by Kapua Iao
Article filed in

Is ContactPigeon HIPAA compliant?

by Kapua Iao

ContactPigeon company logo

HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.

Covered entities and their business associates must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI).

We know the HIPAA industry is vast and that it is important to work well and communicate with patients while remaining HIPAA compliant.

SEE ALSO: HIPAA compliant email

This is especially true with the recent move toward remote working and the increase in cyberattacks against healthcare.

Today, we will determine if ContactPigeon is HIPAA compliant or not.

About ContactPigeon

ContactPigeon, which originates in Greece, is an integrated marketing platform to help organizations create unique customer experiences.

SEE ALSO: What is customer experience management (CEM or CXM)?

It combines contact management, ecommerce analytics, campaign generator, automation smart-logic, and reporting.

And this is possible across multiple channels including email, push notifications, texts, Facebook Messenger, on-site messages, and others.

RELATED: Is Facebook HIPAA compliant?

Organizations can centralize and standardize customer information to improve and enrich a customer’s journey through centralized workflow management.

ContactPigeon and the business associate agreement

A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI.

In this instance, ContactPigeon is a business associate of a healthcare organization if it works with any data that includes electronic PHI (ePHI), like a name or an email address.

Generally, the HIPAA Privacy Rule allows healthcare providers to disclose PHI if they receive assurance that the information is protected through a signed BAA.

There is no mention of HIPAA or a BAA on the ContactPigeon website.

ContactPigeon and cybersecurity

According to ContactPigeon, the company takes precautions to secure data by using “appropriate electronic, physical and managerial procedures in place . . .” However, not much is listed, only encrypted password security.

RELATED: Increase online security with a robust password policy

Information collected by ContactPigeon may be from customers, third-party vendors, or business partners. Moreover, the company may share information to:

  • Service providers
  • Survey and market research providers
  • Advertising and marketing partners
  • Analytics organizations

At the same time, ContactPigeon states that it won’t “under any circumstances, sell your Distribution Lists.”

Is ContactPigeon HIPAA compliant?

The BAA is a key component of HIPAA compliance and ContactPigeon does not appear to sign a BAA.

If a data breach or HIPAA violation occurs and any PHI is accessed, the covered entity is liable.


ContactPigeon is not HIPAA compliant.

Try Paubox Email Suite for FREE today.