HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.
We know the HIPAA industry is vast and that it is important to properly communicate about your organization while remaining HIPAA compliant.
SEE ALSO: HIPAA compliant email
Today, we will determine if GMass is HIPAA compliant or not.
GMass is a plugin for Gmail and Google Chrome that allows users to send email marketing and automated campaigns directly from an existing Google account. It was founded by Ajay Goel in 2014 and is now owned by Google.
People can send personalized or cold emails immediately or scheduled for a later time. Moreover, GMass merges with Google Sheets to make it easier to send, automate, and track personalized mass emails all from a simple-to-use spreadsheet.
RELATED: Is Google Sheets HIPAA compliant?
GMass also allows users to track opens, clicks, and replies. Today, GMass is one of the most popular mass email tools for Gmail, becoming an official add-on in 2018.
GMass and the business associate agreement
A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI.
In this instance, GMass is a business associate of a healthcare organization if it accesses any electronic PHI (ePHI).
RELATED: Is a name PHI?
While Google will sign a BAA for some of its products, GMass is not an official Google product. Furthermore, there is no reference to a GMass BAA on the GMass website.
GMass, data security, and HIPAA marketing
The HIPAA Privacy Rule defines marketing as “a communication about a product or service that encourages recipients of the communication to purchase or use the product or service.”
HIPAA compliance for marketing concerns both stored and transmitted information. Keep in mind that there is a distinction between the types of communication that HIPAA considers marketing and when this permission is necessary.
Essentially, GMass transfers data (e.g., PHI) to and from a Gmail account through SSL (Secure Socket Layer) protocol for data security. Transport Layer Security (TLS) is the successor of SSL and is considered a safer, improved protocol.
Is GMass HIPAA compliant?
The BAA is a key component of HIPAA compliance and GMass does not appear to sign a BAA. Moreover, GMass uses SSL rather than TLS protocol and does not provide much information about its data storage facilities.
If a breach or HIPAA violation occurs and any PHI is visible, the covered entity is liable.
GMass does not appear to be HIPAA compliant.
Paubox Marketing for guaranteed HIPAA compliance
While there are many ways that healthcare providers can market or communicate to patients or potential patients, one of the best methods today is healthcare email marketing using HIPAA compliant email.
Paubox Marketing allows recipients to view marketing emails like regular emails but with strong TLS encryption and email security at all times. Our HITRUST certification also includes Paubox Marketing.
Paubox will not only sign a BAA but will also work tirelessly to keep you and your patients safe. No extra steps for the sender or the receiver and no worry about leaked PHI.
Use HIPAA compliant email marketing not only to create personalized marketing campaigns but also to maintain PHI security.