by Chloe Bowen Chief of Staff
Article filed in

Is Zoho Campaigns HIPAA compliant?

by Chloe Bowen Chief of Staff

Is Zoho Campaigns HIPAA Compliant? - Paubox

We’ve been getting asked by customers and prospects about Zoho Campaigns and whether they can use it in a HIPAA compliant manner.

We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.

Today we will determine if Zoho Campaigns is HIPAA compliant or not.

About Zoho Campaigns

Zoho Campaigns is email marketing software that allows you to send email campaigns to build your customer base.

Zoho also offers a CRM platform, financial and workplace tools, as well as IT management and HR solutions.

Zoho and the business associate agreement

We’ve previously talked about how a business associate agreement (BAA) is a written contract between a covered entity and a business associate. It is required by law for HIPAA compliance.

I could not find any reference on Zoho’s site about signing a BAA, so I emailed the support team.  This was the response:

Kindly note that Zoho’s apps are not built specifically for the health care industry and we are not certified as HIPAA compliant . . . Data is encrypted during transit and encryption at rest is available at the field level as a feature which you can configure. However, this is not available in all the fields, only for custom fields this support is available. 
If you are satisfied that Zoho Campaigns meets your HIPAA compliance requirements, we can sign a business associate agreement with you.

Is Zoho Campaigns HIPAA compliant?

Zoho will sign a BAA with covered entities, but encryption at rest is a key component for HIPAA compliant email.  As Zoho’s team explained, it is not available for all information stored on Zoho’s platform.


Zoho Campaigns can be used in a HIPAA compliant manner, but only if you exclusively use custom fields.

Luckily, there is a better HIPAA compliant email marketing solution that doesn’t have these restrictions: Paubox Marketing.

HIPAA email marketing tools comparison

Paubox Marketing is the only marketing platform that will:

In addition, Paubox Marketing is HITRUST CSF certified.

Compared to the standard marketing tools, Paubox Marketing is the best option for maintaining HIPAA compliance while harnessing the power of personalized email marketing.

SEE ALSO: Why Paubox Marketing is the Best HIPAA Email Marketing Solution Available

Company Will they sign a BAA? Can you send PHI?
Adobe Campaign NO NO
Campaign Monitor NO NO
Campaigner NO NO
GetResponse NO NO
Hubspot NO NO
Mad Mimi (GoDaddy) NO NO
Mailchimp NO NO
MailerLite NO NO
Marketo (Adobe) NO NO
Salesforce Pardot NO NO
Schedulicity NO NO
SendGrid (Twilio) NO NO
Yesware NO NO
ActiveCampaign YES NO
Constant Contact YES NO
Infusionsoft by Keap YES NO
Salesforce Marketing Cloud YES NO
Zoho Campaigns YES NO
Eloqua (Oracle) YES YES **
Paubox Marketing YES YES

(** To use Oracle Eloqua in a HIPAA compliant manner, recipients receive two emails for every message you send. Patients must also log into a secure message center to view your message—it does not appear in their inboxes. This creates friction and makes it less likely that your patients will read your marketing email.)

Try Paubox Marketing for free and make your email marketing HIPAA compliant today.