Is Constant Contact HIPAA compliant?

No, Constant Contact has stated that it is not HIPAA compliant. The company is willing to sign a business associate agreement (BAA), but the email service shouldn’t be used for protected health information (PHI).

Constant Contact offers many security features that align with HIPAA requirements, such as multiuser access, account management, and the ability to limit user access. The service has technical, physical, and administrative safeguards in place to protect email subscriber data. While these security features are sufficient for general email communication, they don’t meet the privacy safeguards necessary for transmitting patient information.

The HIPAA Privacy Rule applies to protected health information (PHI), which includes any information found in a medical record that’s tied to the identity of an individual, including diagnoses, treatments, and billing. HIPAA rules don’t prohibit covered entities from sending marketing emails, as long as they don’t include protected health information. For example, a medical provider can email patients about changes in business hours or new office policies. However, patients must first give their permission to be added to the email marketing list.

Constant Contact is a good solution for general communication. But the company is clear that its email marketing platform doesn’t support the transmission of highly sensitive PHI. The service wasn’t designed to accommodate electronic medical records (EMR) and shouldn’t be used for personal medical information.

Constant Contact is willing to sign its own business associate agreement (BAA) but won’t sign BAAs provided by customers. The signed BAA isn’t sufficient for HIPAA compliance because, as the Constant Contact website states, the service shouldn’t be used for PHI.

Product details

Company Logo

Business Associate Agreement


HIPAA Compliant


Product description

Constant Contact offers a user-friendly solution for creating custom-designed emails through a full-service marketing platform.


Readers should perform their own research before making the final decision. The information on the Jotform HIPAA Compliance Checker does not constitute official healthcare or legal advice. Jotform is not liable for any damage or liabilities arising out of or connected in any manner with this platform.

If you see any incorrect, incomplete or inaccurate information, please request correction by filling the form below.

Request Correction