Is Nimble HIPAA compliant?

Featured image

Share this article

Is Nimble HIPAA compliant? - Paubox

Designed to combine contact data, communication history, and upcoming tasks into one intuitive dashboard, Nimble is a cloud-based customer relationship management (CRM) software that helps businesses stay organized, engage more effectively, and better manage the sales process.

While CRMs can provide companies with the valuable tools they need to work smarter, it is crucial for covered entities to make HIPAA compliance a priority.

Let’s find out if Nimble meets these important security standards.

SEE ALSO: HIPAA compliant email

Nimble and business associate agreements

Third-party vendors that store, access, or send protected health information (PHI) are considered business associates.

When covered entities work with business associates, a business associate agreement (BAA) must be signed by both parties. This is a written document that covers the obligations of the business associate to keep PHI secure. Without a signed BAA, the vendor cannot be considered HIPAA compliant.

In this particular case, Nimble is a business associate for a healthcare organization if it manages PHI within its platform.

There is no mention of any willingness to sign a BAA on Nimble’s website or documentation.

Nimble and data security

Beyond the BAA, data protection is another key piece of maintaining HIPAA compliance. Since all security measures aren’t created equal, it is important for covered entities to carefully evaluate the specific protocols that a vendor has in place.

According to Nimble’s privacy policy, sensitive information such as log-in credentials, geo-location data, and credit card numbers are encrypted using secure socket layer technology (SSL).

However, the company’s Terms of Services notes that it is up to the customer to maintain the confidentiality of their account. The document states that “the customer is liable for all activities that occur under the customer’s username or password” and “Nimble is in no way responsible for any loss or damage incurred as a result of any unauthorized access.”

This means that if a data breach occurs and PHI is exposed, it is the covered entity that is ultimately responsible.

Is Nimble HIPAA compliant? 

No, the company does not appear to sign a BAA and their FAQ page further confirms that Nimble is “not currently HIPAA compliant.”

Step up your email security  

While choosing HIPAA compliant CRM software is a great place to start, healthcare providers should be taking extra steps to proactively safeguard PHI with better email security as well.

Built to conveniently integrate with your existing email platform such as Google Workspace or Microsoft 365, Paubox Email Suite enables HIPAA compliant email by default by automatically encrypting every outbound message. This means you don’t have to spend time deciding which emails to encrypt and your patients can receive your messages right in their inboxes without having to navigate any additional passwords or portals.

Paubox Email Suite’s Plus and Premium plan levels are also equipped with innovative inbound email security tools that provide an additional layer of protection. Our patent-pending Zero Trust Email feature uses email AI to confirm an email’s authenticity, while ExecProtect acts fast to intercept display name spoofing attempts.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Sara Uzer

Read more by Sara Uzer

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022