HIPAA is U.S. legislation created to improve healthcare standards. Covered entities and their business associat es must be HIPAA compliant to protect patient privacy and protected health information (PHI). The rise of digital tools makes HIPAA compliance increasingly complex.
For instance, more healthcare providers are using analytics platforms to gather valuable information about website visitors. While these solutions may help improve patient engagement, they can also potentially cause HIPAA violations.
So, it is critical for covered entities to make sure that their analytics tool meets compliance obligations. Let’s determine if Smartlook is HIPAA compliant or not.
SEE ALSO: HIPAA compliant email
Smartlook is a comprehensive analytics solution that provides qualitative data to help businesses optimize their website and mobile apps. With access to in-depth insights on visitor sessions, engagement, and conversions, companies are able to gain a deeper understanding of user behavior and make smarter decisions.
Smartlook and business associate agreements
A business associate is a person or entity that performs functions or activities that involves the use or disclosure of PHI. A business associate agreement (BAA) must be signed for a third-party vendor to be considered HIPAA compliant. This is a written document that outlines the obligations of the business associate to keep PHI secure.
If both parties do not sign a BAA, the vendor cannot be considered HIPAA compliant. There is no mention of HIPAA or a willingness to sign a BAA on Smartlook’s website.
Smartlook and data security
In addition to the BAA, data security is another key piece of maintaining HIPAA compliance. Covered entities should also review the measures that a vendor has to protect PHI.
According to Smartlook’s website, the company uses the 256-bit Advanced Encryption Standard (AES-256) algorithm to encrypt all customer data at rest and SSL encryption for incoming and outgoing data.
Smartlook’s infrastructure is hosted by Amazon Web Services (AWS), which is a ISO27001 and SOC2 certified platform. To stay proactive against potential incidents, data is backed up on a daily basis. Access to Smartlook accounts is authenticated through hashed passwords and sensitive information is masked by default.
The company also notes that “full customization of sensitive data masking is possible by connecting to Smartlook’s API.”
Is Smartlook HIPAA compliant?
No, there is no indication that Smartlook will sign a BAA.
Increase security with Paubox
Just as many popular web hosts are not HIPAA compliant, advanced analytics tools aren’t always designed to meet these requirements. That’s why conducting your due diligence is crucial to steer clear of costly fines and other corrective action.
Choosing a HIPAA compliant analytics solution is a solid starting point. However, healthcare organizations should go one step further to safeguard PHI with a stronger email security strategy.
Built to seamlessly integrate with your current email platforms such as Google Workspace or Microsoft 365 , Paubox Email Suite enables HIPAA compliant email by default. It also automatically encrypts every outbound message.
This means you don't have to decide which emails to encrypt and your patients are able to receive your messages right in their inbox—no additional passwords or portals necessary.
In addition to healthcare email encryption, Paubox Email Suite's Plus and Premium plan levels include innovative inbound email security tools for more threat protection. Our patent-pending Zero Trust Email feature uses email AI to confirm that an email is authentic, while our patented ExecProtect solution quickly intercepts display name spoofing attempts.