Drip Security Measures
Business associates are required to have safeguards to ensure the confidentiality, integrity, and availability of PHI. These security measures should include encryption, access controls, and audit controls (at a minimum).
In regards to HIPAA safeguards Drip states on their website, “Drip is not HIPAA compliant and we do not provide the encryption and security level as required to become HIPAA compliant.”
Drip and Business Associate Agreements
In addition to assessing a business associate’s security measures, before sharing PHI with a business associate, healthcare organizations must have a signed business associate agreement (BAA). A BAA dictates the security measures required to protect PHI, and also requires each signing party to be responsible for maintaining their HIPAA compliance.
There is no mention on Drip’s website on whether or not they will sign a BAA, however, since they state that they are not HIPAA compliant, it’s fair to say that they will not.
Is Drip HIPAA Compliant?
No, Drip CRM is not HIPAA compliant. Therefore, it cannot be used in conjunction with PHI.