1 min read

Is Mailchimp HIPAA compliant? (2026 update)

Picture of Mara Ellis Mara Ellis February 18, 2018

HIPAA compliance Email marketing
mailchimp logo

Mailchimp is an email marketing and automation platform that helps businesses build audiences, design campaigns, and send marketing messages at scale.

Is Mailchimp HIPAA compliant? No. Based on publicly available terms and compliance reporting.

 

What changed this year

As of February 2026, our review did not identify any publicly disclosed changes to Mailchimp HIPAA-related policies or any newly published BAA terms. Mailchimp’s Standard Terms state, “You’re responsible for determining whether the Service is suitable for you to use in light of your obligations under any regulations like HIPAA…If you’re subject to regulations (like HIPAA) and you use the Service, then we won’t be liable if the Service doesn’t meet those requirements.”

Mailchimp’s Acceptable Use Policy also continues to restrict uploading certain sensitive personal data and shows an update date of September 26, 2025, which does not indicate a shift toward HIPAA support.

 

Will Mailchimp sign a business associate agreement (BAA)?

No, Mailchimp will not sign a business associate agreement (BAA), and therefore is not HIPAA compliant.

Mailchimp’s own Standard Terms reinforce the practical risk.

 

Conclusion

Mailchimp does not sign a BAA and is therefore not HIPAA compliant.

See also: HIPAA Compliant Email: The Definitive Guide

 

FAQS

What is a business associate agreement?

A BAA is a legally binding contract establishing a relationship between a covered entity under the Health Insurance Portability and Accountability Act (HIPAA) and its business associates. The purpose of this agreement is to ensure the proper protection of personal health information (PHI) as required by HIPAA regulations.

 

What is HIPAA?

HIPAA is designed to protect the privacy and security of individuals’ health information and to ensure that healthcare providers and insurers can securely exchange electronic health information. Violations of HIPAA can result in significant fines and penalties for covered entities.

 

Who does HIPAA apply to?

HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.

Secure every email you send and receive HIPAA compliant. Threat-proof. Hassle-free.
Healthcare professional and patient discussing paperwork at a desk

HIPAA and health plan marketing

Picture of Kirsten Peremore Kirsten Peremore : September 19, 2023

Health plans are considered covered entities under HIPAA because they handle individuals' protected health information (PHI) as an integral part of...

HIPAA compliance Email marketing
Read More
Network diagram showing users connected to an email icon

Three things you didn’t know you could do with Paubox Marketing API

Picture of Hoala Greevy Hoala Greevy : May 19, 2022

Earlier this week, we hopped on a zoom with an online pharmacy startup. They wanted to learn more aboutPaubox Marketing. Their existing email...

Email API Email marketing
Read More
GetResponse logo

Is GetResponse HIPAA compliant? (2026 update)

Picture of Tshedimoso Makhene Tshedimoso Makhene : November 24, 2019

GetResponse is an online marketing platform designed to assist businesses in creating and managing their email marketing campaigns, landing pages,...

HIPAA compliance Email marketing
Read More

Subscribe to Paubox Weekly

Every Friday we bring you the most important news from Paubox. Our aim is to make you smarter, faster.