Talk to sales
Start for free

HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards. Covered entities and their business associates must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI).

We know the HIPAA industry is vast and that it is important to work well and communicate with patients while remaining HIPAA compliant.

SEE ALSO: HIPAA compliant email

This is especially true with the recent move toward remote working and the increase in cyberattacks against healthcare. Today, we will determine if Insider is HIPAA compliant or not.


About Insider


Insider is a platform that creates individualized, cross-channel customer experiences.

RELATED: What is customer experience management (CEM or CXM)?

Channels include the web, app, web push, email, text, messaging (e.g., Facebook Messenger), Ads, and more. The platform connects data across channels and systems, even predicting possible future customer behaviors using an AI-intent engine.

SEE ALSO: The future of machine learning and AI in healthcare security

Organizations can centralize and standardize customer information to improve and enrich a customer’s journey through a centralized workflow management.


Insider and the business associate agreement


A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI.

In this instance, Insider is a business associate of a healthcare organization if it works with any data that includes electronic PHI (ePHI), like a name or an email address.

Generally, the HIPAA Privacy Rule allows healthcare providers to disclose PHI if they receive assurance that the information is protected through a signed BAA. There is no mention of HIPAA or a BAA on the Insider website.


Insider and cybersecurity


Insider states that it has built a strong security program that includes access and network controls. This includes password management, two-factor authentication, and privileged access management.

The platform utilizes the Amazon Web Services’ (AWS) cloud for its data and therefore all the security that comes with it. Insider also mentions using SSL, HTTPS, and TLS encryption.

Other features include redundant firewalls and data segregation. At the same time, Insider asks in its Privacy Policy that its customers “not send us or disclose any special category of personal data on or through our Website or otherwise to us.” The special categories are not listed. And while they say consent is needed, a list of third-party recipients of personal data includes Google Ads.


Is Insider HIPAA compliant?


The BAA is a key component of HIPAA compliance and Insider does not appear to sign a BAA. If a data breach or HIPAA violation occurs and any PHI is accessed, the covered entity is liable.

Conclusion Insider is not HIPAA compliant.


Try Paubox Email Suite for FREE today.

Start a 14-day free trial of Paubox Email Suite today