Is Apotheo HIPAA compliant?
Most of the businesses that use Apotheo are nutritionists and personal trainers. They don’t fall under the scope of HIPAA since they’re not health care providers (covered entities).
When a covered entity uses a service provider, they have to ensure the service provider agrees to properly secure PHI on their behalf by signing a Business Associates Contract (BAC).
We have privacy and security protocols that cover many of the HIPAA best practices, but entering into a BAC would mean hiring an accredited accounting firm to perform annual HIPAA audits, which are very costly.
In short, we don’t sign BACs because most of our users are not covered entities.
When a covered entity uses a service provider, they have to ensure the service provider agrees to properly secure PHI on their behalf by signing a Business Associates Contract (BAC).
We have privacy and security protocols that cover many of the HIPAA best practices, but entering into a BAC would mean hiring an accredited accounting firm to perform annual HIPAA audits, which are very costly.
In short, we don’t sign BACs because most of our users are not covered entities.
Updated on: 29/03/2023
Thank you!