We’ve been seeing more vendors, customers, and prospects asking about HIPAA compliant services.
Since Paubox is a Business Associate to thousands of customers, we’ve been wondering if they are able to use Outreach in a HIPAA compliant manner.
We know the HIPAA industry is vast, so we can empathize with just how many people need to use cloud services in this sector.
Today we will determine if Outreach offers HIPAA compliant service or not.
Outreach is a sales engagement platform. The company aims to accelerate revenue growth by optimizing every interaction throughout a customer lifecycle.
The company was founded in 2014 and is headquartered in Seattle.
What is a Business Associate?
A Business Associate is a person or company that performs certain functions or activities that involve the use or disclosure of protected health information (PHI) for a Covered Entity.
Read full article: What does it mean to be a Business Associate?
Business Associate Agreement provisions
If a Business Associate provides services to a Covered Entity, then a Business Associate Agreement (BAA) must be in place.
A BAA is a written contract between a Covered Entity and a Business Associate and is required by law for HIPAA compliance.
At a minimum, a Business Associate Agreement contains 10 provisions.
Read full article: Business Associate Agreement Provisions
Outreach and the Business Associate Agreement
We checked the Outreach site for mention of their ability to sign a Business Associate Agreement (BAA).
We were not able to find any relevant information on their site regarding their ability to sign a BAA or their stance on HIPAA compliance.
For example, while the Outreach Trust page mentioned SOC 2 Type 2 and ISO 27001 compliance, there was no mention of their stance on HIPAA.
Does Outreach offer HIPAA Compliant Service?
The Business Associate Agreement (BAA) is a key component to HIPAA compliance between a Covered Entity and a Business Associate.
We were able to learn the following about Outreach and its stance on HIPAA compliance:
- We could not find any mention of HIPAA or a BAA on the Outreach Trust page.
Conclusion: Outreach makes no mention of their ability to sign a BAA. We therefore conclude they should not be used as a HIPAA compliant cloud service.