by Hoala Greevy Founder CEO of Paubox
Article filed in

Can I use Marketo and be HIPAA Compliant?

by Hoala Greevy Founder CEO of Paubox

Can I use Marketo and be HIPAA Compliant? - Paubox

We sometimes get asked about Marketo and an organization’s ability to use in a HIPAA compliant manner. With last month’s news that Adobe acquired Marketo for $4.75B, it’s a timely occasion to see if Marketo is HIPAA compliant or not.

We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud services in this sector.

In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:

Today, we will determine if Marketo offers HIPAA compliant service or not.

SEE ALSO: HIPAA Breaches and Cloud Providers


Marketo is a software company focused on account-based marketing. This includes email, mobile, social, digital ads, web management, and analytics.

SEE ALSO: My Continuing Education via SaaStr CSS Speaking Series

Marketo and the Business Associate Agreement

We’ve previously talked about how a Business Associate Agreement is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.

We checked Marketo’s site and quickly found their Healthcare Marketing Solution page. While they did list prominent customers like GE Healthcare, Boston Children’s Hospital, and AllScripts, we could not find any mention of their ability to actually sign a Business Associate Agreement (BAA).

We also checked their User Forum, Security, Privacy Policy, and Legal and Copyright Notices pages.

None of them had conclusive information about Marketo being able to sign a BAA or not.

Of note, we did notice in their Privacy Policy:

Section 12. Sensitive Information:

We ask that you not send us or disclose any sensitive Personal Data (e.g., social security numbers, information related to racial or ethnic origin, sexual orientation, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on or through the Sites or via other means.

While it’s not a direct mention of protected health information (PHI), you can infer that Marketo did not design their platform to store sensitive information like PHI.

Does Marketo Offer HIPAA Compliant Service?

The Business Associate Agreement is a key component to HIPAA compliance between a covered entity and a business associate.

We learned that Marketo markets itself as a company that services the US Healthcare market yet at the same time, is vague about their ability to sign a BAA.


It’s inconclusive if Marketo is HIPAA compliant or not.

Try Project Orca for free and make your email marketing HIPAA compliant today.
Copy link
Powered by Social Snap