Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

1 min read

Is Constant Contact HIPAA compliant? (Update 2024)

Is Constant Contact HIPAA compliant? (Update 2024)

Constant Contact is a well-known online marketing company headquartered in Waltham, Massachusetts.

So, is Constant Contact HIPAA compliant?

Our research suggests that while they will sign a business associate agreement, they do not function as a HIPAA compliant email marketing platform.

Constant Contact does not allow storing or transmitting protected health information.

According to Constant Contact, users "must abide by our Website and Products Terms and Conditions of Use, which prohibit sensitive personal or health information of any kind, including sensitive PHI (for example: mental health, substance abuse, or HIV information) from being stored on or transmitted through our systems. Our application was not built for electronic medical records (EMR). If you have such information to send, please do not use Constant Contact."

 

What is Constant Contact?

Constant Contact is an online marketing solution designed for businesses looking to enhance their email marketing campaigns. It provides a suite of tools and features that allow organizations to create, send, and analyze email marketing campaigns. With a user-friendly interface and customizable templates, Constant Contact aims to simplify the process of engaging with subscribers and driving business growth.

 

Constant Contact and business associate agreements (BAAs)

Under the Health Insurance Portability and Accountability Act (HIPAA), a business associate agreement (BAA) is a contract that outlines the responsibilities of third-party vendors when handling protected health information (PHI). Any software or service that stores, processes, or transmits PHI on behalf of a healthcare entity is considered a business associate and should sign a BAA.

Given Constant Contact’s functionalities, such as email marketing, it's probable that it would be considered a business associate when utilized in healthcare environments.

According to it's official website, Constant Contact is willing to sign a BAA with covered entities. However, Constant Contact does not make any changes to its standard form of the BAA.

 

Is Constant Contact HIPAA compliant?

Based on our analysis, Constant Contact's willingness to sign a business associate agreement (BAA) appears to imply compliance with HIPAA standards. However, their Website and Products Terms and Conditions of Use do not allow protected health information to be uploaded, stored, or sent.

The terms state, "Whether or not we enter into a BAA with you, this Agreement, including the prohibition on importing or incorporating nonpublic personal information, remain in effect for your account. You agree not to import or incorporate any protected health information in the Services other than the fact that the individuals on your contact lists may have a relationship with your business."

Constant Contact may not be used for healthcare-related email marketing.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.