Is Quip HIPAA compliant?

Featured image

Share this article

Quip logo

HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.

Covered entities and their business associates must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI).

We know the HIPAA industry is vast and that it is important to correctly create notations for proper patient care while remaining HIPAA compliant.

SEE ALSO: HIPAA compliant email

This is especially true with the recent move toward remote working and the increase in cyberattacks against healthcare.

Today, we will determine if Quip is HIPAA compliant or not.

About Quip

Quip launched in 2013 as a mobile-centric tool for creating shared notes, lists, and documents. Salesforce purchased Quip in 2016.

RELATED: How to make Salesforce emails HIPAA compliant

Quip standardizes, automates, and embeds real-time, collaborative documents inside Salesforce records. It has a built-in office suite functionality, including word processing, spreadsheet, and presentation software.

Users can prepare, transcribe, and share notes in a collaborative environment.

Finally, Quip includes a live updating history of edits as well as access to real-time CRM data.

Quip and the business associate agreement

A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI.

In this instance, Quip is a business associate of a healthcare organization if a note includes any electronic PHI (ePHI), like a name or an email address.

Generally, the HIPAA Privacy Rule allows healthcare providers to disclose PHI if they receive assurance that the information is protected through a signed BAA.

According to Salesforce, several Quip solutions are covered by a BAA including Quip for Salesforce. Salesforce stresses that its BAA does not cover any product not listed. Customers must not use those unlisted to transmit, store, or process PHI.

Quip, cybersecurity, and HIPAA

According to Jotform,

Quip . . . uses innovative security controls and measures that align with HIPAA compliance requirements. The system is fully encrypted and offers a variety of customizable privacy options to meet each organization’s unique compliance requirements.

In fact, the Security at Quip web page states that the company utilizes AES 256-bit encryption at rest and Transport Layer Security (TLS) 1.2 encryption in transit.

The Salesforce web page on the BAA provides further information about HIPAA and safeguarding PHI when using some of its services.

More or less, it is the responsibility of the customer to ensure the transmission is safe. Customers need a separate BAA for any transaction with another company.

Is Quip HIPAA compliant?

The BAA is a key component of HIPAA compliance and Salesforce will sign a BAA for its Quip product. Moreover, the company appears to utilize strong cybersecurity methods that follow HIPAA guidelines.

Conclusion

Quip for Salesforce can be HIPAA compliant.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022