Healthcare organizations like to use software that makes tasks easier. One of these tasks in an online appointment scheduling system. Just send a link to a patient, and they can pick a time that works for them.
However, this could pose a security risk if you don’t choose the right scheduling software. Read on to learn more about Phreesia and whether or not it is HIPAA compliant.
What is Phreesia?
Phreesia is a software company that specializes in healthcare organizations and assists them in managing patient intake. Some of its features include online appointment scheduling, in-office registration, and patient surveys.
Phreesia and the business associate agreement
Covered entities work with many third-party vendors. Those vendors become business associates if they have access to protected health information (PHI). HIPAA requires safeguards to protect PHI, and covered entities need to ensure that business associates follow security guidelines.
A business associate agreement (BAA) assures covered entities that PHI will be protected in the hands of the business associate.
Phreesia doesn’t directly state if it is willing to sign a BAA. But it does imply it on its website: “As a business associate, Phreesia is subject to, and committed to, all applicable HIPAA privacy and security requirements.” One of those requirements is a BAA, so this statement implies that Phreesia may sign one.
Phreesia and data security
Phreesia has taken many measures to protect patient data that it receives from healthcare organizations. Some of these security features include:
- HITRUST CSF certification
- Point-to-point encryption
- Firewall protection
- 24/7 electronic surveillance
- PHI is only accessible by authorized users
- Encrypted data storage
Healthcare organizations should review and configure Phreesia’s security settings to make sure that it matches their unique needs for HIPAA compliance.
Is Phreesia HIPAA compliant?
Phreesia can probably be HIPAA compliant. The company implies it will participate in a BAA, and it has a robust security system to keep patient data safe.
Use Paubox for email security
Keeping your email communication secure is critical to staying in compliance with HIPAA. Whether it’s communicating with your patients or your employees, it’s critical to send HIPAA compliant email.
Paubox Email Suite Plus is the solution for your email security needs. It keeps sensitive data safe from unauthorized users while ensuring that you can communicate easily. Paubox seamlessly integrates with email providers like Google Workspace and Microsoft 365. Your employees can send emails directly to a patient’s inbox without having to deal with the hassle of client portals and login credentials.
All of our plans come with a BAA at no additional cost, and we’re dedicated to providing top-notch security. Our robust inbound security tools stop threats from entering a user’s inbox, including phishing emails, spam, viruses, and malware from reaching a user’s inbox. We can even stop display name spoofing emails from wreaking havoc on your organization with our patented ExecProtect feature.