Based on our research, Cerner, now part of Oracle Health, is HIPAA compliant because it meets the requirements set by the U.S. Department of Health and Human Services (HHS) to safeguard protected health information (PHI), provided that customers sign a business associate agreement (BAA) and configure the services correctly.
Cerner, now part of Oracle Health, offers a wide range of healthcare technology solutions, including electronic health records (EHRs), data and analytics platforms, and cloud infrastructure. Cerner provides hospitals, clinics, and health systems with tools to manage patient care, operations, and business processes. Cerner can be HIPAA compliant when used under a signed BAA and configured in alignment with HIPAA standards.
Yes, Cerner will sign a business associate agreement.
The Cerner BAA covers the use and disclosure of protected health information (PHI) when Cerner services are used under the agreement. The terms state:
“Cerner shall not Use or Disclose PHI other than as permitted or required by the Agreement, this BAA, or as Required By Law.”
Their BAA covers:
However, the BAA also makes clear that:
“Cerner shall not be responsible for compliance with HIPAA or the HIPAA Rules by Customer, except as expressly provided in this BAA.”
This means customers are ultimately responsible for configuring and using Cerner services in a HIPAA-compliant manner.
Cerner signs a BAA and can therefore be HIPAA compliant. However, compliance depends on how customers configure and use Cerner services, since Cerner shifts responsibility for HIPAA compliance outside its expressly covered obligations.
Paubox has developed a HIPAA compliant email and texting solution that makes it easier for providers to connect with their patients. It eliminates the need for third-party apps or logins, allowing patients to receive secure, encrypted texts and emails directly on their phones.
Learn more: HIPAA Compliant Email: The Definitive Guide
HIPAA is designed to protect the privacy and security of individuals’ health information and to ensure that healthcare providers and insurers can securely exchange electronic health information. Violations of HIPAA can result in significant fines and penalties for covered entities.
HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.
A BAA is a legally binding contract establishing a relationship between a covered entity under HIPAA and its business associates. The purpose of this agreement is to ensure the proper protection of personal health information (PHI) as required by HIPAA regulations.