Other

There is no specific mention of HIPAA or Business Associate Agreements on Genius Scan’s website, even on the privacy and security overview page.

The security & privacy section of the OpenAI website states that the company helps “customers meet regulatory, industry, and contractual requirements like HIPAA”; however, ChatGPT isn’t currently covered by OpenAI’s BAA. According to OpenAI, only API services with “endpoints that are eligible for zero retention are covered” by its BAA. Customers do not have to be on an Enterprise plan to be eligible for OpenAI’s BAA.

Power BI is a Microsoft product. According to a blog on the platform’s website, Power BI was added to the Microsoft Trust Center in April 2016. The Microsoft Trust center is a single point of reference that documents compliance with various regulations. HIPAA and the HITECH Act are spotlighted in the Microsoft Trust Center. As a cloud service provider, Microsoft considers itself a business associate for HIPAA-covered entities: “To support our customers’ compliance with HIPAA when utilizing Microsoft enterprise products and services, Microsoft will enter into Business Associate Agreements with its covered entity and business associate customers.”In the Trust Center, Power BI is listed as an in-scope cloud platform either as a standalone service or included in an Office 365 or Dynamics 365 branded plan or suite.

There is no mention of HIPAA or Business Associate Agreements (BAAs) on the Eventbrite website. The company’s expansive Security and Safety Guide describes the platform’s security features, as well as the security laws and regulations it strives to comply with, but mention of HIPAA is notably absent as of the date of this post. Despite strong encryption and security, Eventbrite does not appear to meet HIPAA requirements for safeguarding protected health information, at least from what one can presently glean from the company’s website. 

According to Vimeo’s Help Center, its self-serve platform is not HIPAA compliant; therefore, Vimeo advises its users not to upload any material that would fall under HIPAA regulations, even to a private channel.Vimeo states that its platform does offer a solution that enables HIPAA compliance for Enterprise clients and indicates that it is willing to sign Business Associate Agreements with covered entities.

According to the platform’s website, Okta’s Identity as a Service (IDaaS) cell for HIPAA is specifically designed to help service providers meet HIPAA requirements. Okta requires customers to sign a Business Associate Agreement (BAA) prior to storing HIPAA-related information.