HIPPA / HIPAA Compliance

Planned

Comments

26 comments

  • Official comment
    Sara Høeg Højlund-Rasmussen

    Hi everyone, 

    We have this as a part of the roadmap - no ETA or promise yet but working towards an audit by end of 2022 with the option to sign a BAA starting 2023.

    // Sara - Citrix

    Comment actions Permalink
  • Hal M Jacobson, MD

    I am also interested in this answer

    0
    Comment actions Permalink
  • Andrew Barbash, MD

    I am a neurologist who uses Podio all day long with colleagues, patients, family caregivers and other staff. We have created a "virtual clinic" model also in which leveraging Podio has created the most efficient manner of messaging and targeted information collaboration one can imagine. However, as you mentioned, healthcare is full of great solutions that do not get officially embraced by healthcare organizations because of this nagging "is it officially HIPAA compliant and will they sign a Business Associate Agreement". Well, I know the Podio team quite well and I know they are aware of this, of how important these issues are for applying in healthcare, and I believe we will see this addressed on a formalized basis soon.. But what is so important to realize is that if you look at Podio's security, confidentiality, privacy, deployment methods, its private relationship-based information model.....it meets all the industry criteria for high levels of confidentiality and really goes beyond that as well. All of that means it is a highly secure, reliable, private, permissions-based method of collaborating even today, before any official HIPAA compliance is posted or stated. And the mobile app enhances that privacy even more given the way it is deployed.

    However, certainly in the US, it is important to get those last few pieces in place to be able to state HIPAA compliance on a website, AND of course be willing/able to sign a BAA with a healthcare "client"

     

     

    Andrew Barbash, MD

    Neurologist and Director The Apractis Clinic

    www.ajbmd.com

    1
    Comment actions Permalink
  • Sara Høeg Højlund-Rasmussen

    Hey guys,

    We have an update on this can will be able to help with HiPAA Compliance if needed via a BAA agreement. This is only an option for our customers. Contact us in support if you need help (support@podio.com or via https://help.podio.com/tickets/new)

    //Sara - Podio

    0
    Comment actions Permalink
  • Andrew Barbash, MD

    Hey folks, its HIPAA (spelling)compliance..and Podio is technically HIPAA compliant, it is just that being able to provide a BAA or Business Associate Agreement is what satisfies the client's ability to deploy or support a HIPAA compliant technology.  Right?

    0
    Comment actions Permalink
  • [100Rails] Steve Shepherd

    Any UPDATE on HIPPA compliance sticker on PODIO? We have some legislation in New Zealand that we need to get exceptions for providing Podio solutions for Medical data and it being domiciled outside the country....

    Can anyone from PODIO help with this?

    0
    Comment actions Permalink
  • Sara Høeg Højlund-Rasmussen

    We're currently not able to negotiate a BAA with customers.

    //Sara - Podio

    0
    Comment actions Permalink
  • Hakim AB

    Hi. Just checking to see if there is any update on HIPAA compliance. I'd like to implement this tool with a company that does clinical trials.

    0
    Comment actions Permalink
  • Sara Høeg Højlund-Rasmussen

    Hi Hakim,

    No update I'm afraid. Sorry about that.

    //Sara - Podio

    0
    Comment actions Permalink
  • Patrick Connolly

    I have asked previously about obtaining a BAA for Podio, but was informed that they are not offered at this time. I spoke to one of the attorneys at Citrix and was informed that it was going to happen at some point, but that they needed time to formally review the platform. 

    Here are the questions that I need to have answered:

    · Will Podio be able to enter into a BAA with its customers in the near future?

    · If yes, when?      If not, why?

    Coincidentally, Podio was included in Citrix's healthcare vertical in marketing materials in 2015.  I don't see how Podio can be advertised as a part of the healthcare vertical if they refuse to enter into a BAA.   

    0
    Comment actions Permalink
  • Brandon Cunningham

    Hope it gets offered soon. Having that BAA will open the market to more customers for Podio.

    0
    Comment actions Permalink
  • Sara Høeg Højlund-Rasmussen

    Hi Brandon, 

    I will share updates here if we get closer.

    //Sara - Podio

    0
    Comment actions Permalink
  • Drew Williams

    Any update on ability for customers to obtain a BAA with Podio?

    1
    Comment actions Permalink
  • ahsan ali shah

    Any update on this thread?

    I am working in Software industry for a long time.I have observed that Podio and its extensions can be very much helpful for Healthcare professionals just like it is helping Real Estate industry.If these security standards are met we can market this product worldwide in healthcare.Please take some on Hipaa compliance and see how much your sales start increasing.thanks.

     

    0
    Comment actions Permalink
  • Patrick Connolly

    Just curious if there has been an update on this - it would be really nice to be able to enter into a BAA with Podio

     

    0
    Comment actions Permalink
  • Hakim AB

    Many of us really really really would like to see this happen. I support a small fertility clinic that could make use of dynamic forms created in Podio and referenced from their EMR. There is an idea I have that was confirmed by another vendor in a similar context. We can create medical records with HIPAA protected data but do not include any patient identification information in that record, but only establish a reference/record number. That number would then be listed in and tied with patient data on the EMR side. Use the EMR to find the patient but inside of that patient record have to click on a link that points to Podio to get to the actual medical record data. 

    Is this a viable work-around?

    0
    Comment actions Permalink
  • Andrew Barbash, MD

    This hipaa compliance for podio would be a huge advance. This is without question the single most adaptive collaborative content platform ever developed that could revolutionize healthcare across all sorts of boundaries.

    0
    Comment actions Permalink
  • Dana P

    Hi Andrew,
    Thank you for contacting us here with your request!

    My deepest apologies that we currently do not offer this feature in Podio. However, what I have done is to update our feature request list to include your comments and concerns with regard to it.

    While we do not have an eta as to when we would expect that to be rolled into the platform, I will definitely let our development team know that this is a feature that is greatly desired and would enhance your experience with Podio.

    Also, it's been lost in this thread but Sara mentioned above that "we have this as a part of the roadmap for 2021 - no ETA or promise yet but working towards an audit by end of 2021 with the option to sign a BAA."

    Have a safe and wonderful day!

    All the best,

    Dana - Podio

    0
    Comment actions Permalink
  • Rodney Harrison

    Any updates on this? As of 4/16/21

    0
    Comment actions Permalink
  • Dana P

    Hi Sean,

    Thank you for inquiring about the compliance here with us. 

    From a comment made by Sara earlier, it would appear that we are working towards an audit by end of 2021 with the option to sign a BAA.

    Hope this helps with planning for you a little bit!

     

    Best,

    Dana - Podio

    0
    Comment actions Permalink
  • Andrew Barbash, MD

    I think this means that from a purely technical and security standpoint Podio meets all HIPAA requirements (including the very nice dual authentication for login)  but its the point at which Citrix will sign a BAA that it would be confirmed. Is that right?

    0
    Comment actions Permalink
  • Sean Harrison

    Morning Everyone,

    Sara, it's almost the end of 2021 is this now a resolved problem? HIPPA compliance of Podio where do you stand with this?

    0
    Comment actions Permalink
  • Aaron Howerton

    Sara Høeg Højlund-Rasmussen, tagging you to bring attention to Sean Harrison's comment above. I can't seem to find any details in the high level roadmap you've linked.

    I've been an off and on Podio user for years and could almost immediately add a client to the platform if the option around the BBA is resolved, significantly boosting my ability to quickly scale a solution without extensive additional costs. I've got a demo today, actually, for an industry specific platform that might be an answer due to it's core EMR features and customization capabilities, but like Hakim AB above, my lowest cost solution is asking the client to mask data inside a platform like Podio with a patient ID of some kind. That adds some additional headache for this small non-technical group I'm supporting because they would have to always key in the right ID and couldn't search by number, requiring both systems to be open at any given time. If I could simply build the model here with proper clearance for HIPPA I could really make an impact with a lower overall cost since I can do most of the work myself. thanks for a timely response!

    0
    Comment actions Permalink
  • Sean Harrison

    Did this ever happen?

    0
    Comment actions Permalink
  • Hakim AB

    I'm starting to get suspicious. Citrix has HIPAA compliant products (https://www.citrix.com/about/trust-center/citrix-hipaa-services.html) but I'm starting to think that the resistance to Podio HIPAA BAA agreements are due to economic and political factors within Citrix. Allowing Podio to be used as a HIPAA compliant platform could be seen by some Citrix executives as cannibalizing sales of the above referenced products. I've seen this before as an employee of Lotus Development after they acquired CC:Mail and were then subsequently acquired by IBM. Lotus told CC:Mail customers either get with the Lotus Notes Suite product line or go elsewhere. A number of CC:Mail customers jumped ship to Microsoft Exchange. I am hoping this is not a similar situation at Citrix.

    0
    Comment actions Permalink
  • Hi everyone,

    I have updated the description above to current status. We are still working towards compliance certification for both HIPAA and SOC2 for Podio, however the work required is taking longer than anticipated initially (we want to ensure all features will be supported, not only a subset), and we have to fit the audit into our annual compliance certification audits for Citrix overall. Unfortunately I cannot offer the exact timeframe but this is still very much planned and being worked on.

    The link has been removed as we no longer offer the Citrix Workspace bundle with all Citrix cloud products, instead we will continue to sell Podio standalone and work on a new package with Podio sold alongside Citrix ShareFile and Citrix RightSignature products. Hope this helps clarify the confusion with the broken link.

    Thank you for your patience,

    Cheers,

    Sara - Director of Product 

    0
    Comment actions Permalink

Please sign in to leave a comment.

Powered by Zendesk