Salesforce Business Associate Agreement

HIPAA applies to both moving and dormant data. Moving data is data transmitted over a public network such as the Internet. This data must be encrypted during transmission. Whenever our hypothetical support ticket is answered above (unlike playback), PHI is copied into the current ticket directory. This thread, because it is sent by the covered entity electronically to the customer, becomes moving data as soon as it begins its journey through the Internet. As far as data is moving, the data is interested in the data, which Service Cloud continues to work as a business partner – it does an activity for a covered company in which PHI is involved. Salesforce signs a counterparty agreement, whether data whose transfer or use is suspended or in motion. Service Cloud is often used as a business partner for covered entities. A “business associate” is a person or entity that performs certain functions or activities involving the use or disclosure of protected health information (PHI) for a covered business.

Q: Est-Salesforce.com sign a BAA? A: Yes, they do it all the time, and they have a standard agreement. The remainder of the matching agreement defines the responsibilities of each party, including responsibilities with respect to POs. Relevant provisions of the agreement include the implementation of certain HIPAA requirements through a Salesforce business partnership agreement. These requirements include HIPAA Privacy Rule and HIPAA Security Rule Regulations. When data is displayed inside the Salesforce platform, the data is designated as dormant data. Sleeping data, which is data stored on a server, must be backed up in order to preserve its integrity. There are several tools that can be used for data authentication, including magnetic disks, bug-fixed memory, control mass technology and digital signatures. An organization must also be able to authenticate users to ensure that they have the right to post PHIs, if a covered company takes these steps and its business partner signs the partner`s agreement and complies with the hipaa privacy rule and the HIPAA security rule, there is no compliance issue in the sales service cloud – the situation is HIPAA compliant. The example below illustrates how Service Cloud can be used to perform matching functions.

Suppose you are a customer service agent (“CSR,” in short). You use Service Cloud to view a new support ticket. A customer sends a request. In the application, the client indicates that his doctor wants him to receive additional tests to avoid kidney cancer. The client wants to know if the additional tests are covered by his health insurance. Is this a HIPAA scenario? Yes, yes. The customer`s contact information, combined with health information, is protected health information. Cloud Service is used to provide a service to the covered entity that includes PHI.

Service Cloud is therefore a business partner and must respect HIPAA. Salesforce.com is a cloud-based software company. Most of the revenue comes from the Customer Relationship Management (CRM) service. Salesforce also markets enterprise-wide applications for customer service, analytics, application development and marketing automation (via the Salesforce “Marketing Cloud”).

Comments are closed.