HIPPA compliance with CRMs

Snohomish · ‎Sep 4, 2017

Hello,

I am a health provider and have some concerns about sharing my emails with Hubspot CRM. How can I ensure that Hubspot CRM is HIPPA compliant? I need to be able to protect my patient's health information including their emails and other demographic information. Also, often I will receive sensitive health information from my patients and I cannot afford a lawsuit if your company fails to protect my patient's privacy for any reason. What assurance can you provide that you will be held just as liable as I am for any breaches of security?

edjusten · ‎Sep 4, 2017

Hi @Snohomish At this time, HubSpot is not HIPPA compliant. Hubspot's terms of service forbids the storage or processing of sensitive health or financial information. You can find HubSpot's terms-of-service here.

Ed

Did my post help answer your query? Help the Community by marking it as a solution

View solution in original post

BuzzMelissa · ‎Sep 4, 2018

Hi there,

Is this still accurate? Ie, is Hubspot still not HIPAA-compliant?

MC

bendonahower · ‎Jan 24, 2019

Yes, this is still accurate.

Ben Donahowers HubSpot community signature

krs360 · ‎Apr 22, 2023

If this is the case, I would give up all hope. It has been requested for many years now. It's not a priority, and suspect it never will be. Single-tenancy infrastructure is more expensive, and the fines for failing to safeguard this kind of patient information are generally astronomical.

Personally, I think it should just be front and center that they don't wish to deal with clients that are required to safeguard this kind of information.

MiaSrebrnjak · ‎Apr 26, 2023

Hi @krs360,

Thank you for sharing your feedback.

I can confirm that there haven't been any changes and Clause 2.9 of our TOU still applies here:

"The Subscription Service is not designed to comply with industry-specific regulations such as the Health Insurance Portability and Accountability Act (HIPAA) or the Federal Information Security Management Act (FISMA), so you may not use the Subscription Service where your communications would be subject to such laws."

I, however, wanted to share this article which provides some guidance and advice.

Thank you for your understanding,

Mia, Communty team

Wusstest du, dass es auch eine DACH-Community gibt?
Nimm an regionalen Unterhaltungen teil, indem du deine Spracheinstellungen änderst

Did you know that the Community is available in other languages?
Join regional conversations by changing your language settings

krs360 · ‎Apr 26, 2023

Thank you for the reply. I did exactly as the article suggests. I went elsewhere for that client.

At the time, I was pretty annoyed. I had spoken to a rep before purchasing, who said it would be fine to collect the type of data I wanted to collect.

MiaSrebrnjak · ‎Apr 27, 2023

I see, I'm sorry to hear that and I apologize for the negative business impact his might have caused. Please let me know if there's anything else I can help with!

Mia, Community team

Wusstest du, dass es auch eine DACH-Community gibt?
Nimm an regionalen Unterhaltungen teil, indem du deine Spracheinstellungen änderst

Did you know that the Community is available in other languages?
Join regional conversations by changing your language settings

Gmail Sales Extension