HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.
We know the HIPAA industry is vast and that it is important to easily communicate while remaining HIPAA compliant.
SEE ALSO: HIPAA compliant email
Today, we will determine if Postal.io is HIPAA compliant or not.
Postal.io, founded in 2019 and headquartered in California, enables teams to use direct mail automation to send information, news, events, and more.
It is an integrated sales and marketing platform that helps organizations increase engagement offline. The idea is to program and control mail just like email.
As an experience marketing platform, Postal.io creates memorable moments for organizations to generate leads and customers.
Postal.io and the business associate agreement
A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI.
In this instance, Postal.io is a business associate of a healthcare organization if it accesses any electronic PHI (ePHI), like an address.
RELATED: Is a name PHI?
There is no mention of HIPAA or a BAA on the Postal.io website.
Postal.io and HIPAA direct mail marketing
The HIPAA Privacy Rule defines marketing as “a communication about a product or service that encourages recipients of the communication to purchase or use the product or service.” HIPAA compliance for marketing concerns both stored and transmitted information.
Furthermore, the policy asserts that customers “should take special care” when using the service because Postal.io is “not responsible for circumvention of any privacy setting or security measures contained on the Service, or third party websites.”
Information on Postal.io’s cybersecurity is not easily available, though one of its FAQs mentions that the platform is undergoing an SOC (System and Organization Controls) 2 Type 2 audit.
Is Postal.io HIPAA compliant?
The BAA is a key component of HIPAA compliance and Postal.io does not mention a BAA.
Postal.io is not HIPAA compliant.
HIPAA compliant email marketing
Healthcare providers know that clear and efficient communication with patients is a key component of running their practice. Email marketing can be a compliment or replacement to direct mail marketing to promote your business.
Paubox Marketing allows you to securely communicate with patients about:
- Appointment reminders
- Patient feedback
- Treatment information
- And many more uses
Paubox is dedicated to providing the highest quality of security to healthcare providers. Our products are HITRUST CSF certified which means we have met key regulatory requirements and industry-defined requirements and are appropriately managing risk.