Is WebEngage HIPAA compliant?

Web Engage logo

HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.

Covered entities and their business associates must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI).

We know the HIPAA industry is vast and that it is important to work well and communicate with patients while remaining HIPAA compliant.

SEE ALSO:  HIPAA compliant email

This is especially true with the recent move toward remote working and the increase in cyberattacks against healthcare.

Today, we will determine if WebEngage is HIPAA compliant or not.

About WebEngage

WebEngage is a user experience tool to create personalized messages for customers. It provides organizations with multiple channels to reach customers such as in-app, texts, online, email, and through Facebook, Instagram, and WhatsApp.

RELATED: Social media & HIPAA compliance: the ultimate guide

With this and similar products, organizations can centralize and standardize customer information to improve and enrich encounters.

As a customer data and marketing automation platform, WebEngage makes real-time customer engagement and retention simplified for organizations.

WebEngage and the business associate agreement

A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI.

In this instance, WebEngage is a business associate of a healthcare organization if it works with any data that includes electronic PHI (ePHI), like a name or an email address.

Generally, the HIPAA Privacy Rule allows healthcare providers to disclose PHI if they receive assurance that the information is protected through a signed BAA.

There is no mention of HIPAA or a BAA anywhere on the WebEngage website.

WebEngage and cybersecurity

WebEngage’s data security web page states, “Your Customers’ Data Security Is Our #1 Priority.” Accordingly, the web page says that the company uses single sign-on login, role-based access, data hashing.

Furthermore, the company performs regular audits and patching.

Data in transit is secured with Transport Layer Security (TLS). Information is stored by a third-party server and is accessed through the cloud.

RELATED: CSA offers guidance on preventing ransomware in the healthcare cloud

Personally identifiable information (PII) is stored separately from other data. In fact, WebEngage’s privacy policy focuses on the PII of their customers and their customers’ customers.

Is WebEngage HIPAA compliant?

The BAA is a key component of HIPAA compliance and WebEngage does not appear to sign a BAA. If a data breach or HIPAA violation occurs and any PHI is accessed, the covered entity is liable.

Conclusion

WebEngage is not HIPAA compliant.

Try Paubox Email Suite for FREE today.

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization's security with state-of-the-art email encryption and inbound email security.

Highest rated HIPAA compliant messaging solution on G2

EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport
EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport