Help center      Security & Compliance  
HIPAA Compliance

HIPAA Compliance

Updated March 7, 2024

If you’re interested in HIPAA compliance, please reach out to your account executive or contact support.

The Health Insurance Portability and Accountability Act (HIPAA) is designed to help protect people’s healthcare data. Organizations such as hospitals, doctors’ offices, health plans, or companies dealing with protected health information (PHI) are required to be HIPAA-compliant. This may also extend to companies that work with these businesses and come into contact with PHI on their behalf.

Here are some key terms you should know:

  • Protected Health Information (PHI)

PHI is healthcare data relating to a patient and collected by a healthcare provider, employer, or plan. It includes names, social security numbers, phone numbers, medical history, current medical condition, test results, and more. PHI is the content that HIPAA aims to protect and keep private.

  • Covered Entity

A covered entity is anyone who provides treatment, payment, and operations in healthcare. Examples include doctors, hospitals, pharmacies, insurance companies, and more. These covered entities are responsible for the privacy and security of health information.

  • Business Associate

A business associate is anyone who has access to a patient’s information whether it is directly, indirectly, physically, or virtually. A business associate does not work under the covered entity’s workforce but instead performs some type of service on their behalf (i.e. a lawyer, a phone company, etc.). A business associate is subject to HIPAA rules.

  • Business Associate Agreement (BAA)

A BAA is a contractual assurance from the business associate to the covered entity that they follow HIPAA’s requirements. This agreement must be in place before the transfer of PHI from the covered entity to the business associate. 

Is Process Street HIPAA compliant?

HIPAA is available on Process Street on our Enterprise plan. Please note that if you are on this plan and later downgrade to another plan, you will no longer be covered under the HIPAA compliance program anymore.

How do I enable HIPAA compliance?

You do not need to do anything to enable HIPAA compliance, we will do this for you once an Enterprise contract and BAA are in place.

What happens to Process Street when HIPAA compliance is enabled?

When HIPAA compliance is enabled, the following will happen:

Additional product use considerations

  • PHI storage should be limited to form fields, comments and attachments.
  • You should not @mention someone in a comment that contains PHI.
  • You should not use variables containing PHI in the Send Email form field.
  • You should not use variables containing PHI in AI Tasks.
  • Process Street is not an EHR (Electronic Health Record). Process Street does not maintain the designated record set and should not be the system of record for health information. Customers may not create Process Street accounts in their domain for their patients, patient family members, plan members, or any other external parties to communicate.
  • When contacting Process Street support, you should not provide PHI in any support tickets. Please do not share PHI when on calls with Process Street representatives.

Additional data security options

1. Strengthen authentication

We recommend using SAML Single Sign-On (SSO) to add a layer of protection to your Process Street account.

2. Conduct regular access reviews

To ensure that any sensitive data in your Process Street account can only be accessed by appropriate people, we recommend that you frequently review the list of your members.

You can use SCIM to automatically manage the users in your organization.

3. Evaluate third-party apps

Our third-party integrations allow you to seamlessly connect Process Street to external platforms. While these third-party apps can be great complements to your account, it’s important to remember that they’re not part of our included services. If you want to keep the HIPAA compliance, you must ensure that any third-party app or service you use will also be HIPAA compliant.

Discover Process Street

Use Process Street to make your team processes fun, fast and faultless. We'll help you transform your team's static checklists into powerful interactive workflows!

Learn more about Process Street

YouTube videos
Deep dive into Process Street with our YouTube video series.
Join a webinar
Effectively record, replicate, and replace your workflow!
See latest releases
Catch up on the latest releases and enhancements.
Join the community
Share with others about how you are using the app day to day.

Take control of your workflows today.