Slack Business Associate Agreement

However, even before healthcare organizations implement Slack Enterprise Grid for the limited transfer of PHI, a HIPAA association agreement must be concluded. Making Slack HIPAA compliant is a process that should be taken seriously before sharing a PHI. Before a company can use a platform to send or receive protected health information (PHI), the platform must be ready to take a BAA. Slack states on its website that customers should not use, disclose, transfer or process PHI through the platform. Unless a customer enters into a written agreement with Slack, Slack is not a “business partner.” This means slack is ready to sign a BAA for customers who want to use Slack Enterprise Grid. If you would like a member of our support team to reply to you, please send a message to feedback@slack.com. Find out what your company should be doing today for HIPAA compliance! Any healthcare organization that wants to use slack Enterprise Grid should contact Slack directly before a PHI is sent to request a copy of its counterparty agreement, if one of them is offered. Slack meets many generally recognized standards and provides tools for customers to meet their compliance requirements. Companies subject to the Health Insurance Portability and Accountability Act (HIPC) of 1996, such as health plans, healthcare providers, health insurers, healthcare providers, and the many companies that provide services to them, can configure Slack Enterprise Grid to support hipAA cooperation. If Slack assists these customers with health activities or functions, Slack is a provider/service provider classified as counterparty (BA) in accordance with the HIPC.

HIPAA`s security rule sets national standards for the protection of electronically protected health information (ePHI) by individuals created, used, or maintained by a relevant entity or counterparty. When implementing security standards, you must comply with the following security measures: A Business Associate Agreement (BAA) is mandatory in accordance with the rules of the HIPC. A business partner is any organization responsible for managing IHP on behalf of another organization. In accordance with HIPAA, Slack is considered a counterparty. A BAA describes what business partners can and cannot do with the IHP they have access to, how they protect those PHI, how they prevent illegal disclosure of PHI, and what is the appropriate method to report IHP violations in the event of a data breach. . . .