How-To Guides

OneDrive personal accounts are not HIPAA compliant and cannot be made so. OneDrive for Business can be compliant under a Microsoft 365 business plan with the Microsoft HIPAA BAA accepted. Here is what that requires.

Otter.ai does not offer a HIPAA Business Associate Agreement and cannot be used for any recordings or transcriptions involving protected health information. Here's what the risks look like and what to use instead.

Personal Outlook.com is not HIPAA compliant. Outlook within Microsoft 365 business plans can be — but only after signing Microsoft's BAA and enforcing email policies. Here is what small clinics need to know.

Pipedrive does not offer a HIPAA Business Associate Agreement and cannot be used with protected health information. Medical practices using Pipedrive for patient tracking need a compliant alternative.

ProtonMail does not offer a BAA and is not HIPAA compliant for healthcare use. Strong encryption is one requirement among many. Here's what clinics need instead.

RingCentral can be HIPAA compliant, but only when properly configured and with a signed BAA. Default accounts are not covered. Here's what your practice needs to do before using RingCentral for patient communications.

SharePoint Online within Microsoft 365 can be HIPAA compliant, but only after signing Microsoft's BAA and restricting external sharing. Here is what small clinics need to know.

Salesforce can be HIPAA compliant — but only with a BAA and on qualifying plans. Standard Sales Cloud and Marketing Cloud have no automatic HIPAA coverage. Here's what medical practices actually need.

Signal is not HIPAA compliant. Despite strong end-to-end encryption, Signal does not offer a BAA, has no audit logs, and its disappearing messages feature conflicts directly with HIPAA's 6-year records retention requirement.

Square does not provide a BAA for standard accounts. Payments alone are governed by PCI DSS, not HIPAA. Using Square Appointments with health-related details is a different story.

Standard SMS text messaging is not HIPAA compliant. Messages travel unencrypted over carrier networks and carriers cannot sign BAAs. Here's what small clinics use instead.

WhatsApp does not offer a HIPAA BAA and cannot be made compliant. Learn why encryption alone is not enough and what compliant alternatives exist for small clinics.