Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

1 min read

Is Similarweb HIPAA compliant?

Is Similarweb HIPAA compliant?

HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards. Covered entities and their business associates must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI).

We know the HIPAA industry is vast and that it is important to work well and communicate with patients while remaining HIPAA compliant. This is especially true with the recent move toward remote working and the increase in cyberattacks against healthcare.

Today, we will determine if Similarweb is HIPAA compliant or not.


About Similarweb


Similarweb is a market intelligence provider that delivers strategic planning and tactical execution to help customers optimize their digital performance. And in return, these customers can understand their competitors and grow market share.

The platform offers web analytics to its customers by ranking websites and apps based on traffic and engagement metrics. It breaks sources into six major categories including referring sites, social traffic, and top search keywords. Market intelligence consists of information like sales, customer data, survey responses, focus groups, and competitor research to drive sales.

The idea is to use market intelligence companies like Similarweb to make fast-paced, data-driven decisions.


Similarweb and the business associate agreement


A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI.

In this instance, Similarweb is a business associate of a healthcare organization if it works with any data that includes electronic PHI (ePHI), like a name or an email address. Generally, the HIPAA Privacy Rule allows healthcare providers to disclose PHI if they receive assurance that the information is protected through a signed BAA.

There is no mention of HIPAA or a BAA on the Similarweb website.


Similarweb and data protection


Similarweb’s security web page states “security is front and center in everything we do.” The platform does not list many features on its web page but does include:


  • Continuous risk assessments
  • Disaster recovery and a business continuity plan
  • Cloud security
  • Access controls
  • Multi-factor authentication


SEE ALSO: Your cybersecurity strategy is probably lacking

The company does not mention much else but does state that it never uses data “for targeted advertising or user profiling” and doesn't use cookies to collect behavioral data.


Is Similarweb HIPAA compliant?


The BAA is a key component of HIPAA compliance but Similarweb does not appear to sign one. If a data breach or HIPAA violation occurs and any PHI is accessed, the covered entity is liable.

Conclusion Similarweb is not HIPAA compliant.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.