by Ryan Ozawa
Article filed in
Is JangoMail HIPAA Compliant?
by Ryan Ozawa
Email marketing is a vital part of any modern business, right up there with having a website. And unlike a website, where customers and potential clients come to you, email marketing is pushed out to your customer base, establishing an important, direct line of communication.
Does JangoMail fit the bill?
What is JangoMail?
Based in Dayton, Ohio, JangoMail is a relatively small web-based email marketing service. It actually started as an internal tool that was built to help its parent company send mass email, but quickly became its own business.
Founded by Ajay Goel in 2002, JangoMail was built to pull information out of databases over the web and then send emails out in one shot. The email marketing platform provides broadcast email, transactional email, and automated email messages.
Finally, the company offers an extensive API that allows programmatic management of distribution lists, email campaigns, and analytic reports.
Goel sold JangoMail in 2013, and the company is now led by Indian-born American businessman, investor, and philanthropist Vin Gupta. JangoMail and JangoSMTP serve over 200,000 customers on six continents.
What does DjangoMail say about HIPAA?
In its marketing, the company says that “emails sent through the JangoMail API benefit from JangoMail’s deliverability and compliance features.” But there is no explanation as to what those compliance features are, and the only mentions of compliance in JangoMail’s support library relate to basic CAN-SPAM requirements, like providing a way for recipients to unsubscribe.
JangoMail does appear to offer basic encryption via JangoSMTP, such as TLS. However, JangoMail says that “it must be enabled on the client,” which means that encryption is disabled for recipients who can’t receive encrypted email, something that doesn’t happen with Paubox.
While JangoMail did mention HIPAA in a 2013 press release, the announcement only says that the company could, upon request, “hash the email addresses” in its system as a privacy measure. However, this does not come anywhere near meeting all HIPAA requirements for email.
Is DjangoMail HIPAA compliant?
Given the lack of documentation and the relative simplicity of its offerings, DjangoMail does not appear to be a HIPAA compliant email solution.
HIPAA email marketing tools comparison
- Sign a BAA
- Provide military-grade encryption
- Allow you to include PHI in your marketing emails
- Allow patients to read your emails directly from their inbox with no extra steps
In addition, Paubox Marketing is HITRUST CSF certified.
Compared to the standard marketing tools, Paubox Marketing is the best option for maintaining HIPAA compliance while harnessing the power of personalized email marketing.
|Company||Will they sign a BAA?||Can you send PHI?|
|Blue Orchid Marketing||NO||NO|
|Mad Mimi (GoDaddy)||NO||NO|
|Infusionsoft by Keap||YES||NO|
|Salesforce Marketing Cloud||YES||NO|
|Eloqua (Oracle)||YES||YES **|
(** To use Oracle Eloqua in a HIPAA compliant manner, recipients receive two emails for every message you send. Patients must also log into a secure message center to view your message—it does not appear in their inboxes. This creates friction and makes it less likely that your patients will read your marketing email.)
Although you might see HIPAA as a roadblock to implementing an email marketing strategy, it doesn’t have to be.