Based on our research, Automation Anywhere is HIPAA compliant because it meets the requirements set by the U.S. Department of Health and Human Services (HHS) to safeguard protected health information (PHI).
Automation Anywhere is a robotic process automation (RPA) platform that helps organizations automate workflows, reduce manual tasks, and improve efficiency across industries, including healthcare.
Yes, Automation Anywhere will sign a business associate agreement, which can be reviewed here.
Automation Anywhere provides a formal Business Associate Agreement that governs its handling of PHI.
The agreement states, “This Business Associate Agreement (the ‘Agreement’) is made and entered into by and between (‘Covered Entity’) and Automation Anywhere, Inc. (‘Business Associate’) as of the effective date of the Agreement. The business relationship between Business Associate and Covered Entity may involve the use and disclosure of health information that is considered PHI (as defined below) and is protected by federal law. Therefore, to the extent that such PHI is shared between the parties, this Agreement shall apply and shall set forth the party’s obligations with respect to such PHI.”
Their BAA covers:
The Automation Anywhere BAA does not appear to exclude common HIPAA obligations. However, like many BAAs, it does not permit use of the platform for activities outside of legal or contractual requirements. The agreement also clarifies, “Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the Privacy Rule or the Security Rule if done by Covered Entity.”
Therefore, while the platform can process PHI, it cannot be used for direct treatment functions or for purposes not allowed under HIPAA.
Automation Anywhere signs a BAA, and as a result, is HIPAA compliant.
Learn more: HIPAA Compliant Email: The Definitive Guide
A business associate agreement (BAA) is a legally binding contract establishing a relationship between a covered entity under the Health Insurance Portability and Accountability Act (HIPAA) and its business associates. The purpose of this agreement is to ensure the proper protection of personal health information (PHI) as required by HIPAA regulations.
The Health Insurance Portability and Accountability Act (HIPAA) sets national standards for protecting the privacy and security of certain health information, known as protected health information (PHI). HIPAA is designed to protect the privacy and security of individuals’ health information and to ensure that healthcare providers and insurers can securely exchange electronic health information. Violations of HIPAA can result in significant fines and penalties for covered entities.
HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.