New Relic allows businesses to access, visualize, and troubleshoot their entire software stack. It also helps monitor user behavior in various applications.
But can covered entities use New Relic and still be HIPAA compliant? Let’s review New Relic to see if it qualifies to work with healthcare organizations.
Does New Relic sign a business associate agreement?
When a covered entity wants to work with a third-party vendor, it needs to determine if that vendor is a business associate. One of the key criteria to qualify as a business associate is if the vendor stores, transmits, or has access to protected health information (PHI).
In that case, covered entities need to ensure that the business associate protects PHI as required by HIPAA. Both parties must sign a business associate agreement (BAA) to ensure HIPAA compliance. The BAA will outline the responsibilities of the business associate and confirm that it is implementing the necessary safeguards to protect sensitive information.
According to New Relic’s Terms of Service, the company is not willing to participate in a BAA. “New Relic is not a Business Associate as defined under HIPAA. Therefore, notwithstanding anything else in this Agreement, New Relic has no liability for Prohibited Data processed, or High Risk Activity-related use, in connection with the Service.”
However, a customer service representative seems to suggest that a BAA may be considered, but a covered entity would have to reach out to New Relic to discuss this possibility.
What is New Relic’s data security?
New Relic claims to be compliance-friendly, including with HIPAA regulations. Some of the ways that New Relic protects data includes:
- Managed access for authorized users
- Encrypting data at rest
- Single sign-on (SSO) authentication
- Audit logs
- Annual employee training on security and privacy
- Data backed up daily
Is New Relic HIPAA compliant?
New Relic might be HIPAA compliant. A covered entity will need to discuss getting a BAA signed before working with New Relic. Without the BAA, New Relic can’t be a HIPAA compliant vendor.
Keep sensitive information secure in emails
Our HITRUST CSF certified software provides a BAA for all plans. So you can rest assured that PHI is protected when you send emails with Paubox.