What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) is a set of industry-wide standards to safeguard protected health information (PHI) and electronic protected health information (ePHI). Customers must be able to trust that their health data is being handled securely and their digital privacy respected.
Fin has successfully completed a HIPAA attestation examination, which means we help our customers fulfill their ePHI obligations by storing and processing data in a manner consistent with HIPAA standards. This examination was performed by an independent Certified Public Accountant firm, who reviewed our HIPAA policies, procedures, and controls against the HIPAA Security Rule and HITECH Breach Notification Rule requirements.
Note: Fin is not itself seeking to become HIPAA compliant — rather, we help our customers remain HIPAA compliant when using our software. Fin becomes a Business Associate of eligible customers via a BAA.
What is a BAA?
A Business Associate Agreement (BAA) is a written arrangement that specifies both Fin's and our customers' responsibilities when it comes to ePHI. All customers with HIPAA obligations (typically those in the healthcare industry) are required to execute a BAA with Fin if they wish to send ePHI data to us.
Important: Without a signed BAA, transmitting ePHI through us is strictly prohibited, as outlined in our terms of service.
Who is eligible for a BAA?
To access a BAA, customers must meet both of the following criteria:
They are a Covered Entity or a Business Associate
They are subscribed to an eligible pricing plan
All Fin workspaces are eligible for a BAA.
How to sign a BAA
To enter into a BAA, reach out to our support team via the Messenger or email us at team@fin.ai.
FAQs
Is Fin HIPAA compliant?
Is Fin HIPAA compliant?
Fin has completed a HIPAA attestation examination and stores and processes data in a manner consistent with HIPAA standards. We help eligible customers fulfill their HIPAA obligations through a signed BAA — we do not claim HIPAA compliance as an end state for Fin itself.
What other certifications does Fin hold?
What other certifications does Fin hold?
Our HIPAA attestation is one of four frameworks in Fin's security assurance program. We are also ISO 27001, ISO 27701, and ISO 27018 certified, and SOC 2 Type II compliant.
Can I use my own BAA template?
Can I use my own BAA template?
We have our own BAA template. If you'd prefer to use your own paper, this requires review by Fin's Legal team before signing. Edits to our BAA template are only considered for customers meeting a minimum spend threshold.
Need more help? Get support from our Community Forum
Find answers and get help from Intercom Support and Community Experts