Is Tatango a HIPAA Compliant Text Messaging Service?
by Rikin Shah
Tatango is one of the top text message marketing solutions in the industry. Deciding whether or not it is useful for covered entities heavily relies on whether or not it is HIPAA compliant.
In this article, we will find out if Tatango is a HIPAA compliant text messaging service.
Tatango is a mass text messaging marketing software that heavily relies on campaign subscriber data for many of its functions, including:
- Segmenting subscribers according to user behavior, demographics, and geolocation
- API integrations that sync subscriber data between Tatango and other software applications
- Analytics visualizations for exportable reports
- Administration controls for campaign management
Tatango and the business associate agreement
A business associate agreement is a written contract between a covered entity and a business associate. This contract defines specific PHI (protected health information) protections and is required for HIPAA compliance.
After speaking with a representative, we found out that:
Tatango will not sign a business associate agreement.
Tatango and data encryption
Tatango relies on highly sensitive subscriber information to make the most out of its capabilities. In order for Tatango to be HIPAA compliant, these data points would need to be encrypted and require a certain level of authorization to access.
Conclusion: Tatango is not HIPAA compliant because it is unwilling to sign a business associate agreement. Furthermore, it provides any details about how it protects customer data.
Carrying out a marketing campaign through Tatango would require setting access and audit controls because subscriber data could be protected health information.
Because Tatango puts this responsibility on its partners, it is no surprise that the company is unwilling to sign a BAA.
An easier way for HIPAA compliant marketing
Companies like Tatango put the onus on you to make sure that PHI is encrypted and you are remaining HIPAA compliant with your marketing. This requires lots of time and effort when you could just outsource the work to a HIPAA compliant email service that can get the job done for you.
Paubox Email Marketing and the Paubox Email API are specifically designed with HIPAA compliance in mind. Both solutions use zero-step encryption to automatically encrypt all email sent, and they both allow you to securely transmit emails including PHI at scale while offering real-time analytics to track and measure campaign progress.
Additionally, Paubox signs a business associate agreement with all customers and is HITRUST certified.
While Tatango can give you access to large amounts of subscriber data for marketing campaigns, its unwillingness to sign a business associate agreement makes you liable for any fines that may arise due to a data breach.
By partnering with Paubox, you can rest assured that your marketing campaigns are safe from cyber threats that might otherwise arise with other mass messaging applications, an important quality for organizations that must comply with HIPAA regulations.