Add a HIPPA / BAA policy to Asana


#1

As a healthcare provider, I would love to be able to use Asana to keep track of tasks, including what contacts need to be made with patients, which patient records need updates, etc. I understand that the Box integration is HIPPA compliant, but I don’t need to upload files, I just need to be able to add patient names to tasks. Typically for these sorts of uses, the company would need to sign a HIPPA Business Associates Agreement. Will Asana do this?


#2

Hi @Lauren7

Asana is not specific to the medical field and as such we do not have clearly identifiable HIPAA compliance standards, but we keep any data entered into Asana secure. Your data is not encrypted on the servers (for performance reasons), but we do encrypt over the wire via SSL. Security is something we take very seriously. Please take a look at this information:



One workaround we can offer is the use of our integration with Box, which is HIPAA compliant. The link to our Box integration below:

Let me know if you have any further questions or concerns.


#3

Ok thanks! Sounds like it’s a no-go for healthcare professionals if we need to add any PHI to a task (HIPAA requires a BAA be signed, even with really great security). Maybe someday in the future you’ll consider a HIPAA/BAA policy-- that would be awesome!