Designed to combine contact data, communication history, and upcoming tasks into one intuitive dashboard, Nimble is a cloud-based customer relationship management (CRM) software that helps businesses stay organized, engage more effectively, and better manage the sales process. While CRMs can provide companies with the valuable tools they need to work smarter, it is crucial for covered entities to make HIPAA compliance a priority. Let’s find out if Nimble meets these important security standards.
SEE ALSO: HIPAA compliant email
Nimble and business associate agreements
Third-party vendors that store, access, or send protected health information (PHI) are considered business associates. When covered entities work with business associates, a business associate agreement (BAA) must be signed by both parties. This is a written document that covers the obligations of the business associate to keep PHI secure. Without a signed BAA, the vendor cannot be considered HIPAA compliant. In this particular case, Nimble is a business associate for a healthcare organization if it manages PHI within its platform. There is no mention of any willingness to sign a BAA on Nimble’s website or documentation.
Nimble and data security
Is Nimble HIPAA compliant?
No, the company does not appear to sign a BAA and their FAQ page further confirms that Nimble is “not currently HIPAA compliant.”
Step up your email security
While choosing HIPAA compliant CRM software is a great place to start, healthcare providers should be taking extra steps to proactively safeguard PHI with better email security as well. Built to conveniently integrate with your existing email platform such as Google Workspace or Microsoft 365, Paubox Email Suite enables HIPAA compliant email by default by automatically encrypting every outbound message. This means you don’t have to spend time deciding which emails to encrypt and your patients can receive your messages right in their inboxes without having to navigate any additional passwords or portals. Paubox Email Suite’s Plus and Premium plan levels are also equipped with innovative inbound email security tools that provide an additional layer of protection. Our patent-pending Zero Trust Email feature uses email AI to confirm an email’s authenticity, while ExecProtect acts fast to intercept display name spoofing attempts.