Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

Is Tatango a HIPAA compliant text messaging service?

Is Tatango a HIPAA compliant text messaging service?
Tatango is one of the top text message marketing solutions in the industry. Deciding whether or not it is useful for covered entities heavily relies on whether or not it is HIPAA compliant.  In this article, we will find out if Tatango is a HIPAA compliant text messaging service. 


About Tatango

Tatango is a mass text messaging marketing software that heavily relies on campaign subscriber data for many of its functions, including: 


  • Segmenting subscribers according to user behavior, demographics, and geolocation
  • API integrations that sync subscriber data between Tatango and other software applications
  • Analytics visualizations for exportable reports
  • Administration controls for campaign management


Tatango and the business associate agreement

A business associate agreement is a written contract between a covered entity and a business associate . This contract defines specific PHI (protected health information) protections and is required for HIPAA compliance.  After speaking with a representative, we found out that:  Tatango will not sign a business associate agreement


Tatango and data encryption

Tatango relies on highly sensitive subscriber information to make the most out of its capabilities. In order for Tatango to be HIPAA compliant, these data points would need to be encrypted and require a certain level of authorization to access.  While Tatango does mention safeguards to user information in its privacy policy , it does not specify the extent of these protections or provide any guarantee against potential breaches.   Conclusion: Tatango is not HIPAA compliant because it is unwilling to sign a business associate agreement. Furthermore, it provides any details about how it protects customer data. Carrying out a marketing campaign through Tatango would require setting access and audit controls because subscriber data could be protected health information.  Because Tatango puts this responsibility on its partners, it is no surprise that the company is unwilling to sign a BAA. 


An easier way for HIPAA compliant marketing

Companies like Tatango put the onus on you to make sure that PHI is encrypted and you are remaining HIPAA compliant with your marketing. This requires lots of time and effort when you could just outsource the work to a HIPAA compliant email service that can get the job done for you.  Paubox Email Marketing and the Paubox Email API are specifically designed with HIPAA compliance in mind.  Both solutions use zero-step encryption to automatically encrypt all email sent, and they both allow you to securely transmit emails including PHI at scale while offering real-time analytics to track and measure campaign progress. 


SEE ALSO: Why You Should Consider Implementing Zero Trust for Your Healthcare Business


Additionally, Paubox signs a business associate agreement with all customers and is HITRUST certified .   While Tatango can give you access to large amounts of subscriber data for marketing campaigns, its unwillingness to sign a business associate agreement makes you liable for any fines that may arise due to a data breach By partnering with Paubox, you can rest assured that your marketing campaigns are safe from cyber threats that might otherwise arise with other mass messaging applications, an important quality for organizations that must comply with HIPAA regulations.


Try Paubox Marketing for free and make your email marketing HIPAA compliant today.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.