Salesforce Pardot is a marketing cloud that offers email marketing, analytics and reporting, and lead generation. The use of these products by healthcare organizations requires a BAA to safeguard the PHI they will share with Salesforce.
Salesforce is committed to protecting its customers' data and is willing to sign a BAA with healthcare organizations, making it a HIPAA compliant business associate.
Salesforce Pardot is a marketing automation platform primarily designed for B2B (business-to-business) marketing needs. It allows businesses to create, deploy, and manage online marketing campaigns, focusing on lead generation, nurturing, and customer engagement.
Some features of Pardot include:
See also: HIPAA compliant email marketing: What you need to know
A BAA is a contract required under the Health Insurance Portability and Accountability Act (HIPAA) between a covered entity (such as a healthcare provider) and a business associate (a third party handling PHI on behalf of the covered entity). The BAA outlines how PHI will be handled and ensures that the business associate complies with HIPAA regulations.
Healthcare organizations can utilize Salesforce Pardot's email marketing, analytics and reporting products to engage and educate patients, promote health awareness, and send appointment reminders. The use of Salesforce’s email marketing, analytics and reporting tools by healthcare organizations makes it a business associate.
We reviewed their compliance documents to determine Salesforce’s commitment to HIPAA compliance. Upon reviewing their Salesforce and the HIPAA Security Rule whitepaper, Salesforce claims that it “complies with the provisions of the HIPAA Security Rule that are
required and applicable to it in its capacity as a business associate (to the extent that its customers are HIPAA-regulated Entities and choose to submit ePHI to the Salesforce Covered Services following their signing of a BAA with Salesforce).”
To ensure the security of ePHI in Salesforce Covered Services, default security measures are applied to all customers. These safeguards implemented by Salesforce help maintain data confidentiality and integrity.
Salesforce security measures include:
Salesforce offers strong security features, including TLS encryption, secure password storage, and audit logging. Furthermore, its willingness to sign a business associate agreement reinforces its compliance with HIPAA standards. Based on these factors, Salesforce Pardot is HIPAA compliant.
HIPAA compliance extends beyond just technical safeguards and software solutions. When evaluating a tool's or service's compliance, consider the following: