We sometimes get asked about Marketo and an organization’s ability to use in a HIPAA compliant manner. With last month’s news that Adobe acquired Marketo for $4.75B, it’s a timely occasion to see if Marketo is HIPAA compliant or not.
We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud services in this sector.
In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:
- Adobe Campaign
- Amazon Alexa
- Amazon CloudFront
- Apple iCloud
- Apple iMessage
- Citrix ShareFile
- Constant Contact
- Google Analytics
- Google Calendar
- Google Docs
- Google Drive
- Google Forms
- Google Hangouts
- Google Hangouts Chat
- Google Slides
- Google Voice
- Microsoft Teams
- Office 365
- Return Path
- Uber Health
Today, we will determine if Marketo offers HIPAA compliant service or not.
SEE ALSO: HIPAA Breaches and Cloud Providers
Marketo is a software company focused on account-based marketing. This includes email, mobile, social, digital ads, web management, and analytics.
Marketo and the Business Associate Agreement
We’ve previously talked about how a Business Associate Agreement is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.
We checked Marketo’s site and quickly found their Healthcare Marketing Solution page. While they did list prominent customers like GE Healthcare, Boston Children’s Hospital, and AllScripts, we could not find any mention of their ability to actually sign a Business Associate Agreement (BAA).
None of them had conclusive information about Marketo being able to sign a BAA or not.
Section 12. Sensitive Information:
We ask that you not send us or disclose any sensitive Personal Data (e.g., social security numbers, information related to racial or ethnic origin, sexual orientation, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on or through the Sites or via other means.
While it’s not a direct mention of protected health information (PHI), you can infer that Marketo did not design their platform to store sensitive information like PHI.
Does Marketo Offer HIPAA Compliant Service?
The Business Associate Agreement is a key component to HIPAA compliance between a covered entity and a business associate.
We learned that Marketo markets itself as a company that services the US Healthcare market yet at the same time, is vague about their ability to sign a BAA.
It’s inconclusive if Marketo is HIPAA compliant or not.