No, Mailchimp is not HIPAA compliant. The company will not sign a Business Associate Agreement (BAA).
Just so you know
Safely collect patient data, payments and email addresses with JotForm's HIPAA-compliant online forms and send them to your Mailchimp account by using JotForm's integration.
Sign up now
Mailchimp provides security measures to reduce the risk of unauthorized access, including physical security controls and encryption. Since encryption is built into the service, it meets certain HIPAA compliance regulations. But Mailchimp doesn’t guarantee that all HIPAA compliance standards are met.According to Mailchimp’s terms and conditions, customers are responsible for ensuring they comply with regulations like HIPAA. Mailchimp explicitly states that it isn’t liable if the service violates HIPAA regulations.
Uploading patient information to a Mailchimp email list is a disclosure of Patient Health Information (PHI). That makes Mailchimp a business associate. If a HIPAA-covered entity uses Mailchimp services, a Business Associate Agreement must be in place for Mailchimp to meet HIPAA compliance requirements.Without a signed BAA, Mailchimp doesn’t comply with HIPAA, so it shouldn’t be used with any form of PHI.
Uploading patient information to a Mailchimp email list is a disclosure of Patient Health Information (PHI). That makes Mailchimp a business associate. If a HIPAA-covered entity uses Mailchimp services, a Business Associate Agreement must be in place for Mailchimp to meet HIPAA compliance requirements.Without a signed BAA, Mailchimp doesn’t comply with HIPAA, so it shouldn’t be used with any form of PHI.
