All HIPAApropriateness Reviews >>

Boomerang App for Email and HIPAA Compliance

Published August 29, 2018. Product Features:

Company that makes this product:

Boomerang App for Email and HIPAA Compliance Product Home Page

Important: HIPAApropriateness reviews, including their summaries, are for informational purposes only. They are neither consultation nor legal advice. Be aware that while we do our best to be thorough and complete, information may be missing or possibly even inaccurate. Products also change quickly, and the review may become out of date. By continuing to read, you agree to use the information in HIPAApropriateness reviews and their summaries at your own risk.

Vital Stats

HIPAA compliance with this product appears possible?: No.
Recommend for your HIPAA risk management needs?: No.

What Is This Product?

Boomerang is email productivity software that currently has products of the same name for Gmail, Outlook and Android. The software allows users to schedule sending of emails, snooze messages, pause their inbox, get reminders about an email if it hasn’t been replied to, and get read receipts.

While Boomerang is a great tool for helping you achieve and maintain that coveted “inbox zero” status, and not forgetting to follow up on something important, it is not something that can be used as an add-on for your email accounts that touch or handle Protected Health Information (PHI.) If you use Boomerang they have access to your email account and its contents, and using the Boomerang services means they’re handling identifiers such as the recipient’s email address, IP address, and the content of the recipient’s response. (If you’re wondering how this constitutes PHI, please see our CE for OH course, included in membership, How to Identify HIPAA Protected Health Information: Finding Your Clients’ Sensitive Information Wherever It Goes.)

For HIPAA covered entities, the deal breaker is that the company won’t execute a Business Associate Agreement (BAA.) Friendly reminder: if a third party qualifies as a Business Associate under HIPAA then a Business Associate Agreement is required, and informed consent does not and can not absolve that requirement. For more on this, see our article What Is a HIPAA Business Associate? And, for a deep dive into it, see the Business Associates and Business Associate Agreements unit from Module 2: Grasping the Basics of HIPAA Security Rule Compliance of our Engaging in HIPAA Security and Digital Confidentiality as a Mental Health Professional course, included in membership.

For mental health providers that are not HIPAA covered entities, we still do not advise using Boomerang: without them being a company that will execute a BAA and being able to meet the HIPAA Security standards required of a Business Associate, you’re giving Boomerang access to your email account and client information without assurances as to how they will secure client information in ways that meet your legal and ethical needs, or the ability to know that they understand what those legal and ethical needs are. (For more on how HIPAA relates to your legal and ethical needs even as a non-covered entity, please see our article Am I a HIPAA Covered Entity? How Much Does It Matter If I Am Or Not?)

By all means, though, feel free to use Boomerang for personal email accounts that don’t handle or touch PHI if its functionality has appeal!

v2.1.12-beta

Continuing Education National Approvals

Person Centered Tech Incorporated has been approved by NBCC as an Approved Continuing Education Provider, ACEP No. 6582. Programs that do not qualify for NBCC credit are clearly identified. Person Centered Tech Incorporated is solely responsible for all aspects of the programs.

Person Centered Tech Incorporated is approved by the American Psychological Association to sponsor continuing education for psychologists. Person Centered Tech Incorporated maintains responsibility for this program and its content.

Continuing Education State Approvals

  • Person Centered Tech is an approved provider continuing education provider with the Florida Board of Clinical Social Work, Marriage and Family Therapy and Mental Health Counseling. CE Broker Provider #50-23706.
  • Ohio Counselor, Social Worker, and Marriage and Family Therapist Board accepts continuing education credits from providers approved by the Florida Board of Clinical Social Work, Marriage and Family Therapy and Mental Health.
  • Person-Centered Tech Incorporated is recognized by the New York State Education Department's State Board for Social Work as an approved provider of continuing education for licensed social workers #SW-0540 and the State Board for Mental Health Practitioners as an approved provider of continuing education for licensed marriage and family therapists #MFT-0092, licensed mental health counselors #MHC-0210 and licensed psychoanalysts #P-0050 and the State Board for Psychology as an approved provider of continuing education for licensed psychologists #PSY-0068.

Policies and Terms

Training Resources

About Us

Email: [email protected]

Customer Service Hours: M-F 9AM-3PM PST

Address:
Person Centered Tech Incorporated
PO Box 42494
Portland, OR 97242

Where's our phone number?

Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss