If salesforce.com acts as a counterparty on behalf of a Covered Entity, salesforce must enter into a Salesforce Business Associate Agreement with that Covered Entity, in accordance with HIPC rules. The remainder of the counterparty agreement describes the responsibilities of each party, including those relating to PHI. Relevant provisions of the agreement include: F: Salesforce.com will sign a BAA? A: Yes, they do it all the time, and they have a standard agreement. Through a distribution agreement, the parties implement certain HIPAA requirements. These requirements consist of hipAA Privacy Rule and HIPAA security rule. Salesforce.com is a cloud-based software company. Most of the revenue comes from the CRM (Customer Relationship Management) service. Salesforce also sells enterprise-wide applications for customer service, analytics, app development, and marketing automation (through Salesforce “Marketing Cloud”). Salesforce provides companies with an interface for case and task management. Salesforce also allows users to forward and escalate events (i.e., control the workflow). Other features of salesforce are analytics tools, email notifications, and Google Search. The issue is salesforce HIPAA compliant, is discussed below.
When data is displayed inside the salesforce platform, the data is called data displayed at rest. Rest state data, which is data stored on a server, must be backed up to preserve its integrity. There are several tools that can be used for data authentication, including magnetic disk storage, error correction memory, checkpoint technology, and digital signatures. An organization must also be able to authenticate users to ensure that they have the right to view PHI If a covered entity takes these steps and its counterparty signs the counterparty agreement and complies with the HIPAA Privacy Rule and hipaA Security Rule, there is no “compliance issue on the Salesforce Service Cloud” – the situation is HIPC compliant. In the agreement, salesforce acknowledges that salesforce may, in connection with the provision of services, receive, maintain, or transfer patient or customer data that makes up PHI, making salesforce a business partner. HIPAA applies to both moving and dormant personal data. Moving data is data transmitted over a public network such as the Internet. This data must be encrypted during transmission. Whenever it is answered to our hypothetical support post above (unlike easy reading), PHI is copied into the current thread, without exception. This “thread”, since it is sent by the covered entity in electronic format to the customer, becomes data in motion as soon as he begins his journey on the Internet.
. . .
