Welcome to the Smartsheet Forum Archives
The posts in this forum are no longer monitored for accuracy and their content may no longer be current. If there's a discussion here that interests you and you'd like to find (or create) a more current version, please Visit the Current Forums.
HIPAA Policy Change
Hello!
Β
Originally, Smartsheet was set up as a HIPAA compliant item. Can anyone clarify when this changed and what justification caused this change? I have reached out to Smartsheet but they haven't gotten any feedback. Does anyone else know?
Β
Thanks!
Comments
-
Aric,
Β
This is all I could find at https://www.smartsheet.com/security-info
Β
HIPAA Statement
UnderΒ HIPAA, certain information about a personβs health or health care services is classified as Protected Health Information (PHI). Smartsheet customers who are subject to HIPAA are advised to refrain from storing PHI in Smartsheet. Smartsheet does not enter into Business Associate Agreements (BAA).
Questions? Concerns?
For information about other compliance frameworks such as FERPA, ITAR, or FedRAMP, please contact us atΒ compliance@smartsheet.com. For more details about Smartsheet security, read ourΒ Security Policy,Β Security Whitepaper, andΒ Privacy Policy. If you find a security issue with our product, please contact us atΒ security@smartsheet.comΒ or call us directly at 425-283-1870.
-
Thanks Tim for posting that! We have not changed our HIPAA policy - Smartsheet has never been HIPAA compliant. The information above will be your best reference and you can always email compliance@smartsheet.com for more information.
Β
Β
-
There was a very clear openness to HIPAA elements previously: https://www.smartsheet.com/customers/northeast-georgia-medical-center
Β
Was there perhaps a change in HIPAA policy that made Smartsheet shy away from promoting itself in such a manner or can you clarify how you have met the stringent HIPAA requirements of the hospital system?
Β
Β
-
Hi Aric, as mentioned in our HIPAA statement, Smartsheet does not recommend users store PII or PHI in Smartsheet. I am not able to say what information the linked company puts in their web form (because I do not know) but each company has their own set of security rules and regulations they comply with - its up to them to make the final decision about the data they are storing.Β
-
Hello Aric,
At the time of this thread, Travis was 100% correct in that we were not HIPAA compliant, but I'm pleased to announce that we have made a recent change to that policy.
By entering in a business associate agreement (BAA) with Smartsheet and adhering to the Smartsheet HIPAA Implementation Guide, your organization can use Smartsheet in accordance with HIPAA.
To start the process of becoming HIPAA compliant with Smartsheet, please visitΒ Smartsheet for Healthcare.
