Is Mailchimp HIPAA compliant?

Aug 24, 2020

No, Mailchimp is not HIPAA compliant. The company will not sign a Business Associate Agreement (BAA).

Just so you know

Safely collect patient data, payments and email addresses with JotForm's HIPAA-compliant online forms and send them to your Mailchimp account by using JotForm's integration.

Mailchimp provides security measures to reduce the risk of unauthorized access, including physical security controls and encryption. Since encryption is built into the service, it meets certain HIPAA compliance regulations. But Mailchimp doesn’t guarantee that all HIPAA compliance standards are met.

According to Mailchimp’s terms and conditions, customers are responsible for ensuring they comply with regulations like HIPAA. Mailchimp explicitly states that it isn’t liable if the service violates HIPAA regulations.

Uploading patient information to a Mailchimp email list is a disclosure of Patient Health Information (PHI). That makes Mailchimp a business associate. If a HIPAA-covered entity uses Mailchimp services, a Business Associate Agreement must be in place for Mailchimp to meet HIPAA compliance requirements.

Without a signed BAA, Mailchimp doesn’t comply with HIPAA, so it shouldn’t be used with any form of PHI.

Ref link for Mailchimp:

https://mailchimp.com/legal/terms/

Product details

Company Logo

Business Associate Agreement

HIPAA Compliant

Website

https://mailchimp.com/

Product description

Mailchimp is a marketing platform used to promote businesses through emails, websites, and more.

Disclaimer:

Readers should perform their own research before making the final decision. The information on the JotForm HIPAA Compliance Checker does not constitute official healthcare or legal advice. JotForm is not liable for any damage or liabilities arising out of or connected in any manner with this platform.