While each Covered Entity is unique, the SendThisFile secure file transfer system can be configured to meet most Covered Entities privacy and security policies without the need of a Business Associate agreement.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) omnibus final rule which was announced in January of 2013 and effective March of 2013, is based on statutory changes under the Health Information Technology for Economic and Clinical Health Act (HITECH), enacted as part of the American Recovery and Reinvestment Act of 2009 (ARRA) and the Genetic Information Nondiscrimination Act of 2008 (GINA).
The HIPAA omnibus final rule narrowed the "conduit exception" for Business Associate agreements. However, it still recognizes courier services such as the USPS, UPS and their electronic equivalents as exceptions to the Business Associate agreement requirement. A key determinant in meeting or not meeting the conduit exception is the "transient versus persistent nature" of the service offered.
To ensure compliance with a Covered Entities privacy and security policies, SendThisFile must be configured as a transient courier and not a data storage provider. The following components should all be considered when setting up SendThisFile to align with your HIPAA privacy and security practices and policies.