Is Amplitude Analytics HIPAA compliant?

Featured image

Share this article

Amplitude logo

HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.

Covered entities and their business associates must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI).

HIPAA compliance is complex, and this is particularly true as more healthcare providers weave digital tools into their day-to-day operations. One growing strategy is the use of analytics platforms to gather valuable information about website visitors.

While these solutions may help increase patient engagement, they can also bring new risks for potential HIPAA violations.

Along with selecting a HIPAA compliant web host, covered entities also need to consider whether their analytics tool meets compliance requirements.

Let’s determine if Amplitude Analytics is HIPAA compliant or not.

SEE ALSO: HIPAA compliant email

About Amplitude Analytics 

Designed to deliver quick and intelligent behavioral insights that go beyond surface-level data, Amplitude Analytics is an innovative platform that creates a 360-degree view of the customer journey.

With access to detailed reports on user engagement, businesses are able to seamlessly pinpoint top conversion drivers, optimize outcomes, and remove the right barriers to accelerate innovation.

Amplitude Analytics and business associate agreements

Any third-party vendor that stores, accesses, or sends PHI is considered a business associate.

In order for a third-party vendor to be considered HIPAA compliant, a business associate agreement (BAA) must be signed by both parties. This is a written document that covers the responsibilities of the business associate to keep PHI secure. Without a signed BAA, the vendor cannot be considered HIPAA compliant.

There is no mention of HIPAA or any willingness to sign a BAA on Amplitude’s website.

Amplitude Analytics and data security

Looking beyond the BAA, data security is another important piece of maintaining HIPAA compliance. This means that covered entities should review the specific safeguards that a vendor has in place to protect PHI.

Amplitude works to keep customers’ data safe by building its information security system in alignment with ISO 27001 standards. The company also maintains a high level of data protection and privacy through ISO 27018:2019 certification and ensures that internal practices are secure by undergoing an annual SOC 2 Type 2 review.

Amplitude’s virtual environment offers additional security features including system hardening, strong encryption tools, ongoing vulnerability testing, centralized configuration management, and enforced multi-factor authentication for all internal access.

Furthermore, the company provides “the flexibility to limit what data is collected, processed, and stored” in the Amplitude Analytics platform. Customers can choose to utilize access controls, data management, and other tools to meet specific security needs.

Is Amplitude Analytics HIPAA compliant?

No. A BAA is required for full HIPAA compliance and there is no indication that Amplitude will sign one for its analytics solution.

Increase protection with Paubox 

Much like how various well-known web hosts are not equipped to protect PHI, every innovative analytics platform won’t automatically meet HIPAA compliance obligations. Therefore, conducting your due diligence is critical to steer clear of costly fines and other corrective action.

In addition to selecting a HIPAA compliant analytics solution, healthcare providers should be taking further measures to safeguard PHI with stronger email security.

Built to conveniently integrate with your existing email platform such as Google Workspace or Microsoft 365, Paubox Email Suite enables HIPAA compliant email by default and automatically encrypts every outbound message. This means you don’t have to spend time deciding which emails to encrypt and your patients are able to receive your messages right in their inbox without having to navigate any additional passwords or portals.

Paubox Email Suite’s Plus and Premium plan levels also include advanced inbound email security tools for more threat protection. Our patent-pending Zero Trust Email feature uses email AI to confirm an email’s legitimacy, while patented ExecProtect quickly intercepts display name spoofing attempts.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Sara Uzer

dolor sit amet, consectetur adipiscing elit. Pellentesque sit amet ullamcorper urna. Proin eget metus blandit, volutpat ex et, convallis ligula. Fusce eget pellentesque felis, a scelerisque eros. Duis in tortor dapibus, fringilla lacus eget, bibendum mi. Nunc eleifend, diam et tempor tincidunt.

Read more by Sara Uzer

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022