business associate agreement

Luke Schierer lschiere at
Mon Jun 1 17:05:43 EDT 2015

Precisely, Pidgin is just a client, that will allow you to connect to one or more of many Instant Messaging services out there.  See my other reply.

Pidgin is open source software, and has never required contributors to assign their rights to the project management.  Thus it is not that Pidgin is unowned, it is that it is partially owned by numerous people.  You would need an agreement with each of the people listed in the AUTHORS file, indivdiually.  No one of us can speak for the others in executing a binding legal agreement. 


On Mon, Jun 01, 2015 at 03:59:56PM -0500, Catherine Galle wrote:
> David,
> Thank you for your response. OTR does actually encrypt the messages (I have
> tested it), which is the requirement of HIPAA if we transmit protected
> health information. Pidgin would be used between employees for things like
> "Please sign Jane Doe's chart from 6/1/15" or "Please confirm the urine
> test results for John Doe on 6/1/15". Even these simple statements are
> considered protected health information. Please excuse my tech ignorance,
> but if no one owns Pidgin then I am assuming that the software resides only
> locally on a computer once it is downloaded? There is no 'Pidgin' server
> that the messages need pass through?
> Sincerely,
> Catherine
> On Mon, Jun 1, 2015 at 2:09 PM, David Woolley <forums at>
> wrote:
> > On 01/06/15 19:26, Catherine Galle wrote:
> >
> >> We are interested in using pidgin with the otr plugin for messaging
> >> between staff, as pidgin-otr has high ratings/reviews. We are a doctor's
> >> office and therefore governed by the rules of HIPAA. Would it be
> >> possible to get a business associate agreement between our company and
> >> pidgin?
> >>
> >>
> > No single legal person owns Pidgin.  Whilst I'm not familiar with the sort
> > of agreement you are talking about, I rather suspect no-one would have the
> > authority to sign it.
> >
> > I'd also note that the OTR support is a third party plugin, so not covered
> > by this mailing list.  Also, my understanding is that OTR concentrates on
> > deniability rather than security, which is not a property one would want in
> > a health environment.
> >

> _______________________________________________
> Support at mailing list
> Want to unsubscribe?  Use this link:

More information about the Support mailing list