HIPPA / HIPAA Compliance
PlannedIs Podio HIPPA compliant? if not, what are the plans or timeline to be compliant?
We would like to utilize podio to use with some of medical clients but without HIPPA compliance it will be hard to do.
-
Official comment
Hi everyone,
We have this as a part of the roadmap - no ETA or promise yet but working towards an audit by end of 2022 with the option to sign a BAA starting 2023.
// Sara - Citrix
Comment actions -
I am a neurologist who uses Podio all day long with colleagues, patients, family caregivers and other staff. We have created a "virtual clinic" model also in which leveraging Podio has created the most efficient manner of messaging and targeted information collaboration one can imagine. However, as you mentioned, healthcare is full of great solutions that do not get officially embraced by healthcare organizations because of this nagging "is it officially HIPAA compliant and will they sign a Business Associate Agreement". Well, I know the Podio team quite well and I know they are aware of this, of how important these issues are for applying in healthcare, and I believe we will see this addressed on a formalized basis soon.. But what is so important to realize is that if you look at Podio's security, confidentiality, privacy, deployment methods, its private relationship-based information model.....it meets all the industry criteria for high levels of confidentiality and really goes beyond that as well. All of that means it is a highly secure, reliable, private, permissions-based method of collaborating even today, before any official HIPAA compliance is posted or stated. And the mobile app enhances that privacy even more given the way it is deployed.
However, certainly in the US, it is important to get those last few pieces in place to be able to state HIPAA compliance on a website, AND of course be willing/able to sign a BAA with a healthcare "client"
Andrew Barbash, MD
Neurologist and Director The Apractis Clinic
-
Hey guys,
We have an update on this can will be able to help with HiPAA Compliance if needed via a BAA agreement. This is only an option for our customers. Contact us in support if you need help (support@podio.com or via https://help.podio.com/tickets/new)
//Sara - Podio
-
I have asked previously about obtaining a BAA for Podio, but was informed that they are not offered at this time. I spoke to one of the attorneys at Citrix and was informed that it was going to happen at some point, but that they needed time to formally review the platform.
Here are the questions that I need to have answered:
· Will Podio be able to enter into a BAA with its customers in the near future?
· If yes, when? If not, why?
Coincidentally, Podio was included in Citrix's healthcare vertical in marketing materials in 2015. I don't see how Podio can be advertised as a part of the healthcare vertical if they refuse to enter into a BAA.
-
Any update on this thread?
I am working in Software industry for a long time.I have observed that Podio and its extensions can be very much helpful for Healthcare professionals just like it is helping Real Estate industry.If these security standards are met we can market this product worldwide in healthcare.Please take some on Hipaa compliance and see how much your sales start increasing.thanks.
-
Many of us really really really would like to see this happen. I support a small fertility clinic that could make use of dynamic forms created in Podio and referenced from their EMR. There is an idea I have that was confirmed by another vendor in a similar context. We can create medical records with HIPAA protected data but do not include any patient identification information in that record, but only establish a reference/record number. That number would then be listed in and tied with patient data on the EMR side. Use the EMR to find the patient but inside of that patient record have to click on a link that points to Podio to get to the actual medical record data.
Is this a viable work-around?
-
Hi Andrew,
Thank you for contacting us here with your request!My deepest apologies that we currently do not offer this feature in Podio. However, what I have done is to update our feature request list to include your comments and concerns with regard to it.
While we do not have an eta as to when we would expect that to be rolled into the platform, I will definitely let our development team know that this is a feature that is greatly desired and would enhance your experience with Podio.
Also, it's been lost in this thread but Sara mentioned above that "we have this as a part of the roadmap for 2021 - no ETA or promise yet but working towards an audit by end of 2021 with the option to sign a BAA."
Have a safe and wonderful day!
All the best,
Dana - Podio
-
Sara Høeg Højlund-Rasmussen, tagging you to bring attention to Sean Harrison's comment above. I can't seem to find any details in the high level roadmap you've linked.
I've been an off and on Podio user for years and could almost immediately add a client to the platform if the option around the BBA is resolved, significantly boosting my ability to quickly scale a solution without extensive additional costs. I've got a demo today, actually, for an industry specific platform that might be an answer due to it's core EMR features and customization capabilities, but like Hakim AB above, my lowest cost solution is asking the client to mask data inside a platform like Podio with a patient ID of some kind. That adds some additional headache for this small non-technical group I'm supporting because they would have to always key in the right ID and couldn't search by number, requiring both systems to be open at any given time. If I could simply build the model here with proper clearance for HIPPA I could really make an impact with a lower overall cost since I can do most of the work myself. thanks for a timely response! -
I'm starting to get suspicious. Citrix has HIPAA compliant products (https://www.citrix.com/about/trust-center/citrix-hipaa-services.html) but I'm starting to think that the resistance to Podio HIPAA BAA agreements are due to economic and political factors within Citrix. Allowing Podio to be used as a HIPAA compliant platform could be seen by some Citrix executives as cannibalizing sales of the above referenced products. I've seen this before as an employee of Lotus Development after they acquired CC:Mail and were then subsequently acquired by IBM. Lotus told CC:Mail customers either get with the Lotus Notes Suite product line or go elsewhere. A number of CC:Mail customers jumped ship to Microsoft Exchange. I am hoping this is not a similar situation at Citrix.
-
Hi everyone,
I have updated the description above to current status. We are still working towards compliance certification for both HIPAA and SOC2 for Podio, however the work required is taking longer than anticipated initially (we want to ensure all features will be supported, not only a subset), and we have to fit the audit into our annual compliance certification audits for Citrix overall. Unfortunately I cannot offer the exact timeframe but this is still very much planned and being worked on.
The link has been removed as we no longer offer the Citrix Workspace bundle with all Citrix cloud products, instead we will continue to sell Podio standalone and work on a new package with Podio sold alongside Citrix ShareFile and Citrix RightSignature products. Hope this helps clarify the confusion with the broken link.
Thank you for your patience,
Cheers,
Sara - Director of Product
-
Hi Sara,
A few questions
- Will the HIPAA compliance require Podio, Citrix ShareFile, and Citrix RightSignature, or some combination, or just Podio itself?
- Are you still "working toward" completing the audit this year (2022)? If not, is there an "ETA or promise" yet?
- What month of 2023 (or other year) is expected for the first option to sign a BAA be available?
- Is there a larger Podio plan that you can share with us, giving us the relative priority and/or plans of new features to roll out in the future?
Thank you for your responses.
-Mark
Please sign in to leave a comment.
Comments
29 comments