Drip is a marketing engine built with e-commerce in mind. One of our existing customers brought it up on a call with us recently, so we decided to dig into the details of its HIPAA compliance.
Drip is an e-commerce customer relationship manager. It allows companies to build personalized customer experiences in order to drive sales.
Drip and the business associate agreement
Drip has no mention of signing a BAA anywhere in its public documentation.
Drip and HIPAA
Drip does however directly reference HIPAA compliance:
Drip is not HIPAA compliant and we do not provide the encryption and security level as required to become HIPAA compliant.
This is a pretty straightforward answer to the question.
Is Drip HIPAA compliant?
The BAA is a key component to HIPAA compliance, and we found no evidence that Drip will sign one.
Furthermore, the company directly states that it is not HIPAA compliant.
Drip is not HIPAA compliant.
HIPAA email marketing tools comparison
To meet the unmet need for HIPAA compliant email marketing, we created Paubox Marketing. It is the only solution that will:
- Sign a BAA
- Provide military-grade encryption
- Allow you to include PHI in your marketing emails
- Allow patients to read your emails directly from their inbox with no extra steps
In addition, Paubox Marketing is HITRUST CSF certified.
Compared to the standard marketing tools, Paubox Marketing is the best option for maintaining HIPAA compliance while harnessing the power of personalized email marketing.
|Company||Will they sign a BAA?||Can you send PHI?|
|Blue Orchid Marketing||NO||NO|
|Mad Mimi (GoDaddy)||NO||NO|
|Infusionsoft by Keap||YES||NO|
|Salesforce Marketing Cloud||YES||NO|
|Eloqua (Oracle)||YES||YES **|
(** To use Oracle Eloqua in a HIPAA compliant manner, recipients receive two emails for every message you send. Patients must also log into a secure message center to view your message—it does not appear in their inboxes. This creates friction and makes it less likely that your patients will read your marketing email.)