by Hoala Greevy Founder CEO of Paubox
Article filed in

Is Constant Contact HIPAA Compliant?

by Hoala Greevy Founder CEO of Paubox

Is Constant Contact HIPAA Compliant? - Paubox

We’ve been getting asked by customers and prospects about Constant Contact and their ability to use it in a HIPAA compliant manner.

We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.

Today, we will determine if Constant Contact offers HIPAA compliant email marketing service or not.

SEE ALSO: HIPAA Breaches and Cloud Providers

About Constant Contact

Constant Contact is an online marketing company, headquartered in Waltham, Massachusetts. The company was founded in 1995, went public in 2007, and was acquired by Endurance International Group in 2016.

Constant Contact and the business associate agreement

We’ve previously talked about how a business associate agreement (BAA) is a written contract between a covered entity and a business associate. It is required by law for HIPAA compliance.

We checked Constant Contact’s site and found what we were looking for in their Knowledge Base (KB).

In a KB article called Business Associate Agreements (BAAs), they state:



If you are a covered entity, please contact us at legal@constantcontact.com to request a business associate agreement prior to using our product with your email subscribers.

Constant Contact will only sign our business associate agreement form (additional charges may apply). We cannot make any changes to our standard form of business associate agreement under any circumstances.


While we can see that Constant Contact will sign their own BAA, there are additional details to take note of.

For example, Constant Contact also states in the aforementioned KB article:


[You] should not use our systems for transmitting highly sensitive PHI (for example: mental health, substance abuse, or HIV information). Our application was not built for electronic medical records (EMR). If you have such information to send, please do not use Constant Contact.


In other words, while Constant Contact will sign a BAA with a customer, customers are not allowed to actually use their service to transmit PHI (protected health information).

Does Constant Contact offer HIPAA compliant email service?

Although Constant Contact will sign a BAA with covered entities, they clearly state that customers are not allowed to use their service to actually transmit protected health information (PHI).

Conclusion

Constant Contact is HIPAA Compliant – but with significant strings attached.

You should not use their service to actually transmit PHI, which greatly limits how effective your marketing efforts can be.

HIPAA email marketing tools comparison

To meet the unmet need for HIPAA compliant email marketing, we created Paubox Marketing. It is the only solution that will:

  • Sign a BAA
  • Provide military-grade encryption
  • Allow you to include PHI in your marketing emails
  • Allow patients to read your emails directly from their inbox with no extra steps

In addition, Paubox Marketing is powered by the Paubox Email API, which is HITRUST CSF certified.

Compared to the standard marketing tools, Paubox Marketing is the best option for maintaining HIPAA compliance while harnessing the power of personalized email marketing.

SEE ALSO: Why Paubox Marketing is the Best HIPAA Email Marketing Solution Available

Company Will they sign a BAA? Can you send PHI?
Adobe Campaign NO NO
Campaign Monitor NO NO
Campaigner NO NO
GetResponse NO NO
Hubspot NO NO
Mad Mimi (GoDaddy) NO NO
MailChimp NO NO
MailerLite NO NO
Marketo (Adobe) NO NO
Salesforce Pardot NO NO
Schedulicity NO NO
Sendgrid (Twilio) NO NO
Zoho Campaigns NO NO
ActiveCampaign YES NO
Constant Contact YES NO
Infusionsoft by Keap YES NO
Salesforce Marketing Cloud YES NO
Eloqua (Oracle) YES YES **
Paubox Marketing YES YES

(** To use Oracle Eloqua in a HIPAA compliant manner, recipients receive two emails for every message you send. Patients must also log into a secure message center to view your message – it does not appear in their inbox. This creates friction and makes it less likely that your patients will read your marketing email.)


Try Paubox Marketing for free and make your email marketing HIPAA compliant today.
Copy link
Powered by Social Snap