Yes, LogMeIn says that it is HIPAA compliant, and a signed business associate agreement (BAA) is available for corporate customers.
LogMeIn is remote-access software that falls under the “technical safeguards” category of the Health Insurance Portability and Accountability Act (HIPAA). Covered entities using this tool must implement protections to prevent unauthorized access of protected health information (PHI).
HIPAA compliance requires strict measures for access control, including unique user identification, emergency access procedures, automatic logoff features, person authentication, and audit controls. LogMeIn meets all of these requirements, but customers must adjust specific account settings before using the service with PHI.
LogMeIn also offers transmission security that meets HIPAA requirements. All data transmitted during chat, remote-access, or file-transfer sessions is protected with 128-bit encryption at minimum. When permitted by the encryption level on the client’s browser, the protection increases to 256-bit encryption.
To support customers in meeting HIPAA requirements, LogMeIn provides a detailed outline of considerations and setting recommendations. These technical safeguards and transmission security features enable covered entities to maintain compliance with HIPAA’s Privacy and Security Rules.
In addition, LogMeIn will sign a business associate agreement (BAA) for corporate customers that have annual contracts.