HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards. Covered entities and their business associates must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI). Read here to find out if InsideView is HIPAA compliant.
We know the HIPAA industry is vast and that it is important to work well and communicate with patients while remaining HIPAA compliant.
This is especially true with the recent move toward remote working and the increase in cyberattacks against healthcare. Today, we will determine if InsideView is HIPAA compliant or not.
InsideView is a market intelligence and analytics solution for midsize to large businesses. Demandbase, a B2B market leader, purchased InsideView, as well as another product, DemandMatrix, in 2021. The company added both to its Demandbase One B2B Go-To-Market Suite.
Market intelligence consists of information like sales, customer data, survey responses, focus groups, and competitor research to drive sales. As an SaaS (software-as-a-service), InsideView integrates with CRM and marketing automation products to create profiles and deliver intelligence. InsideView provides access through APIs from over 40,000 sources.
InsideView and the business associate agreement
A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI.
At this time, InsideView is a business associate of a healthcare organization if it works with any data that includes electronic PHI (ePHI), like a name or an email address. Generally, the HIPAA Privacy Rule allows healthcare providers to disclose PHI if they receive assurance that the information is protected through a signed BAA.
There is no mention of HIPAA or a BAA on the Demandbase website.
InsideView and data protection
As a part of Demandbase, InsideView is privy to its security measures, including physical and technological access controls. Consequently, this means:
- Background checks and badges used at all physical entrances
- Multifactor authentication
- An extra layer of authentication to access the VPN (virtual private network)
- Continuous monitoring and auditing
It also ensures encryption in transit (through TLS (Transport Layer Security)) and at rest. Encryption at rest only applies to personal data (i.e., PII or personally identifiable information) identified through unique field values or data required through digital advertising exchanges. Demandbase further states that it retains sensitive data only as long as required for legal, regulatory, and business requirements. And that the company will delete data if a customer makes a request. The website does not mention PHI.
Demandbase uses Amazon Web Services and the Google Cloud Platform for all of its cloud needs. This also means utilizing both platforms’ cybersecurity measures though Demandbase is responsible for its app within the cloud infrastructure.
Is InsideView HIPAA compliant?
The BAA is a key component of HIPAA compliance, but Demandbase does not appear to sign a BAA on behalf of InsideView. If a data breach or HIPAA violation occurs and any PHI is accessed, the covered entity is liable.
InsideView is not HIPAA compliant.