By Rajat Bhargava Posted May 9, 2017
JumpCloud is often asked as part of a client engagement of our cloud identity management platform to sign HIPAA Business Associate Agreements (BAA). JumpCloud is not subject to a BAA because JumpCloud does not access, nor process any electronic personal health information (e-PHI) from a covered entity. As a result, it is not necessary to have JumpCloud sign a BAA. Many healthcare organizations simply ask all of their suppliers and vendors to sign the BAA, but in this case it is not applicable. Our team would be happy to walk you through how JumpCloud relates to HIPAA and BAAs.
Directory-as-a-Service® has become a leading option for healthcare organizations to implement Administrative and Technical Safeguards as described by the HIPAA Security Rule.
What is Directory-as-a-Service?
JumpCloud’s Directory-as-a-Service platform functions as a cloud directory service. IT admins can implement JumpCloud to function as a replacement to the on-prem Microsoft Active Directory® or OpenLDAP solutions. As a SaaS-based directory service, JumpCloud manages the infrastructure of the identity management platform. Clients can leverage the platform and IT admins have full control over provisioning, deprovisioning, and modifications of user access.
IT admins can control user access to IT systems, applications, and networks. These systems can include Windows, Mac, and Linux-based servers, desktops, and laptops. User access to applications can be managed via LDAP and/or SAML. And, network access can be managed via the RADIUS protocol.
How Does JumpCloud Help with HIPAA Compliance?
JumpCloud adheres to rigorous security practices. They also help organizations enforce security by granting IT admins full control over who has access to what IT resources. Passwords are stored via a one-way hash and salt mechanism ensuring that no JumpCloud employee, or even IT admin for the organization knows the password. Self-service mechanisms are put in place to enable each end user to set and modify their passwords, SSH keys, or multi-factor authentication applications.
How Do I Know Patient Records are Safe with JumpCloud?
While JumpCloud functions as the cloud directory service platform, it does not have access to any patient data or records. JumpCloud is the mechanism by which a healthcare organization’s systems can grant or deny access to their users (employees or contractors), who then subsequently access patient data via their devices or applications. Directory-as-a-Service has become a leading option for healthcare organizations to implement Administrative and Technical Safeguards as described by the HIPAA Security Rule.
Will JumpCloud Sign a BAA?
Because JumpCloud does not access any ePHI from a covered entity, it is not necessary to have JumpCloud sign a BAA with your organization. If you have questions about this, feel free to contact our team and we would be happy to walk you through how JumpCloud can support your HIPAA compliance efforts.
Learn More about JumpCloud and HIPAA
If you would like to learn more about how JumpCloud’s Directory-as-a-Service platform can support your health care institution, drop us a note. We’d be happy to discuss how we can support your HIPAA compliance efforts. We would also be happy to describe how our other healthcare customers are leveraging our cloud directory service to help them.
You can also sign-up for a free JumpCloud Directory-as-a-Service account and your first 10 users are free forever.