1 min read

Is Return Path HIPAA compliant? (2026 update)

Picture of Mara Ellis Mara Ellis February 8, 2018

HIPAA compliance
Return path logo

Return Path is an email deliverability platform now owned by Validity. It helped companies monitor inbox placement, sender reputation, and email campaign performance. Validity states Return Path was acquired in 2019 and is no longer available for sale as a standalone platform. Instead, Return Path has been combined with 250ok and BriteVerify as part of Validity’s Everest platform.

With Return Path from Validity, companies can review deliverability signals and email performance data to improve how marketing messages reach recipients’ inboxes.

Is Return Path HIPAA compliant? No, based on our research, Return Path is not HIPAA compliant for use involving protected health information (PHI).

 

What changed this year?

As of June 2026, our review did not identify any publicly disclosed changes to Validity’s HIPAA related policies or BAA terms.

The practical status remains the same as Return Path is no longer available for sale as a standalone platform, and Validity’s public Data Processing Addendum excludes PHI from customer data processed through its services.

 

Will Return Path sign a business associate agreement (BAA)?

No, based on publicly available terms, Validity will not sign a BAA for HIPAA regulated use and is not HIPAA compliant.

Validity’s Data Processing Addendum says customers may not cause Validity to process data subject to heightened security obligations, including any PHI.

Validity’s Terms of Service also place responsibility on the customer for the legality of customer data and for compliance with laws applicable to processing customer data through the services.

 

Conclusion

Return Path does not appear to sign a BAA and is therefore not HIPAA compliant for PHI.

Learn more: HIPAA Compliant Email: The Definitive Guide

 

FAQs

What is a BAA?

A BAA is a legally binding contract establishing a relationship between a covered entity under HIPAA and its business associates. The purpose of this agreement is to ensure the proper protection of PHI as required by HIPAA regulations.

 

What is HIPAA?

HIPAA sets national standards for protecting the privacy and security of certain health information. HIPAA is designed to protect the privacy and security of individuals’ health information and to ensure healthcare providers and insurers can securely exchange electronic health information. Violations of HIPAA can result in significant fines and penalties for covered entities.

 

Who does HIPAA apply to?

HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.
Secure every email you send and receive HIPAA compliant. Threat-proof. Hassle-free.
Blue background with yellow stars circling the text 'GDPR & Paubox'

Paubox and GDPR compliance

Rick Kuwahara : May 9, 2018

Recently, we've been asked by a few people if Paubox is compliant with GDPR, so we put together this post to clarify a few points. If you've been...

HIPAA compliance
Read More
Cloudways logo

Is Cloudways HIPAA compliant? (2026 update)

Caitlin Anthoney : September 9, 2021

Cloudways is a popular cloud hosting provider. It offers fully managed Amazon Web Services (AWS) hosting for building and scaling web applications.

HIPAA compliance
Read More
Close-up of a green lizard's head on a branch

Is VIPRE a HIPAA compliant cloud service?

Picture of Hoala Greevy Hoala Greevy : May 27, 2020

Since Paubox is a Business Associate to thousands of customers, we’ve been wondering if they are able to use VIPRE in a HIPAA compliant manner. In...

HIPAA compliance
Read More

Subscribe to Paubox Weekly

Every Friday we bring you the most important news from Paubox. Our aim is to make you smarter, faster.