The Syncro platform is HIPAA compliant, ensuring your medical client data is protected properly. If you service clients who work with medical patients in the USA, HIPAA compliance may be necessary for your business.
Once you register a need for HIPAA compliance for your Syncro account below, you'll be able to start a self-serve process to get a BAA generated and signed. We are processing these requests as they come in and we contact you with timing information via email.
You will need to make some minor changes to the way you access your account in order to comply with HIPAA policy. Continue with this article to learn more. When you are ready, head to the HIPAA App Card in the App Center to initiate the process with your account.
Our BAA is strictly an agreement between you and Syncro, we cannot enter an agreement with parties with whom we don't have a direct relationship. Each client relationship normally requires its own BAA.
Table of Contents
To get started on the process head to Admin > App Center > HIPAA App Card.
There are some terms you must first agree with to start the process, followed by three criteria you must complete before getting the BAA for signature.
1. You must agree to the terms of not storing PHI on the platform.
2. You must be an active subscriber to Syncro.
3. Followed the instructions for updating your Mailbox per the instructions in the App Card. Head here for more info.
Receiving the BAA
After meeting those three requirements you will be able to request the BAA document for signing by clicking the Request Document button. An email containing the BAA will be sent to you for signing.
Then once you've saved your signature the system will notify us and we will email you a message letting you know that we've successfully received your request.
From there, we will review that things are in order and will proceed with the final steps.
Part of the setup process requires you to forward your email to a different alias as part of the security updates with HIPAA compliance. To get this new forwarding address, head to the mailbox that is your active outbound and click Edit. The forwarding address will have updated here and the "rsmbox" email will now have a ".shield" in the URL.
Note: If you have additional Mailboxes, you will need to go and update those additional non-primary mailboxes with the new forwarding address that is shown inside of each before you can continue the HIPAA signing process.
Note: If your account does not have a Mailbox configured, then the Mailbox step will be automatically checked off.
Your account will receive a new subdomain that will look something like "subdomain.shield.syncromsp.com" and this what you would use to navigate to your account going forward and log in.
If you are using any API add-ons or scripts outside of Syncro, you will need to update them to reflect the new domain that includes the shield.syncromsp.com aspect to continue working.
Important: When we create the new domain URL for you account, this may cause a short disruption from being able to access your account. Not to worry, this doesn't impact agents or devices.
Important: Once your account is forwarded to the new domain you will need to use the new URL to login to your account.
What Finished looks like
Once the process on our side is completed, we will notify you and the HIPAA App Card will reflect that the account is compliant.
Ensure You are HIPAA Compliant
If your business is not yet HIPAA compliant, you will want to contact the HIPAA Compliancy Group to get started. You can head to the HIPAA Compliant App Card in the App Center to get started and learn more.