business associate agreement

Catherine Galle caska918 at
Mon Jun 1 16:59:56 EDT 2015


Thank you for your response. OTR does actually encrypt the messages (I have
tested it), which is the requirement of HIPAA if we transmit protected
health information. Pidgin would be used between employees for things like
"Please sign Jane Doe's chart from 6/1/15" or "Please confirm the urine
test results for John Doe on 6/1/15". Even these simple statements are
considered protected health information. Please excuse my tech ignorance,
but if no one owns Pidgin then I am assuming that the software resides only
locally on a computer once it is downloaded? There is no 'Pidgin' server
that the messages need pass through?


On Mon, Jun 1, 2015 at 2:09 PM, David Woolley <forums at>

> On 01/06/15 19:26, Catherine Galle wrote:
>> We are interested in using pidgin with the otr plugin for messaging
>> between staff, as pidgin-otr has high ratings/reviews. We are a doctor's
>> office and therefore governed by the rules of HIPAA. Would it be
>> possible to get a business associate agreement between our company and
>> pidgin?
> No single legal person owns Pidgin.  Whilst I'm not familiar with the sort
> of agreement you are talking about, I rather suspect no-one would have the
> authority to sign it.
> I'd also note that the OTR support is a third party plugin, so not covered
> by this mailing list.  Also, my understanding is that OTR concentrates on
> deniability rather than security, which is not a property one would want in
> a health environment.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Support mailing list