HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.
We know the HIPAA industry is vast and that it is important to work well and communicate with patients while remaining HIPAA compliant.
SEE ALSO: HIPAA compliant email
Today, we will determine if Salesforce Journey Builder is HIPAA compliant or not.
About Salesforce Journey Builder
Salesforce Journey Builder is a feature of Salesforce’s Marketing Cloud that helps guide a customer’s journey across multiple channels.
This feature organizes and presents a customer’s lifecycle using event-driven triggers and CRM (customer relationship management). By creating complete customer stories, organizations can learn to cater and grow their partnerships.
Salesforce Journey Builder also integrates with Salesforce’s Sales Cloud and Service Cloud to make a customer’s experience even more seamless.
Salesforce Journey Builder and the business associate agreement
A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI.
Salesforce offers a BAA that includes Salesforce Marketing Cloud. Organizations must be on Salesforce’s Enterprise-Level Slack Plan.
Salesforce Journey Builder and data protection
SEE ALSO: Marketing Cloud: data at rest encryption
Furthermore, Salesforce continuously monitors for security violations and enables audit logging to track activity changes.
According to the company’s website, “It is the customer’s responsibility to ensure the secure transmission of PHI data to and from the HIPAA covered services.”
This is why organizations can take extra steps to secure PHI through several customizable access controls:
- Password policies
- Permissions around data visibility
- Rules for accessing different types of information
Is Salesforce Journey Builder HIPAA compliant?
The BAA is a key component of HIPAA compliance and Salesforce will sign a BAA for Marketing Cloud.
Salesforce Journey Builder is HIPAA compliant with a BAA, although organizations should ensure all its endpoints are secure.