Whether you operate a health care company or run a business that provides additional services to a business, you are legally required to respect HIPAA. Complementary services range from electronic billing to online hosting. Software companies with access to PPH are considered business partners in accordance with HIPAA Regulations. In order to use software associated with the PHI, HIPAA requires organizations to sign a signed Trade Association Agreement (BAA). An BAA is a legal document that requires trading partners to implement safeguards to protect PIs. Square is ready to sign a BAA with its customers in the healthcare sector, which can be used as such for HIPAA compliant payment processing. If you use the services on the site, you agree to this privacy policy. Square Practice may send you notifications or data regarding our sites and services, including, but not limited to , (i) communications relating to the use of our websites and services, including any notifications of usage violations, (ii) updates and (iii) promotional information and material regarding our products and services. You can disable the receipt of Square Practice`s ad emails by following the disconnection instructions contained in those emails. You can also disor order to receive advertising emails and other commercials from us at any time by sending support@squarepractice.com with your specific request via email. Opt-out requirements do not apply to transactional messages, such as. B as security alerts and notifications about your current account and services.

If you have any questions or comments about this privacy policy, please contact us at the www.squarepractice.com/contact/ or email support@squarepractice.com. Covered companies (CEs) and their business partners (BAs) must comply with HIPAA in order to protect the rights and privacy of patients and their protected health information (PHI). Dropbox or any other cloud storage provider (CSPs)? Yes, yes. According to HHS.gov, when a covered entity uses a PSC “to create, receive, maintain or transfer ePHI (e.g.B. ePHI to process and/or store), the PSC is a business partner under HIPAA…. This is true, even if the CSP only processes and stores encrypted ePHI and does not have an encryption key for the data. ” www.hhs.gov/hipaa/for-professionals/special-topics/cloud-computing/index.html) Thus, if a covered entity uses a type of PSC, be it Dropbox to store documents or an electronic health registry system, the covered entity and the CSP must enter a BAA, even if the data is encrypted and cannot be effectively accessed by the CSP.