BRICKBRIDGE

Blog

Podio and HIPPA Compliance

Intro:

Podio is such a powerful, flexible tool that there’s not much many industries it couldn’t help improve. It would be a great for managing doctor's offices, dentist’s offices, even medical records for a school who has students living in a dorm; however, there’s one big roadblock. Podio is not HIPAA compliant. 


While the data integrity of Podio meets federal HIPAA regulations, but there is a much broader spectrum of what you have to consider when trying to comply with HIPAA. Podio has been in talks for a while about becoming HIPAA compliant and has made a statement that they have taken into consideration into putting a feature into implementation but there are no timeline details and no guarantee. It’s a pretty vague statement, but the interest is there because Podio knows the avenues it could open up. 


History

So first off, what is HIPAA? It's the health insurance portability and accountability act of 1996. It is a very necessary bit of legislation that came out in 1996 that provided federal guidelines for the storage, transportation and disclosure of private health information (PHI). It inadvertently created multiple new sectors of the US government and spawned an entire industry of consultants and software programs designed to keep organizations in HIPAA compliance. 


The Problem: 

Why? The issue was the wording of the act. The language cites any information which could be related to one's private health information as being officially protected under HIPAA… What isn’t private health information? The fact you are alive and have a heartbeat could be considered protected under HIPAA. You have a name and are alive? You are protected under HIPAA. It became an umbrella clause that the federal government could push in many ways. 


HIPAA & Podio: 

So Podio clearly has more to worry about than just it’s data intergrity when complying with HIPAA. The very fiber of Podio’s being, an open ended share feature, represents a massive potential HIPAA violation. When you build a system to be open and collaborative where you can modify fields and share items, it’s almost in direct conflict with the design requirements of the HIPAA compliance system where you protect the data and slowly give access to track it. 


Interested in our services?

We'd love to hear from you.

START A CONVERSATION