ActiveCampaign is a software company that offers customers sales automation, marketing automation, and email marketing. But is ActiveCampaign HIPAA compliant? The answer is discussed below.
Is ActiveCampaign HIPAA Compliant: Security Features
Healthcare organizations are required to ensure that protected health information (PHI) is secure. As such, when using a software platform in conjunction with PHI, it is essential to assess their security features.
What security features does ActiveCampaign offer their clients?
Multi-factor Authentication.
ActiveCampaign uses multi-factor authentication (MFA) for user authentication. MFA requires users to input multiple unique login credentials to access the platform. Unique login credentials may include a username and password in combination with security questions or one-time PIN.
Audit Controls.
ActiveCampaign enables audit controls. Audit controls are an essential component of HIPAA compliance as they track access to PHI. Tracking access to PHI allows unauthorized access to PHI to be quickly detected.
Access Zone Security.
ActiveCampaign’s website references “access zone security” as part of its security offerings. This consists of endpoint and network threat prevention, application firewalling, and vulnerability scanning.
For more information on ActiveCampaign’s security features, please click here.
Is ActiveCampaign HIPAA Compliant: Business Associate Agreements
A key component of determining a software provider’s HIPAA compliance is their willingness to sign a business associate agreement (BAA). A BAA is a legal document that requires each signing party to be HIPAA compliant and to ensure that they maintain their compliance. ActiveCampaign is willing to sign a BAA but only with their “Enterprise” clients.
Is ActiveCampaign HIPAA Compliant?
Is ActiveCampaign HIPAA compliant? Yes, but only for Enterprise users. However, it is up to you to ensure that you are using the software in a HIPAA compliant manner.
