business associate agreement

David Woolley forums at
Mon Jun 1 17:10:20 EDT 2015

On 01/06/15 21:35, Catherine Galle wrote:

> Yes we are required to have a 'BAA' with our appointment scheduling
> software. We do not have to have an agreement with Windows as nothing
> that is considered electronic protected health information is submitted
> to or through them.

If you use Windows at all, all your sensitive data is going through Windows!

Pidgin is a client.  Even the OTR add on is a client add on.

I guess you are really talking about the encryption support, but most 
non-open source software that runs on Windows will rely on the 
encryption provide by Windows, and you are certainly relying on Windows 
not leaking any data around the encryption, even if you are using 
OpenSSL, etc., for the encryption.

Note that Pidgin provides no servers.  Even the OTR stuff uses third 
party servers.

More information about the Support mailing list