer security (TLS)?

Shiny Frog states several times within its privacy policy that it doesn’t want to access customers’ sensitive data or and it doesn’t sell personal information. Therefore, no one on the team views user credentials or passwords. The only information collected is anonymous, in-app usage statistics.

Finally, with Bear Pro, users can encrypt individual notes and keep them locked using a unique password or Face/Touch ID.

Is Bear HIPAA compliant?

The BAA is a key component of HIPAA compliance and Bear does not appear to sign a BAA. And while Bear is not an official Apple product, we would also like to note that Apple will also not sign a BAA with healthcare organizations.

If a breach or HIPAA violation occurs and any PHI is breached, the covered entity is liable.

Conclusion

Bear is not HIPAA compliant.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022