by Hoala Greevy Founder CEO of Paubox
Article filed in

Does Infusionsoft offer HIPAA Compliant Email Service?

by Hoala Greevy Founder CEO of Paubox

Can I use InfusionSoft (by Keap) and be HIPAA Compliant? - Paubox


Table of Contents:


A customer recently asked us about whether they were able to use Infusionsoft by Keap as a HIPAA compliant email service.

We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud services in this sector.

Today, we will determine if Infusionsoft by Keap offers HIPAA compliant email service or not.

Infusionsoft by Keap

Infusionsoft by Keap offers a subscription-based, all-in-one sales and marketing SaaS product for small businesses with fewer than 25 employees.

The private company is based in Chandler, Arizona

What is a Business Associate?

A Business Associate is a person or company that performs certain functions or activities that involve the use or disclosure of protected health information for a Covered Entity.

In a nutshell, the role of a Business Associate is to help Covered Entities comply with the HIPAA Privacy Rule.

In the case of Infusionsoft by Keap, it would certainly qualify as a Business Associate if it provides services to Covered Entities.

Read full article: What does it mean to be a Business Associate?

Business Associate Agreement provisions

If a Business Associate provides services to a Covered Entity, then a Business Associate Agreement must be in place.

A Business Associate Agreement is a written contract between a Covered Entity and a Business Associate and is required by law for HIPAA compliance.

At a minimum, a Business Associate Agreement contains 10 provisions.

Read full article: Business Associate Agreement Provisions

Infusionsoft and the Business Associate Agreement

We checked the Infusionsoft by Keap site for mention of their ability to sign a Business Associate Agreement.

We found the answer we were looking for on a page called Keap HIPAA Compliance.


Does Infusionsoft offer HIPAA Compliant Email Service? - Paubox
“Keap is pleased to announce that our flagship CRM and marketing automation platform may now be used by HIPAA covered entities and business associates to lawfully store, transmit, and otherwise process protected health information (also known as “PHI”).

To satisfy our growing community of healthcare users, Keap offers customers the opportunity to execute our standard Business Associate Agreement (or “BAA”) that satisfies the applicable subcontracting requirements under HIPAA and the HITECH Act.”


HIPAA Compliant Email and Infusionsoft by Keap

Covered Entities are required to take reasonable steps to protect PHI sent from email all the way to the recipient’s inbox. As such, HIPAA compliant email must be transmitted in-motion over the internet with encryption.

It should be noted however, the scope of the Keap Business Associate Agreement protects and encrypts data only at-rest in their platform. In other words, any email sent from their platform is not covered by the Keap BAA.

Read full article: HIPAA Compliant Email

Does Infusionsoft by Keap offer HIPAA Compliant Service?

The Business Associate Agreement (BAA) is a key component to HIPAA compliance between a Covered Entity and a Business Associate.

We were able to learn that a BAA is offered by Keap.

If you are going to send email from their platform that contains PHI however, the Keap BAA does not include coverage for that. You must either find a HIPAA compliant email API provider that integrates with Infusionsoft by Keap or not include PHI in the emails.

Learn more: Sending HIPAA Compliant Email with Infusionsoft

Not sure what to do next? Try Paubox for FREE and make your email HIPAA compliant today.