HIPAA Compliance

Updated:

In this article, you will learn about Onfleet and HIPAA compliance. This article will cover:

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without a patient's consent or knowledge.

HIPAA applies to Covered Entities and Business Associates (“BA”) that handle protected health information (“PHI”).

Does Onfleet support HIPAA compliance?

Yes, Onfleet is subject to HIPAA as a Business Associate ("BA") since it services pharmaceutical and healthcare customers that may store PHI in the Onfleet platform.

Does Onfleet collect Protected Health Information (PHI)?

Yes, Onfleet collects individually identifiable information like street addresses, which are not de-identified for purposes of HIPAA because they could be used to identify an individual when they are paired with the provision of health care (i.e. delivery of prescription drugs). Therefore, street addresses constitute PHI for purposes of HIPAA. 

Onfleet encourages pharmaceutical and healthcare customers to minimize or refrain from storing private medical data (i.e. specific prescription drug information) in the Onfleet platform, and instead store only what is needed to complete the pickup/delivery: recipient name, address, phone number, and an order ID or similar external identifier.

Does Onfleet have a Business Associate Agreement (“BAA”)?

Yes, Onfleet is required to enter into a Business Associate Agreement ("BAA") with its customers who are Covered Entities under HIPAA. The BAA serves to clarify and limit, as appropriate, the permissible uses and disclosures of PHI by Onfleet, the Business Associate, based on its relationship to its customer and the activities or services being performed. If a customer wishes to modify Onfleet's BAA or use its own BAA, legal fees may apply.

Return to Top