Integromat is a tool that allows you to automate workflows by easily transferring data between apps or APIs. While this could make it easier to do a person's job, is the product HIPAA compliant for covered entities?
Is Integromat HIPAA compliant?
Most, if not all, covered entities work with third-party vendors. In terms of HIPAA compliance, it's not an issue until third-party vendors have access to, store, or transmit protected health information (PHI) . When this occurs, third-party vendors are considered business associates and must meet HIPAA security requirements to keep PHI secure. Covered entities need to ensure that business associates are committed to data security and staying in compliance with HIPAA. Healthcare providers can get this assurance by participating in a business associate agreement (BAA) . This contract covers the duties and responsibilities of a business associate in protecting patient data. If a business associate won't sign a BAA, it's automatically not HIPAA compliant. The Integromat website makes no mention of any willingness to sign a BAA and does not discuss what it does to protect PHI. A customer support representative said Integromat is based in Prague, and the U.S. HIPAA laws are not valid in the European Union. This implies that Integromat has not made an effort to comply with HIPAA. A covered entity could opt to turn on a "Data is confidential" feature, which stops data from being saved on servers, but any PHI that is transmitted may not have the security HIPAA requires. Conclusion: Integromat is not HIPAA compliant. Since the company is not willing to sign a BAA, it can't be considered in compliance with HIPAA security requirements. It also may not have the necessary encryption features to protect PHI in transit.
Consider Paubox for your email API security
Although Integromat is not a HIPAA compliant option, using APIs is an important part of many healthcare providers' workflows. Technology tools like Paubox Email API allow you to safely send HIPAA compliant email containing PHI at scale. The Paubox Email API encrypts every email by default. Our patented technology ensures HIPAA compliance even when an email recipient doesn’t support encryption. With our HITRUST CSF certified product, patients receive encrypted emails directly to their inboxes—no passwords or portals required. Easy to implement with clear documentation, a developer’s experience is as seamless as the email recipient’s.
Paubox includes a BAA in all of your plans, so your healthcare organization can rest easy knowing that we are keeping your data protected.