HIPAA Use Requirements and Limitations

Effective: April 8, 2024

A growing number of healthcare providers, and IT professionals are using Rally's cloud service. For customers who are subject to the requirements of the Health Insurance Portability and Accountability Act (known as HIPAA, as amended), Rally supports HIPAA compliance. 

Under the HIPAA regulations, entities such as Rally are considered business associates. The Business Associate Addendum (BAA) is a contract that is required under HIPAA rules to ensure that Rally appropriately safeguards protected health information (PHI). The BAA also serves to clarify and limit, as appropriate, the permissible uses and disclosures of PHI by Rally, based on the relationship between Rally and our customers, and the activities or services being performed by Rally.

It is important to note that there is no certification recognized by the US HHS for HIPAA compliance and that complying with HIPAA is a shared responsibility between the customer and Rally. Specifically, HIPAA demands compliance with the Security Rule, the Privacy Rule, and the Breach Notification Rule. Rally complies with these rules.

Rally supports HIPAA compliance (within the scope of our Business Associate Agreement) but ultimately customers are responsible for evaluating their own HIPAA compliance.

Learn more about Rally's HIPAA compliance here.

Join the future of Research Operations. Your peers are already here.

Request a 14-day trial