Is Yesware HIPAA compliant?
by Chloe Bowen Chief of Staff
We’ve spoken to prospects who were considering using Yesware as marketing solution, wondering if they can use it in a HIPAA compliant manner.
We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.
Today we will determine if Yesware offers HIPAA compliant email for marketing or not.
Yesware is an all-in-one sales platform that provides tools to manage prospects, schedule meetings, and follow up with clients directly from a customer’s inbox. It can integrate with Salesforce and LinkedIn and provides templates and campaigns to get started quickly.
Yesware and the business associate agreement
We checked Yesware’s website and saw no mention of signing a BAA.
Yesware and HIPAA
We did not find mention of HIPAA or healthcare in any of Yesware’s supporting documents, such as its acceptable use policy or security overview.
We did however find a relevant passage in Yesware Service Terms. It states:
We do not guarantee that your use of the Yesware Services and/or Your Content will be private or secure and we are not responsible or liable to you for any lack of privacy or security that you may experience . . .
We encourage you to carefully consider disclosure of any information that might be accessible to others. You are fully responsible for taking precautions and providing security measures best suited for your situation and intended use of the Yesware Services.
The purpose of the HIPAA Security Rule is to ensure that covered entities have implemented safeguards to protect the confidentiality, integrity, and availability of protected health information (PHI). PHI is any information that can reasonably be used to identify an individual and is used during the course of care.
Yesware clearly states that there is no guarantee that any content stored on the platform will be kept secure. This alone should be enough to make a covered entity turn tail and run.
Does Yesware offer HIPAA compliant email service?
We found no evidence that Yesware will sign a BAA.
Furthermore, the company expressly states content stored on the platform is not necessarily secure, and it is not responsible for any security breaches.
Yesware is not HIPAA compliant.
HIPAA email marketing tools comparison
To meet the unmet need for HIPAA compliant email marketing, we created Paubox Marketing. It is the only solution that will:
- Sign a BAA
- Provide military-grade encryption
- Allow you to include PHI in your marketing emails
- Allow patients to read your emails directly from their inbox with no extra steps
In addition, Paubox Marketing is HITRUST CSF certified.
Compared to the standard marketing tools, Paubox Marketing is the best option for maintaining HIPAA compliance while harnessing the power of personalized email marketing.
|Company||Will they sign a BAA?||Can you send PHI?|
|Blue Orchid Marketing||NO||NO|
|Mad Mimi (GoDaddy)||NO||NO|
|Infusionsoft by Keap||YES||NO|
|Salesforce Marketing Cloud||YES||NO|
|Eloqua (Oracle)||YES||YES **|
(** To use Oracle Eloqua in a HIPAA compliant manner, recipients receive two emails for every message you send. Patients must also log into a secure message center to view your message—it does not appear in their inboxes. This creates friction and makes it less likely that your patients will read your marketing email.)