We’ve been asked to figure out whether MailerSend can be used in a HIPAA compliant manner.
We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.
Today, we will determine if MailerSend can provide HIPAA compliant email service or not.
MailerSend is a transactional email and SMS service from MailerLite.
MailerSend and the business associate agreement
There’s a primary item to consider when it comes to MailerSend and its ability to provide a HIPAA compliant email API.
First, let’s start with a quick recap of terms. The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that protects the privacy of individuals’ personal health information, otherwise known as protected health information (PHI).
As we’ve previously discussed, HIPAA applies to covered entities, which includes healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.
A business associate agreement (BAA) is a written contract between a covered entity and a business associate. It is required by law for HIPAA compliance. In the case of MailerSend, they would certainly fall into the category of business associate if they are servicing customers that would store, process, or transmit PHI on their platform.
We checked the MailerSend site, as well as MailerLite's site, for mention of their ability to sign a BAA.
In particular, we checked the following pages:
See related: Can I use MailerLite and be HIPAA compliant?
While we found references to their stance on GDPR compliance, we did not find anything when it came to HIPAA, BAA, or PHI.
Does MailerSend offer HIPAA compliant service?
The Business Associate Agreement (BAA) is a key component to HIPAA compliance between a covered entity and a business associate.
We were able to learn the following about MailerSend about their ability to be considered a HIPAA compliant solution:
- MailerSend is GDPR compliant
- Both MailerSend and MailerLite make no mention of their stance on HIPAA compliance.
Conclusion: In our opinion, MailerSend does not appear to be a HIPAA compliant email service.
If they were able to provide a HIPAA compliant solution, they would mention it, like they do for GDPR compliance.