Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

Is Optimove HIPAA compliant?

Is Optimove HIPAA compliant?

HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards. Covered entities and their business associates must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI).

We know the HIPAA industry is vast and that it is important to work well and communicate with patients while remaining HIPAA compliant.

SEE ALSO: HIPAA compliant email

This is especially true with the recent move toward remote working and the increase in cyberattacks against healthcare. Today, we will determine if Optimove is HIPAA compliant or not.


About Optimove


Optimove creates CRM (Customer Relationship Management) journeys through a real-time customer data platform.

SEE ALSO: What is customer experience management (CEM or CXM)?

By using Optimove, organizations can centralize and standardize customer information to improve and enrich a customer’s journey through centralized workflow management. The company uses analytics to automate how organizations market to customers. And Optimove does this using AI technology to transform customer data into actionable insights.

RELATED: The future of machine learning and AI in healthcare security

Moreover, Optimove has aligned with other leading partners (e.g., Salesforce) to bring end-to-end solutions to organizations.


Optimove and the business associate agreement


A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI.

In this instance, Optimove is a business associate of a healthcare organization if it works with any data that includes electronic PHI (ePHI), like a name or an email address. Generally, the HIPAA Privacy Rule allows healthcare providers to disclose PHI if they receive assurance that the information is protected through a signed BAA.

There is no mention of a BAA on the Optimove website. The only reference to HIPAA is in a blog that states Optimove is compliant with “leading standards and regulations.” There is no other mention of HIPAA.


Optimove and data management


According to its Privacy Policy, Optimove does not share information with others unless specified within the document. Third-party platform providers that deliver targeted advertising include Facebook, Google, and Twitter.

RELATED: Social media & HIPAA compliance: The ultimate guide

Moreover, Optimove adds that it uses Google Analytics, retargeting, and numerous cookies to collect information for marketing and advertising. Customers can opt-out if they are aware of the policy and know who to contact.

Optimove’s privacy policy only mentions an organization’s customer data once: “Use of the Optimove system requires the provision of customer data . . . by our clients.” And that the company retains the data until a client requests deletion or the client is no longer a customer.

There is no mention of data storage or security beyond the fact that Optimove uses cloud technology.


Is Optimove HIPAA compliant?


The BAA is a key component of HIPAA compliance and Optimove does not appear to sign a BAA. If a data breach or HIPAA violation occurs and any PHI is accessed, the covered entity is liable.

Conclusion Optimove is not HIPAA compliant.


Try Paubox Email Suite Plus for FREE today.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.