One of the most prominent analytics tools on the market is Adobe Analytics, which is part of the Adobe Marketing Cloud. Adobe Analytics offers a suite of features and capabilities to help organizations understand visitor behavior on their websites and apps. However, Adobe Analytics does not offer a business associate agreement, meaning they don't meet the guidelines for HIPAA compliancy.
Adobe Analytics is a web and app analytics solution that provides organizations with in-depth insights into visitor behavior. It allows businesses to measure the performance of their websites and marketing efforts and offers advanced segmentation, real-time automation, and ad-hoc analysis capabilities. Adobe Analytics can be integrated with other Adobe marketing products, such as Adobe Campaign and Adobe Target, to create a complete marketing ecosystem.
Healthcare organizations handle sensitive information known as protected health information (PHI), and the Health Insurance Portability and Accountability Act (HIPAA) sets strict guidelines for using this data in analytics. Organizations have two options to safeguard PHI properly:
Given Adobe Analytics functionalities, such as data analytics, it's probable that it would be considered a business associate when used in healthcare environments. Adobe Analytics does not currently satisfy the necessary privacy and security standards. Adobe Analytics is not listed as HIPAA-ready on Adobe's compliance site, and Adobe does not offer a BAA for Adobe Analytics. As a result, organizations are not permitted to create, receive, maintain, or transmit PHI through Adobe Analytics.
While Adobe Analytics does have some security measures in place, such as intrusion detection system sensors and firewalls, they do not specifically address HIPAA compliance. Data within Adobe Analytics is generally unencrypted at rest, and data in transit is only encrypted for HTTPS hits. Adobe advises users to avoid collecting personally identifiable information (PII) and prohibits the sending of sensitive personal information, such as medical records, to their platform.
Adobe Analytics offers strong security features, including intrusion detection system sensors and firewalls. However, without a BAA and lack of further security measures, Adobe Analytics is not HIPAA compliant.
HIPAA compliance extends beyond just technical safeguards and software solutions. When evaluating a tool's or service's compliance, consider the following: