We've been getting asked by customers and prospects about L-Soft and whether or not they can use it in a HIPAA compliant manner. We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector. Today we will determine if LISTSERV Maestro offers HIPAA compliant email for marketing or not.
About L-Soft
L-Soft offers a number of email marketing products, including email marketing software, email list software, as well as email hosting software. Its list management tools allow users to connect people with newsletters, email groups, forums, and blogs. Its email marketing products engage subscribers with targeted opt-in email marketing campaigns.
SEE ALSO: How to Write an Effective Healthcare Email Newsletter
L-Soft and the business associate agreement
We’ve previously talked about how a business associate agreement (BAA) is a written contract between a covered entity and a business associate. It is required by law for HIPAA compliance. I looked deep into the Internet to find evidence whether or not L-Soft will sign a BAA, but I found no mention of it anywhere. I also found no mention of L-Soft working with healthcare providers, or whether or not the company offers HIPAA compliant services. I even emailed the company asking about signing a BAA, but the company never responded to me.
L-Soft and data security
I also couldn't find much about L-Soft's treatment of protected health information (PHI) either. All I could find is some policy's regarding personally identifiable information (PII), which is not the same thing. PII is is a general term referring to ANY sensitive data used to identify, contact, or locate a specific individual. It is not a term specific to HIPAA regulations. PHI on the other hand is defined by HIPAA as any information that can identify a patient that is used or disclosed during the course of care. L-Soft's Privacy Policy says that it "only collects personally identifiable information that you explicitly give us," and that "the personal information that you provide will only be held for as long as you remain subscribed to the email lists." But for HIPAA compliance purposes, this doesn't tell us much. I couldn't find anything online about L-Soft's encryption policy either, and since its own website doesn't have SSL encryption enabled, that doesn't bode well.
SEE ALSO: Free SSL Security Testing for HIPAA Compliance
Is L-Soft HIPAA compliant?
The business associate agreement is a key component to HIPAA compliance, as is protecting PHI. I found no evidence of either with L-Soft.
Conclusion
L-Soft is not a HIPAA compliant email marketing solution.
HIPAA email marketing tools comparison
To meet the unmet need for HIPAA compliant email marketing, we created Paubox Marketing. It is the only solution that will:- Sign a BAA
- Provide military-grade encryption
- Allow you to include PHI in your marketing emails
- Allow patients to read your emails directly from their inbox with no extra steps
In addition, Paubox Marketing is HITRUST CSF certified. Compared to the standard marketing tools, Paubox Marketing is the best option for maintaining HIPAA compliance while harnessing the power of personalized email marketing.
SEE ALSO: Why Paubox Marketing is the Best HIPAA Email Marketing Solution Available
| Company | Will they sign a BAA? | Can you send PHI? |
| Adobe Campaign | NO | NO |
| Blue Orchid Marketing | NO | NO |
| Campaign Monitor | NO | NO |
| Campaigner | NO | NO |
| Drip | NO | NO |
| Emma | NO | NO |
| GetResponse | NO | NO |
| Hubspot | NO | NO |
| L-Soft | NO | NO |
| Mad Mimi (GoDaddy) | NO | NO |
| Mailchimp | NO | NO |
| MailerLite | NO | NO |
| Marketo (Adobe) | NO | NO |
| Salesforce Pardot | NO | NO |
| SendGrid (Twilio) | NO | NO |
| Yesware | NO | NO |
| ActiveCampaign | YES | NO |
| Constant Contact | YES | NO |
| Infusionsoft by Keap | YES | NO |
| Salesforce Marketing Cloud | YES | NO |
| Eloqua (Oracle) | YES | YES ** |
| Paubox Marketing | YES | YES |
(** To use Oracle Eloqua in a HIPAA compliant manner, recipients receive two emails for every message you send. Patients must also log into a secure message center to view your message— it does not appear in their inboxes. This creates friction and makes it less likely that your patients will read your marketing email.)