Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

Is Branch HIPAA compliant?

Is Branch HIPAA compliant?

HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards. Covered entities and their business associates must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI).

We know the HIPAA industry is vast and that it is important to work well and communicate with patients while remaining HIPAA compliant.

SEE ALSO: HIPAA compliant email marketing: What you need to know

This is especially true with the recent move toward remote working and the increase in cyberattacks against healthcare.

Today, we will determine if Branch is HIPAA compliant or not.


About Branch

Branch is a leading mobile linking and attribution platform with solutions that unify user experience as measured across different devices, platforms, and channels. It gives users a cross-channel, cross-platform view of everything that impacts a company’s marketing activities. The platform accomplishes this by integrating with email providers, social platforms, data analytics tools, and ad networks.


Branch and the business associate agreement

A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI.

In this instance, Branch is a business associate of a healthcare organization if it works with any data that includes electronic PHI (ePHI), like a name or an email address. Generally, the HIPAA Privacy Rule allows healthcare providers to disclose PHI if they receive assurance that the information is protected through a signed BAA.

According to a Frequently Asked Question, “Branch does not intend uses of the Branch Services to create obligations under [HIPAA] and makes no representations that the Branch Services satisfy HIPAA requirements.” Moreover, it states that “Branch does not enter into Business Associate Addenda because Branch is not subject to HIPAA.”


Data protection and security

While the platform outright states that it is not HIPAA compliant and won’t sign a BAA, it does utilize strong cybersecurity features and is CSA (Cloud Security Alliance) Star certified.

Features include:

  • Physical security controls
  • Virus and malware protection
  • Security patch management
  • Encrypt at rest and in transit
  • Security monitoring


Importantly, the company further states that it does not rent or sell personal data. The company notes that it practices data minimization, collecting and storing only information needed to provide a service. Opt-out options on collected information are available though customers would have to know about them. Rather, the company includes a web page on how to avoid sending PII (personally identifiable information).


Is Branch HIPAA compliant?

The BAA is a key component of HIPAA compliance and Branch states that it won’t sign a BAA.

Conclusion: Branch is not HIPAA compliant.


Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.