by Kapua Iao
Article filed in

Is Smaply HIPAA compliant?

by Kapua Iao

Smaply company logo

HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.

Covered entities and their business associates must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI).

We know the HIPAA industry is vast and that it is important to work well and communicate with patients while remaining HIPAA compliant.

SEE ALSO:  HIPAA compliant email

This is especially true with the recent move toward remote working and the increase in cyberattacks against healthcare.

Today, we will determine if Smaply is HIPAA compliant or not.

About Smaply

Smaply by More than Metrics is journey mapping software to help organizations centralize and coordinate their customers.

With this and similar products, organizations can standardize customer data to improve and enrich encounters.

Smaply pictures a customer’s experience through journey maps, personas, and stakeholder maps. Information is downloadable in Adobe, Microsoft, or Google software. The software also integrates with Google spreadsheets for live visualization.

Smaply and the business associate agreement

A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI.

In this instance, WebEngage is a business associate of a healthcare organization if it works with any data that includes electronic PHI (ePHI), like a name or an email address.

Generally, the HIPAA Privacy Rule allows healthcare providers to disclose PHI if they receive assurance that the information is protected through a signed BAA.

There is no mention of HIPAA or a BAA on the Smaply website.

Smaply and cybersecurity

Smaply believes data on its servers remain safe because they do not need to outsource any code or development work and do continual auditing. For storage, the company uses Google Cloud and Amazon Web Services.

RELATED: CSA offers guidance on preventing ransomware in the healthcare cloud

Data in transit is secured with Transport Layer Security (TLS) 1.2, and data at rest with AES 256-bit encryption. Moreover, its users have the option of using single sign-on login.

Finally, Smaply states that it does not “process/sell any of the data you enter, no matter if personal or not. It’s just stored and served for your usage of the software.”

Is Smaply HIPAA compliant?

The BAA is a key component of HIPAA compliance and Smaply does not appear to sign a BAA. If a data breach or HIPAA violation occurs and any PHI is accessed, the covered entity is liable.


Smaply is not HIPAA compliant.

Try Paubox Email Suite for FREE today.