HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards. Covered entities and their business associates must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI). We know the HIPAA industry is vast and that it is important to work well and communicate with patients while remaining HIPAA compliant.
SEE ALSO: HIPAA compliant email
This is especially true with the recent move toward remote working and the increase in cyberattacks against healthcare. Today, we will determine if impact.com is HIPAA compliant or not.
About impact.com
As a global partnership management platform, impact.com streamlines workflows by providing access to performance metrics and actionable insights.
Moreover, it helps organizations build authentic relationships with all types of partnerships including affiliates, influencers, commerce content publishers, and B2B. It allows users to automate and expand rapidly, tracking and analyzing customer interactions across the web and mobile.
SEE ALSO: What is customer experience management (CEM or CXM)?
Organizations can centralize and standardize customer information to improve and enrich a customer’s journey through a centralized workflow management. Impact.com’s platform and marketplace make it easy to manage partnerships between organizations and customers.
impact.com and the business associate agreement
A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI.
In this instance, impact.com is a business associate of a healthcare organization if it works with any data that includes electronic PHI (ePHI), like a name or an email address. Generally, the HIPAA Privacy Rule allows healthcare providers to disclose PHI if they receive assurance that the information is protected through a signed BAA.
There is no mention of HIPAA or a BAA on impact.com.
impact.com and cybersecurity
Information on the disclosure of personally identifiable information (PII) was not easy to find. According to the privacy policy, customer’s personal information will be used for legitimate business purposes.
Moreover, impact.com does not rent or sell personal information. As for customers of customers, impact.com may process its “clients’ visitors and customers, and visitors to our Clients’ websites” as a service provider or data processor.
Unfortunately, information about cybersecurity lacks throughout its website. Within its privacy policy, impact.com states that “we strive to implement and maintain reasonable, commercially acceptable security procedures” though it is “unable to guarantee the absolute security of the Personal Information we have collected from you.”
Is impact.com HIPAA compliant?
The BAA is a key component of HIPAA compliance and impact.com does not appear to sign a BAA. If a data breach or HIPAA violation occurs and any PHI is accessed, the covered entity is liable.
Conclusion impact.com is not HIPAA compliant.