Is FlowMapp HIPAA compliant?

FlowMapp logo

HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.

Covered entities and their business associates must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI).

We know the HIPAA industry is vast and that it is important to work well and communicate with patients while remaining HIPAA compliant.

SEE ALSO: HIPAA compliant email

This is especially true with the recent move toward remote working and the increase in cyberattacks against healthcare.

Today, we will determine if FlowMapp is HIPAA compliant or not.

About FlowMapp

FlowMapp is a user experience tool used to visualize a customer’s experience with an organization.

With this and similar products, organizations can centralize and standardize customer information to improve and enrich encounters.

RELATED: What is a customer journey map?

FlowMapp helps organizations design websites, apps, and related products to ensure strong customer relations. Organizations use FlowMapp to create customer stories and capture key moments with a customer to enhance communication.

FlowMapp and the business associate agreement

A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI.

In this instance, FlowMapp is a business associate of a healthcare organization if it works with any data that includes electronic PHI (ePHI), like a name or an email address.

Generally, the HIPAA Privacy Rule allows healthcare providers to disclose PHI if they receive assurance that the information is protected through a signed BAA.

There is no mention of healthcare, HIPAA, or a BAA anywhere on the FlowMapp website.

FlowMapp and cybersecurity

FlowMapp’s Security web page states, “Keeping our customers’ data secure is the most important thing that FlowMapp does. We go to considerable lengths to ensure that all data sent to FlowMapp is handled securely.” The web page then lists its security features:

  • Access controls
  • Regular updates
  • Full redundancy and backup
  • Continuous monitoring
  • Firewall

Data in transit is secured with Secure Sockets Layer (SSL) and AES 256-bit encryption.

RELATED: What is transport layer security (TLS)?

At the same time, its Privacy Policy emphasizes, “While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.” In fact, FlowMapp includes a section about using the remarketing services of Google Ads and Facebook Ads.

SEE ALSO: Are retargeting ads HIPAA compliant?

Moreover, the company also affirms that it collects customers’ personally identifiable information (PII) as well as usage data (e.g., IP address).

Is FlowMapp HIPAA compliant?

The BAA is a key component of HIPAA compliance and FlowMapp does not appear to sign a BAA nor offer any security specifically for healthcare organizations.

Furthermore, FlowMapp states that data on its site is not guaranteed secure. If a data breach or HIPAA violation occurs and any PHI is breached, the covered entity is liable.

Conclusion

FlowMapp is not HIPAA compliant.

Try Paubox Email Suite for FREE today.

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization's security with state-of-the-art email encryption and inbound email security.

Highest rated HIPAA compliant messaging solution on G2

EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport
EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport