Is Grammarly a HIPAA compliant cloud service?

Featured image

Share this article

Is Grammarly HIPAA Compliant? | Paubox

We’ve been seeing more vendors, customers, and prospects asking about HIPAA compliant services. This is especially true now as we see an accelerated, long overdue adoption of digital transformation in healthcare.

Since Paubox is a Business Associate to thousands of customers, we’ve been wondering if they are able to use Grammarly in a HIPAA compliant manner.

We know the HIPAA industry is vast, so we can empathize with just how many people need to use cloud services in this sector.

Today we will determine if Grammarly offers HIPAA compliant service or not.

Grammarly

Grammarly is a cloud service that automatically detects potential grammar, spelling, punctuation, word choice, and style mistakes.

According to a blog post in 2018:

Grammarly’s products are powered by an advanced system that combines rules, patterns, and artificial intelligence techniques like machine learning, deep learning, and natural language processing to improve your writing.

The above snippet is important and will be revisited in this post.

Grammarly was founded by Alex Shevchenko and Max Lytvyn in 2009.

What is a Business Associate?

A Business Associate is a person or company that performs certain functions or activities that involve the use or disclosure of protected health information (PHI) for a Covered Entity.

In a nutshell, the role of a Business Associate is to help Covered Entities comply with the HIPAA Privacy Rule

Read full article: What does it mean to be a Business Associate?

Secure email for modern healthcare. Right out of the box.

Business Associate Agreement provisions

If a Business Associate provides services to a Covered Entity, then a Business Associate Agreement (BAA) must be in place.

A BAA is a written contract between a Covered Entity and a Business Associate and is required by law for HIPAA compliance.

At a minimum, a Business Associate Agreement contains 10 provisions.

Read full article: Business Associate Agreement Provisions

Grammarly and the Business Associate Agreement

As we previously mentioned, Grammarly uses machine learning, deep learning, and natural language processing to improve writing for its users. But in order to do that, vast amounts of user data must be stored in Grammarly’s platform.

We checked Grammarly’s site for mention of their ability to sign a Business Associate Agreement (BAA).

We weren’t able to find any mention of a Business Associate Agreement, PHI, or HIPAA on the following pages:

Grammarly and HIPAA compliance

In July 2021 Grammarly published a statement: Grammarly’s New Security Milestones Affirm Our Focus on Protecting User Data.  The document states:

We are compliant with the Health Insurance Portability and Accountability Act, demonstrating our commitment to protecting and securing sensitive user information.

Although it does not, specifically mention signing a BAA, the company says it has a security and privacy-first culture and is committed “to securing and protecting the information of everyone using our product—whether you’re an individual, small business, or large enterprise.”

However, Grammarly’s Privacy Page specifically states:

… we cannot ensure the security of Information you transmit to us, including Personal Data and User Content; accordingly, you acknowledge that you do so at your own risk.

Does Grammarly offer HIPAA compliant service?

The Business Associate Agreement (BAA) is a key component to HIPAA compliance between a Covered Entity and a Business Associate.

Although we were not able to find mention of a BAA in Grammarly’s documentation, it does state that it has become HIPAA compliant in July 2021.

For further information about Grammarly’s security policies, you can email [email protected]

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Hoala Greevy

Founder of Paubox. Kayak fishing when I can. Native Hawaiian CEO.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022