Gmail Sales Extension

Snohomish
Miembro

HIPPA compliance with CRMs

resolver

Hello,

 

I am a health provider and have some concerns about sharing my emails with Hubspot CRM.  How can I ensure that Hubspot CRM is HIPPA compliant?  I need to be able to protect my patient's health information including their emails and other demographic information.  Also, often I will receive sensitive health information from my patients and I cannot afford a lawsuit if your company fails to protect my patient's privacy for any reason.  What assurance can you provide that you will be held just as liable as I am for any breaches of security?

 

1 Soluciones aceptada
edjusten
Solución
HubSpot Employee
HubSpot Employee

HIPPA compliance with CRMs

resolver

Hi @Snohomish  At this time, HubSpot is not HIPPA compliant. Hubspot's terms of service forbids the storage or processing of sensitive health or financial information. You can find HubSpot's terms-of-service here.

 

Ed 


Did my post help answer your query? Help the Community by marking it as a solution

Ver la solución en mensaje original publicado

26 Respuestas 26
JWallace0
Participante

HIPPA compliance with CRMs

resolver

It is hard to take this thread seriously when it is titled "HIPPA comliance..."  

Health Insurance Portability and Accountability Act aka HIPAA.

0 Me gusta
spaul05
Miembro

HIPPA compliance with CRMs

resolver

HIPAA (Health Insurance Portability and Accountability Act) compliance is a critical requirement for healthcare organizations that store or process electronic protected health information (ePHI). This includes many CRM (customer relationship management) systems, which are used to manage patient data, appointments, and communications.

To be HIPAA compliant, a CRM system must have a number of security features in place, including:

  • Access control: Only authorized users should be able to access ePHI. This can be achieved through role-based permissions and multi-factor authentication.
  • Data encryption: ePHI should be encrypted at rest and in transit to protect it from unauthorized access.
  • Audit logging: All access to ePHI should be logged to track who accessed the data and when.
  • Security risk assessments: The CRM system should be regularly assessed for security risks.

https://dynatechconsultancy.com/

0 Me gusta
seanfalconer
Miembro

HIPPA compliance with CRMs

resolver

Hi @Snohomish.

 

In full transparency, I work for Skyflow (https://www.skyflow.com), but I believe we can support your use case. We work with a lot of Hubspot customers to provide secure and compliant storage and management of regulated and sensitive customer data.

 

Skyflow is a data privacy vault company, we provide isolation, protection, governance, utility, and localization for sensitive customer data. We can integrate with Hubspot as well as other tools you might be using to execute workflows over sensitive data. We work with a lot of companies in the digital health space, helping provide technology to offload HIPAA and other privacy regulations.

 

Feel free to connect with me directly if you want to discuss how this could work in more details.

 

https://www.linkedin.com/in/seanf/

 

Cheers,

 

Sean

NKrause
Miembro

HIPPA compliance with CRMs

resolver

Hi,

 

Per compliance with Hubspot, this tool could can do data obfuscation down to field level. Can dramatically reduce risk and easy no-code orchestration. 

 

"Nullafi combines data aliasing, vaulting, encryption and monitoring to protect sensitive or regulated data so that it retains all usefulness to your business, but in the event of a breach the data utterly useless to a hacker to use or reverse engineer into its original form"

 

www.nullafi.com 

 

Thanks,

Nick

0 Me gusta
ekpierce
Colaborador | Partner nivel Elite
Colaborador | Partner nivel Elite

HIPPA compliance with CRMs

resolver

Hi @darynsmith,

 

Can you please share the name of the HIPAA compliant integration that costs $1,500/mos per your video?

 

Thank you!

Erica

0 Me gusta
darynsmith
Colaborador líder | Partner nivel Elite
Colaborador líder | Partner nivel Elite

HIPPA compliance with CRMs

resolver

Huble Digital has built HIPAA compliant CRM extensions in HubSpot for several clients. 

 

A CRM Extension is shown in the right hand side margin of a Contact/Company/Deal record and looks like it is part of HubSpot, but it is actually an external system.

 

We build these on a single tenancy HIPAA compliant hosting environment, and lock them down to a IP range. 

 

Most of the information cannot be used in lists as it then can be identifiable - but we work with customers to identity what can be put into lists without breaking PII rules.

 

Reach out to me here for more info: https://www.hubledigital.com/meetings/daryn-smith

Daryn Smith
Chief Strategy Officer
Huble Digital
HarvestROI
Colaborador | Partner nivel Platinum
Colaborador | Partner nivel Platinum

HIPPA compliance with CRMs

resolver

@darynsmith Can we give our clients a BAA certificate with this solution?

 

0 Me gusta
jhayes
Miembro

HIPPA compliance with CRMs

resolver

I appreciate the information, but until HubSpot itself is HIPPA compliant the system is not usable for the full needs of our company.  We are still required to maintain two systems.  So we we keep looking to find one that can meet our needs.  This also begs the question of what elements of the system are preventing HubSpot from being HIPPA compliant.  Are areas of the system or our data not private to our company only.  

0 Me gusta
darynsmith
Colaborador líder | Partner nivel Elite
Colaborador líder | Partner nivel Elite

HIPPA compliance with CRMs

resolver

Hi @jhayes 

 

In order for HubSpot to become HIPAA compliant - they would need to offer a single tenancy solution (so either premise based or on speciality infrastructure like that offered by oRock).

 

This would be a signifcant deviation to how the HubSpot platform works. 

 

Then the security on the data needs to be further locked down, for example you would not be able to create a list on every contact that has received a treatment in last 30 days.

 

The way we have worked around this - we have been creating CRM extensions hosted on oRock. Locking down access to fields, locking down access using IP ranges. 

 

This way you can see patient information from within HubSpot, but it is not stored on the HubSpot infrastructure.

Daryn Smith
Chief Strategy Officer
Huble Digital
PWyngaard1
Participante

HIPPA compliance with CRMs

resolver

Respectfully, this is just not true Daryn.  Nearly all of Amazon AWS services are HIPAA compliant without the need for single tenancy.  That used to be the case several years ago, but it's not the case today.  It's never been easier for companies like HubSpot to become fully HIPAA compliant and offer BAAs to their customers.

krs360
Participante

HIPPA compliance with CRMs

resolver

Hello @darynsmith.

 

Just wondering how you're getting around the sensitive information issue that some of us are facing. I wish it was a little more obvious that this popular CRM solution lacks the compliance with HIPPA.

 

When I called sales re taking up Hubspot services, I explained my use case (Recruitment) and on-boarding into the business to be told it's fine. Now I need to collect data on criminal convitions/bank details for payment it's not fine.

 

Be keen to listen to your suggestions.

0 Me gusta
darynsmith
Colaborador líder | Partner nivel Elite
Colaborador líder | Partner nivel Elite

HIPPA compliance with CRMs

resolver

HI @krs360 

 

I thought it would be easiest to explain by video, so I made this quick 3 minute video explaining how we would achieve HIPAA compliance with HubSpot: 

https://share.vidyard.com/watch/JPBXYqPs1kLW9VGPDbj1nf?

Daryn Smith
Chief Strategy Officer
Huble Digital
Snohomish
Miembro

HIPPA compliance with CRMs

resolver
0 Me gusta
zubair
Participante

HIPPA compliance with CRMs

resolver

were you planning to use it for patient case updates?

did you find an alternative?

edjusten
Solución
HubSpot Employee
HubSpot Employee

HIPPA compliance with CRMs

resolver

Hi @Snohomish  At this time, HubSpot is not HIPPA compliant. Hubspot's terms of service forbids the storage or processing of sensitive health or financial information. You can find HubSpot's terms-of-service here.

 

Ed 


Did my post help answer your query? Help the Community by marking it as a solution
lregadas
HubSpot Employee
HubSpot Employee

HIPPA compliance with CRMs

resolver

Can we update this info please? We're HIPPA compliance now, right?

0 Me gusta
bendonahower
Guía | Partner nivel Diamond
Guía | Partner nivel Diamond

HIPPA compliance with CRMs

resolver
Nope, not yet
Ben Donahowers HubSpot community signature
0 Me gusta
HubSpotMaster
Asesor destacado | Partner nivel Diamond
Asesor destacado | Partner nivel Diamond

HIPPA compliance with CRMs

resolver

How have folks handled connecting Inboxes for sales folks and remaining HIPPA compliant?

jhayes
Miembro

HIPPA compliance with CRMs

resolver

HubSpot REALLY needs to get the system HIPPA compliant.  We are not able to really use the system as much because of this major limitation.  There are other cloud based CRMS out there that are HIPPA compliant, but they are not as good...please pass up the line to get into the development queue. 

marlonjonesmba
Participante

HIPPA compliance with CRMs

resolver

I AGREE WHOLEHEARTEDLY. Hubspot is the absolute best with this one thing lacking. Please gain compliance. I am a healthcare professional holding an MBA in Healthcare Administration & E-Business! This would be an absolute winner.