Paubox blog: HIPAA compliant email made easy

Is SharpSpring HIPAA compliant?

Written by Kapua Iao | March 15, 2022

HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards. Covered entities and their business associates must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI).

We know the HIPAA industry is vast and that it is important to work well and communicate with patients while remaining HIPAA compliant.

SEE ALSO: HIPAA compliant email

This is especially true with the recent move toward remote working and the increase in cyberattacks against healthcare. Today, we will determine if SharpSpring is HIPAA compliant or not.

 

About SharpSpring

 

SharpSpring is an all-in-one revenue growth platform for end-to-end sales, marketing automation, and CRM (customer relationship management).

SEE ALSO: What is customer experience management (CEM or CXM)?

SharpSpring provides a map of a customer’s entire lifecycle. Organizations use SharpSpring’s solutions to generate leads, increase sales and revenue, and optimize marketing and sales funnels.

 

SharpSpring and the business associate agreement

 

A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI.

In this instance, SharpSpring is a business associate of a healthcare organization if it works with any data that includes electronic PHI (ePHI), like a name or an email address.

Generally, the HIPAA Privacy Rule allows healthcare providers to disclose PHI if they receive assurance that the information is protected through a signed BAA. There is no mention of a BAA on the SharpSpring website. According to an overview of SharpSpring’s information security:

As SharpSpring does not store or process health records, SharpSpring is not required to be HIPAA-compliant. SharpSpring does not have plans to be compliant with HIPAA.

SharpSpring and data protection

 

Within the security overview, SharpSpring states that all customer data is confidential. Its Privacy Policy, however, includes a long list of information it collects. And one of the reasons it collects information is for retargeting.

Moreover, SharpSpring integrates with third-party social media platforms like Facebook, Google, and LinkedIn.

RELATED: Social media & HIPAA compliance: The ultimate guide

The platform’s endpoints and servers are secured using Transport Layer Security (TLS) protocols with 256-bit encryption. Finally, SharpSpring mentions using the Google Cloud Platform and Amazon Web Services for storage, each of which provides their own controls.

 

Is SharpSpring HIPAA compliant?

 

The BAA is a key component of HIPAA compliance and SharpSpring does not appear to sign a BAA. Moreover, SharpSpring states that it is not HIPAA compliant. If a data breach or HIPAA violation occurs and any PHI is accessed, the covered entity is liable.

Conclusion SharpSpring is not HIPAA compliant.

 

Try Paubox Email Suite for FREE today.