The Huntress product and service does not access any health information. The Huntress agent surveys a system and file metadata. Any PII that we collect would be incidental. We take proper safeguards to secure all internal data. And since our services do not involve the use or disclosure of protected health information, there is no need for Huntress to provide our partners with a BAA for HIPAA compliance.
For information on what information is collected, please view the Support Article here: What data does Huntress collect?
Please see below for more details.
“The Compliancy Group” (https://compliancy-group.com/), an industry leader in HIPAA compliance, defines Huntress as a tool. Therefore a BAA does not apply to Huntress or its services.
- the user account the autorun starts under
- file meta-data (size, timestamp, hashes)
- “According to HHS, a “business associate” is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity.”
- "General Provision. The Privacy Rule requires that a covered entity obtain satisfactory assurances from its business associate that the business associate will appropriately safeguard the protected health information it receives or creates on behalf of the covered entity.”
- "Situations in Which a Business Associate Contract Is NOT Required: With organizations whose functions or services do not involve the use or disclosure of protected health information, and where any access to protected health information by such organizations would be incidental, if at all.”