Is Pipedrive HIPAA compliant?

Featured image

Share this article

Is Pipedrive HIPAA compliant?

Designed to streamline the sales and relationship-building process, Pipedrive is a cloud-based customer relationship management (CRM) solution that helps businesses reduce busywork, prioritize tasks, and keep better track of leads.

While CRMs can serve as a valuable way to increase profits and productivity, covered entities should always take HIPAA compliance into consideration.

Let’s explore if Pipedrive meets these critical security standards.

SEE ALSO: HIPAA compliant email

Pipedrive and business associate agreements

Third-party vendors that store, access, or send protected health information (PHI) are considered business associates.

When a covered entity works with a business associate, a business associate agreement (BAA) must be signed by both parties. This is a written document that covers the responsibilities of the business associate to keep PHI secure. With no signed BAA, the vendor cannot be considered HIPAA compliant.

In this particular instance, Pipedrive is considered a business associate for a healthcare organization if it manages PHI within its platform.

There is no mention of any willingness to sign a BAA on the Pipedrive website.

Pipedrive and data security

Looking beyond the BAA, data security is another key component of maintaining HIPAA compliance. Therefore, covered entities should review the specific safeguards that a vendor has in place to protect PHI.

The Pipedrive infrastructure is equipped with a variety of protective features including daily backups, encryption of data at rest and in transit, and a security dashboard that pinpoints suspicious activity in real-time.

Customers can also further shield their information from potential risks through a set of custom controls. These include whitelisting IPs, setting time-restricted access, establishing user permission sets, implementing account lockdowns after multiple incorrect passwords, and enabling two-factor authentication to strengthen login security.

Although these configurations can help organizations limit access to sensitive data, Pipedrive’s privacy policy states that the company is “not responsible for circumvention of any privacy settings or security measures” and “does not guarantee that information will not be viewed by unauthorized parties.”

Is Pipedrive HIPAA compliant? 

No, the company does not appear to offer a BAA and their community page confirms that “Pipedrive is committed to be HIPAA compliant eventually, but there are still steps to take.”

Step up your protection 

Selecting HIPAA compliant technology is a smart first step, but healthcare providers should be taking additional measures to safeguard PHI with stronger email security.

Built to conveniently integrate with your existing email platform such as Google Workspace or Microsoft 365, Paubox Email Suite enables HIPAA compliant email by default and automatically encrypts every outbound message. This means you don’t have to spend time deciding which emails to encrypt and your patients can receive your messages right in their inbox without having to navigate any additional passwords or portals.

Paubox Email Suite’s Plus and Premium plan levels also come with innovative inbound email security tools that provide more protection from potential threats. Our patent-pending Zero Trust Email feature uses email AI to verify that an email is legitimate, while ExecProtect works quickly to put a stop to display name spoofing attempts.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Sara Uzer

Read more by Sara Uzer

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022