HIPAA Compliant Email Marketing Apps

When sending emails to your patients, you’ll want to make sure their personal information is kept secure — but which popular email marketing platforms meet HIPAA requirements? Find out with JotForm’s free HIPAA compliance checker! Just click on a platform below to instantly see if it’s HIPAA compliant. And with JotForm’s HIPAA-compliant online forms — available to Silver, Gold, and Enterprise users — and free integrations, you can even collect patient information online and sync it to your email marketing software automatically!

Listing 3 Results for “Email Marketing Apps

Constant Contact

Constant Contact

Constant Contact offers many security features that align with HIPAA requirements, such as multiuser access, account management, and the ability to limit user access. The service has technical, physical, and administrative safeguards in place to protect email subscriber data. While these security features are sufficient for general email communication, they don’t meet the privacy safeguards necessary for transmitting patient information.The HIPAA Privacy Rule applies to protected health information (PHI), which includes any information found in a medical record that’s tied to the identity of an individual, including diagnoses, treatments, and billing. HIPAA rules don’t prohibit covered entities from sending marketing emails, as long as they don’t include protected health information. For example, a medical provider can email patients about changes in business hours or new office policies. However, patients must first give their permission to be added to the email marketing list.Constant Contact is a good solution for general communication. But the company is clear that its email marketing platform doesn’t support the transmission of highly sensitive PHI. The service wasn’t designed to accommodate electronic medical records (EMR) and shouldn’t be used for personal medical information.Constant Contact is willing to sign its own business associate agreement (BAA) but won’t sign BAAs provided by customers. The signed BAA isn’t sufficient for HIPAA compliance because, as the Constant Contact website states, the service shouldn’t be used for PHI.