Drip is a CRM that allows clients to build custom automated marketing campaigns through email and SMS. But is Drip HIPAA compliant? The answer is discussed below.

Why Does it Matter if Drip is HIPAA Compliant?

Is Drip HIPAA Compliant

Under HIPAA, a software provider is considered a business associate when they create, maintain, store, receive, or transmit protected health information (PHI) on behalf of their healthcare clients.

As such, if you use a software platform to filter PHI through, you must ensure that the platform is HIPAA compliant. Although it may be surprising, a patient’s email address is considered PHI. So, to send an email to a patient, the email platform must be HIPAA compliant.

To determine a software provider’s HIPAA compliance, it is important to determine their security measures, as well as their willingness to sign a business associate agreement.

Let’s Simplify Compliance

Do you need help with HIPAA? Compliancy Group can help!

Learn More!
HIPAA Seal of Compliance

Drip Security Measures

Business associates are required to have safeguards to ensure the confidentiality, integrity, and availability of PHI. These security measures should include encryption, access controls, and audit controls (at a minimum). 

In regards to HIPAA safeguards Drip states on their website, “Drip is not HIPAA compliant and we do not provide the encryption and security level as required to become HIPAA compliant.”

Drip and Business Associate Agreements

In addition to assessing a business associate’s security measures, before sharing PHI with a business associate, healthcare organizations must have a signed business associate agreement (BAA). A BAA dictates the security measures required to protect PHI, and also requires each signing party to be responsible for maintaining their HIPAA compliance.

There is no mention on Drip’s website on whether or not they will sign a BAA, however, since they state that they are not HIPAA compliant, it’s fair to say that they will not.

Is Drip HIPAA Compliant?

No, Drip CRM is not HIPAA compliant. Therefore, it cannot be used in conjunction with PHI.

Need Help with HIPAA?

Let our complete HIPAA solution handle it.