Yes, ActiveCampaign is HIPAA compliant. This service offers security features that align with HIPAA regulations, and ActiveCampaign will sign a BAA.
HIPAA compliance is available with ActiveCampaign’s Enterprise plan. The security page states that ActiveCampaign will meet HIPAA standards for enterprise-level customers, but no further information is available about specific security features for HIPAA compliance.
The company stresses that each customer is responsible for using the service in a HIPAA-compliant manner. ActiveCampaign provides security to support these needs. According to the HIPAA Security Rule, entities and business associates must take reasonable steps to protect PHI, including end-to-end security.
ActiveCampaign will sign itd own Business Associate Agreement (BAA) with covered entities. Covered entities must have an enterprise plan and complete a signed BAA before using this service for PHI.