SalesLoft is an artificial intelligence (AI) powered revenue workflow platform that helps increase revenues and customer interaction. Many healthcare organizations use these solutions to connect and communicate with patients and possible patients. To do so, however, those within the healthcare industry need to work with companies that are HIPAA compliant.
In the healthcare industry, sensitive protected health information (PHI) must be safeguarded under HIPAA. A major part of this compliance is working with vendors who will sign a business associate agreement (BAA) and ensure the security of PHI. SalesLoft still does not mention a BAA on its website and may not be HIPAA compliant.
SalesLoft is a cloud-based sales engagement platform; its first product focused solely on sales development. Since then, the company has expanded to offer functionality for an entire sales department. Organizations can employ SalesLoft to increase revenue, drive predictability, and reduce costs.
By using SalesLoft, organizations can automate the sending and receiving of data from the customer relationship management (CRM) company of their choice. A CRM collects patient data to look for ways to better the patient journey. Automation, then, allows for more personalized and more timely communication with patients without manual intervention.
LEARN ABOUT: Artificial Intelligence in healthcare
HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates (i.e., vendors) of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.
A BAA is a written contract between a covered entity and a business associate. It outlines the responsibilities and obligations of each party regarding the handling of PHI. Typical provisions within a BAA include:
The agreement is required by law for HIPAA compliance and is considered the primary item to consider when it comes to SalesLoft and its ability to be HIPAA compliant. SalesLoft is a business associate of a healthcare organization if it is storing, processing, or transmitting PHI on the cloud.
RELATED: How to know if you're a business associate
Generally, the HIPAA Privacy Rule allows healthcare providers to disclose PHI if they receive assurance that the information is protected through a signed BAA. In 2020, we checked the SalesLoft website and were unable to find information on HIPAA or a possible BAA. A recent SalesLoft compliance web page, however, states that the company is compliant with HIPAA.
Accordingly, SalesLoft also listed its compliance with the following other entities: the Payment Card Industry Security (PCI), Fair Debt Collection Practices Act (FDCPA), Fair Credit Report Act (FCRA), and SSAE 16. The web page, however, does not include any information on how it reaches compliance. Moreover, there is no other mention of HIPAA on the SalesLoft website and no mention of a BAA.
While HIPAA doesn't explicitly mention cloud services, it does impose rules for protecting sensitive patient data. In 2023, we created a HIPAA compliant checklist for cloud services to address its increasing use within healthcare. The cloud offers flexibility and convenience but also increases an organization's attack surface. Many cloud tools are available, but not all meet HIPAA requirements of encryption, data backup, and access controls.
According to SalesLoft, it uses strong security protocols. Data is hosted at Amazon and Google data centers using Amazon Web Services and Google Cloud Platform technology. Furthermore, the company utilizes access controls, backups, tests, and other protections to keep stored data safe.
Nowhere does SalesLoft state that its current cybersecurity features are HIPAA compliant.
The BAA is a necessary component of HIPAA compliance and SalesLoft does not mention a BAA on its website even though the company says that it is HIPAA compliant. Conclusion: SalesLoft may not be HIPAA compliant.
Healthcare providers know that clear and efficient communication with patients is necessary to run a successful practice. When evaluating a platform’s HIPAA compliance, especially on the cloud, consider the following security needs beyond a BAA: