LogMeIn says that it enables HIPAA compliance and that a signed business associate agreement (BAA) is available for corporate customers.
LogMeIn is remote-access software. Covered entities using this tool must implement protections to prevent unauthorized access of protected health information (PHI). HIPAA compliance requires strict measures for access control, including unique user identification, emergency access procedures, automatic logoff features, person authentication, and audit controls. LogMeIn customers should adjust specific account settings before using the service with PHI.
LogMeIn also offers transmission security that may meet HIPAA requirements. All data transmitted during chat, remote-access, or file-transfer sessions is protected with 128-bit encryption at minimum. When permitted by the encryption level on the client’s browser, the protection increases to 256-bit encryption.
To support customers in meeting HIPAA requirements, LogMeIn provides a detailed outline of considerations and setting recommendations. These technical safeguards and transmission security features may enable covered entities to maintain compliance with HIPAA’s Privacy and Security Rules.