Can I use Mandrill and be HIPAA compliant?

Featured image

Share this article

Can I Use Mandrill and be HIPAA Compliant? - Paubox

We’ve been getting asked by customers and prospects about Mandrill and their ability to use it in a HIPAA compliant manner.

We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.

In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:

Today, we will determine if Mandrill offers HIPAA compliant email service or not.

SEE ALSO: HIPAA Breaches and Cloud Providers

About Mandrill

Mandrill is a transactional email API for MailChimp users. A competitor to SendGrid, Mandrill is also used for sending data-driven emails.

Mandrill is a product created and owned by MailChimp.

Mandrill and the Business Associate Agreement

We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.

We checked Mandrill’s site and could not find any mention of their ability to sign a BAA.

Since Mandrill is a product owned by MailChimp, we next checked MailChimp’s site.

We found what we were looking for on the MailChimp Terms of Use page.

On their Terms of Use page, they state:



20. Compliance with Laws
You represent and warrant that your use of MailChimp will comply with all applicable laws and regulations. You’re responsible for determining whether our Services are suitable for you to use in light of any regulations like HIPAA, GLB, EU Data Privacy Laws, or other laws. If you’re subject to regulations (like HIPAA) and you use our Service, then we won’t be liable if our Service doesn’t meet those requirements.


Does Mandrill Offer HIPAA Compliant Email Service?

The Business Associate Agreement is a key component to HIPAA compliance between a Covered Entity and a Business Associate.

While Mandrill’s site made no mention of HIPAA or their ability to sign a BAA, their parent company MailChimp clearly states they will not sign a BAA or be liable for supporting HIPAA compliance.

Conclusion

Mandrill is not a HIPAA Compliant email solution.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Hoala Greevy

Founder of Paubox. Kayak fishing when I can. Native Hawaiian CEO.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022