HaloCRM and HIPAA
HIPAA compliant CRM software so that you can trust that your sensitive healthcare data is safe in your HaloCRM account
HIPAA-compliant CRM software
Your team’s privacy and security are one of our top priorities! We know that you put your trust into HaloCRM every day to keep your team’s information secure and assure you that responsible custodianship of your data is one of the core values of our company. That’s why we offer HIPAA-compliant plans so that you can trust that your sensitive healthcare data is safe and secure in your HaloCRM account.
What is HIPAA?
The Health Insurance Portability and Accountability (HIPAA) act is designed to help protect people’s healthcare data. Organisations such as hospitals, doctors’ offices, health plans, or companies dealing with protected health information (PHI) are required to be HIPAA-compliant. This may also extend to companies that work with these businesses and come into contact with PHI on their behalf.
Here are some key terms you should know:
- Protected Health Information – PHI
Protected Health Information (PHI) is healthcare data relating to a patient and collected by a healthcare provider, employer, or plan. It includes names, social security numbers, phone numbers, medical history, current medical condition, test results, and more. PHI is the content that HIPAA aims to protect and keep private.
- Covered entity
A covered entity is anyone who provides treatment, payment, and operations in healthcare. Examples include doctors, hospitals, pharmacies, insurance companies, and more. These covered entities are responsible for the privacy and security of health information.
- Business associate
A business associate is anyone who has access to a patient’s information whether it is directly, indirectly, physically, or virtually. A business associate does not work under the covered entity’s workforce but instead performs some type of service on their behalf (i.e. a lawyer, a phone company, etc…). A business associate is subject to HIPAA/HITECH rules.
- Business associate agreement (BAA)
A BAA is a contractual assurance from the business associate to the covered entity that they follow HIPAA’s requirements. This agreement must be in place before the transfer of PHI from the covered entity to the business associate.
Is HaloCRM HIPAA-compliant?
HIPAA is available on HaloCRM as standard. You can reach out to a Customer Success Agent or to your account manager to set up your account as HIPAA compliant.
How to set up BAA with HaloCRM
In order for your account to be HIPAA compliant, you must first sign on to the BAA and configure your account as HIPAA. You can sign a BAA electronically by contacting support@halocrm.io
How to keep your data secure
We want to make it as easy as possible for you to learn how to keep your account secure and meet your legal requirements. We have put together a few tips that you should consider when configuring your accounts.
1. Strengthen authentication
We recommend using one of these two security features to add a layer of protection to your HaloCRM account:
- The Google Apps Authentication
- The SAML Single Sign-on
2. Conduct regular access reviews
To ensure that any sensitive data in your HaloCRM account can only be accessed by appropriate people, we recommend that you frequently review the list of your members.
3. Monitor for unusual activity
As an admin, you have the ability to control the sessions for all account users through the Audit Log.
4. Evaluate third-party apps
Our Integrations allow you to seamlessly connect HaloCRM to external platforms and turn your HaloCRM account into your personal work hub. While these third-party apps can be great complements to your account, it’s important to remember that they’re not part of our included services. If you want to keep the HIPAA compliance, you must ensure that any third-party app or service you use will also be HIPAA compliant.
If you have any questions, please reach out to our team by using our contact form. We’re available 24/7 and happy to help!
To find out about our other integrations available, visit our integrations page.