HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards. Covered entities and their business associates must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI). We know the HIPAA industry is vast and that it is important to work well and communicate with patients while remaining HIPAA compliant. This is especially true with the recent move toward remote working and the increase in cyberattacks against healthcare.
Today, we will determine if Similarweb is HIPAA compliant or not.
Similarweb is a market intelligence provider that delivers strategic planning and tactical execution to help customers optimize their digital performance. And in return, these customers can understand their competitors and grow market share.
The platform offers web analytics to its customers by ranking websites and apps based on traffic and engagement metrics. It breaks sources into six major categories including referring sites, social traffic, and top search keywords.
Market intelligence consists of information like sales, customer data, survey responses, focus groups, and competitor research to drive sales.
The idea is to use market intelligence companies like Similarweb to make fast-paced, data-driven decisions.
Similarweb and the business associate agreement
A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI.
In this instance, Similarweb is a business associate of a healthcare organization if it works with any data that includes electronic PHI (ePHI), like a name or an email address.
Generally, the HIPAA Privacy Rule allows healthcare providers to disclose PHI if they receive assurance that the information is protected through a signed BAA.
There is no mention of HIPAA or a BAA on the Similarweb website.
Similarweb and data protection
Similarweb’s security web page states “security is front and center in everything we do.” The platform does not list many features on its web page but does include:
- Continuous risk assessments
- Disaster recovery and a business continuity plan
- Cloud security
- Access controls
- Multi-factor authentication
Is Similarweb HIPAA compliant?
The BAA is a key component of HIPAA compliance but Similarweb does not appear to sign one.
If a data breach or HIPAA violation occurs and any PHI is accessed, the covered entity is liable.
Similarweb is not HIPAA compliant.