HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.
HIPAA compliance is complex, and this is particularly true as more healthcare providers weave digital tools into their day-to-day operations. One growing strategy is the use of analytics platforms to gather valuable information about website visitors.
While these solutions may help increase patient engagement, they can also bring new risks for potential HIPAA violations.
Along with selecting a HIPAA compliant web host, covered entities also need to consider whether their analytics tool meets compliance requirements.
Let’s determine if Amplitude Analytics is HIPAA compliant or not.
SEE ALSO: HIPAA compliant email
About Amplitude Analytics
Designed to deliver quick and intelligent behavioral insights that go beyond surface-level data, Amplitude Analytics is an innovative platform that creates a 360-degree view of the customer journey.
Amplitude Analytics and business associate agreements
Any third-party vendor that stores, accesses, or sends PHI is considered a business associate.
In order for a third-party vendor to be considered HIPAA compliant, a business associate agreement (BAA) must be signed by both parties. This is a written document that covers the responsibilities of the business associate to keep PHI secure. Without a signed BAA, the vendor cannot be considered HIPAA compliant.
There is no mention of HIPAA or any willingness to sign a BAA on Amplitude’s website.
Amplitude Analytics and data security
Looking beyond the BAA, data security is another important piece of maintaining HIPAA compliance. This means that covered entities should review the specific safeguards that a vendor has in place to protect PHI.
Amplitude works to keep customers’ data safe by building its information security system in alignment with ISO 27001 standards. The company also maintains a high level of data protection and privacy through ISO 27018:2019 certification and ensures that internal practices are secure by undergoing an annual SOC 2 Type 2 review.
Amplitude’s virtual environment offers additional security features including system hardening, strong encryption tools, ongoing vulnerability testing, centralized configuration management, and enforced multi-factor authentication for all internal access.
Furthermore, the company provides “the flexibility to limit what data is collected, processed, and stored” in the Amplitude Analytics platform. Customers can choose to utilize access controls, data management, and other tools to meet specific security needs.
Is Amplitude Analytics HIPAA compliant?
No. A BAA is required for full HIPAA compliance and there is no indication that Amplitude will sign one for its analytics solution.
Increase protection with Paubox
Much like how various well-known web hosts are not equipped to protect PHI, every innovative analytics platform won’t automatically meet HIPAA compliance obligations. Therefore, conducting your due diligence is critical to steer clear of costly fines and other corrective action.
In addition to selecting a HIPAA compliant analytics solution, healthcare providers should be taking further measures to safeguard PHI with stronger email security.
Built to conveniently integrate with your existing email platform such as Google Workspace or Microsoft 365, Paubox Email Suite enables HIPAA compliant email by default and automatically encrypts every outbound message. This means you don’t have to spend time deciding which emails to encrypt and your patients are able to receive your messages right in their inbox without having to navigate any additional passwords or portals.
Paubox Email Suite’s Plus and Premium plan levels also include advanced inbound email security tools for more threat protection. Our patent-pending Zero Trust Email feature uses email AI to confirm an email’s legitimacy, while patented ExecProtect quickly intercepts display name spoofing attempts.