Is the Uber Health Ride Sharing Service HIPAA Compliant?

by

Uber Health is HIPAA compliant for HIPAA Covered Entities and for workforce members acting on behalf of a HIPAA Covered Entity when the organization agrees to the terms of Uber Health’s Business Associate Addendum, because Uber Health applies privacy and security controls to data entered in the dashboard and limits what is shared with drivers to basic ride logistics.

Uber Health consists of an online dashboard that healthcare providers use to schedule transportation for patients and to organize deliveries. The service does not require a patient to use a smartphone app. When a patient has a mobile phone, Uber Health sends notifications by text message with the collection and drop off location details.

Use of the dashboard can involve Protected Health Information. One example is when a patient has mobility issues and requires assistance getting into or out of the vehicle, which may be entered into the dashboard for scheduling purposes. When Protected Health Information is entered via the dashboard, Uber Health qualifies as a business associate and is required to comply with HIPAA. Uber represents that Uber Health is HIPAA compliant and that data entered in the dashboard is protected by privacy and security controls in line with HIPAA standards, with data remaining secured in the system.

Accredited HIPAA Certification

Uber restricts the information disclosed to drivers. The information provided to drivers is the patient’s name, the pickup and drop off time, and the collection point and drop off location. Information entered into the dashboard beyond those elements is not shared with drivers through the service.

Use of Uber Health by HIPAA-regulated organizations is tied to contractual terms. Uber’s General Terms and Conditions state that organizations that qualify as covered entities and business associates under HIPAA are required to agree to the terms of the Uber Health Business Associate Addendum. Healthcare providers are advised to review the terms of both agreements before contracting for Uber Health and before entering Protected Health Information into the dashboard. With the Business Associate Addendum in place, Uber Health can be used as a HIPAA compliant transportation and delivery service for scheduling rides and arranging deliveries of groceries, over-the-counter items, and filled prescriptions, and it can also be used to schedule transportation for caregivers and staff.

James Keogh

James Keogh has been writing about the healthcare sector in the United States for several years and is currently the editor of HIPAAnswers. He has a particular interest in HIPAA and the intersection of healthcare privacy and information technology. He has developed specialized knowledge in HIPAA-related issues, including compliance, patient privacy, and data breaches. You can follow James on Twitter https://x.com/JamesKeoghHIPAA and contact James on LinkedIn https://www.linkedin.com/in/james-keogh-89023681 or email directly at [email protected]