This topic was automatically generated from Slack. You can find the original thread here.
I need help with a client project; not sure who/how to best get the answers:
We’re evaluating Pipedream (we are a paying customer from this week!)
for a client project that involves integrating multiple systems
including Salesforce (Lumary), QuickBooks, JotForm, and Paylocity.
Given the healthcare nature of this project, HIPAA compliance is a
critical requirement.
I have several questions about your Business plan HIPAA capabilities:
HIPAA Compliance & BAA:
- Can you provide a sample Business Associate Agreement (BAA) for review?
- What is the timeline to execute a BAA once we move forward?
- Can you confirm that Workflows, Event Sources, Data Stores, and
Destinations are all HIPAA-compliant? - What specific encryption standards do you use for PHI data at rest
and in transit? - How do you handle audit logging for PHI access and processing?
Integration Capabilities:
- Do you have experience with Lumary (Salesforce-based healthcare
platform) integrations? - Are there any API rate limiting concerns or limitations we should be aware of?
- How do you handle real-time data synchronization across multiple systems?
Enterprise Support:
- Can you provide your SOC 2 report and third-party HIPAA audit results?
- What is the typical implementation timeline for Enterprise
HIPAA-compliant integrations? - What is your incident response process for potential PHI breaches?
We’re working under a tight timeline and would appreciate the
opportunity to schedule a call to discuss these requirements and
Business plan pricing in more detail. Please let me know your
availability for a technical discussion this week or next.