Is Contentsquare HIPAA compliant?

Featured image

Share this article

ContentSquare logo

HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.

Covered entities and their business associates must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI).

HIPAA compliance has become increasingly complex as more healthcare professionals leverage digital tools to improve their business strategies. This includes the use of analytics platforms to gather valuable insights about website visitors.

While these solutions might lead to better patient engagement, they can also open the door to new risks for potential HIPAA violations.

Along with selecting a HIPAA compliant web host, it is important for covered entities to make sure that their analytics tool meets compliance requirements.

Let’s determine if Contentsquare is HIPAA compliant or not.

SEE ALSO: HIPAA compliant email

About Contentsquare

Designed to support the full cycle of digital improvement, Contentsquare is a leading analytics platform that tracks billions of user interactions to help create a stronger understanding of customer behavior.

With seamless access to easy-to-understand metrics, visualizations, and recommendations, businesses are able to drive innovation, boost revenue, and deliver more successful digital experiences.

Contentsquare and business associate agreements

Any third-party vendor that stores, accesses, or sends PHI is considered a business associate.

In order for a third-party vendor to be considered HIPAA compliant, a business associate agreement (BAA) must be signed by both parties. This is a written document that outlines the obligations of the business associate to keep PHI secure. Without a signed BAA, the vendor cannot be considered HIPAA compliant.

There is no mention of HIPAA or any willingness to sign a BAA on Contentsquare’s website.

Contentsquare and data security

Along with the BAA, data security is another key piece of maintaining HIPAA compliance. This means that covered entities should also pay attention to the safeguards that a vendor has in place to protect PHI.

Contentsquare’s website notes that the company takes an “industry-first approach to privacy and security” by maintaining a number of certifications including ISO 27001, ISO 27701, and SOC 2 Type 2.

Operational security protocols include customer data segregation, ongoing backups, and the encryption of data in transit and at rest. Contentsquare also proactively defends against potential threats by conducting monthly vulnerability scans, monitoring networks through an intrusion detection system, and using a web application firewall.

To prevent the collection of personal data such as names and emails, Contentsquare automatically blocks the capture of text and keyboard inputs from the website. For further protection, customers are given the ability to purge data, opt out of data collection, or turn off cookies.

Contentsquare also enforces a strong password policy for extra security. However, the company’s terms and conditions affirms that it is the customer’s “full responsibility to protect the password from theft or unauthorized disclosure” and Contentsquare is “not liable for any loss or damage.”

Is Contentsquare HIPAA compliant?

No, a BAA is required for full HIPAA compliance and there is no indication that Contentsquare will sign one.

Strengthen security with Paubox 

Just like how many well-known web hosts are not HIPAA compliant, innovative analytics platforms aren’t always built to meet these requirements. Therefore, conducting your due diligence is crucial to steer clear of costly fines and other corrective action.

Choosing a HIPAA compliant analytics solution is an important first step, but healthcare providers should be taking additional measures to safeguard PHI with stronger email security.

Built to seamlessly integrate with your current email platform such as Google Workspace or Microsoft 365, Paubox Email Suite enables HIPAA compliant email by default and automatically encrypts every outbound message. This means you don’t have to spend time deciding which emails to encrypt and your patients are able to receive your messages right in their inbox without having to navigate any additional passwords or portals.

Paubox Email Suite’s Plus and Premium plan levels are also equipped with advanced inbound email security tools for more protection from potential threats. Our patent-pending Zero Trust Email feature uses email AI to confirm that an email is authentic, while patented ExecProtect works quickly to intercept display name spoofing attempts.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Sara Uzer

Read more by Sara Uzer

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022