by Hoala Greevy Founder CEO of Paubox
Article filed in

Is Outreach a HIPAA compliant cloud vendor?

by Hoala Greevy Founder CEO of Paubox

Is Outreach a HIPAA Compliant Cloud Vendor? | Paubox

We’ve been seeing more vendors, customers, and prospects asking about HIPAA compliant services.

Since Paubox is a Business Associate to thousands of customers, we’ve been wondering if they are able to use Outreach in a HIPAA compliant manner.

We know the HIPAA industry is vast, so we can empathize with just how many people need to use cloud services in this sector.

Today we will determine if Outreach offers HIPAA compliant service or not.

Outreach

Outreach is a sales engagement platform. The company aims to accelerate revenue growth by optimizing every interaction throughout a customer lifecycle.

The company was founded in 2014 and is headquartered in Seattle.

See Also: Is SalesLoft a HIPAA Compliant Cloud Vendor?

What is a Business Associate?

A Business Associate is a person or company that performs certain functions or activities that involve the use or disclosure of protected health information (PHI) for a Covered Entity.

In a nutshell, the role of a Business Associate is to help Covered Entities comply with the HIPAA Privacy Rule

Read full article: What does it mean to be a Business Associate?

Secure email for modern healthcare. Right out of the box.

Business Associate Agreement provisions

If a Business Associate provides services to a Covered Entity, then a Business Associate Agreement (BAA) must be in place.

A BAA is a written contract between a Covered Entity and a Business Associate and is required by law for HIPAA compliance.

At a minimum, a Business Associate Agreement contains 10 provisions.

Read full article: Business Associate Agreement Provisions

Outreach and the Business Associate Agreement

We checked the Outreach site for mention of their ability to sign a Business Associate Agreement (BAA).

We were not able to find any relevant information on their site regarding their ability to sign a BAA or their stance on HIPAA compliance.

For example, while the Outreach Trust page mentioned SOC 2 Type 2 and ISO 27001 compliance, there was no mention of their stance on HIPAA.

In addition, their Terms of Service, Privacy Policy, and Acceptable Use Policy & Anti-Spam pages also turned up no relevant results.

Does Outreach offer HIPAA Compliant Service?

The Business Associate Agreement (BAA) is a key component to HIPAA compliance between a Covered Entity and a Business Associate.

We were able to learn the following about Outreach and its stance on HIPAA compliance:

  • We could not find any mention of HIPAA or a BAA on the Outreach Trust page.
  • We also could not find any mentions of HIPAA or BAA on their Privacy Policy, Terms of Use Service, or Acceptable Use Policy pages.

Conclusion: Outreach makes no mention of their ability to sign a BAA. We therefore conclude they should not be used as a HIPAA compliant cloud service.

Try Paubox Email Suite for FREE today.