Mailgun is a software provider that offers email services including regular email, email marketing, and analytics. But as a healthcare organization, you must determine whether or not a software provider is HIPAA compliant before using their services. So, after reading through Mailgun’s terms of service, is Mailgun HIPAA compliant? The answer is discussed below.

Is Mailgun HIPAA Compliant: Business Associate Agreement

One of the most important factors in determining a software provider’s HIPAA compliance is their willingness to sign a business associate agreement (BAA). This is because a software provider is considered a business associate (BA) under HIPAA. A BAA is a legal document that is required to be signed between healthcare organizations and their business associates before it is permitted to share protected health information (PHI) with the BA.

Is Mailgun HIPAA Compliant

A BAA dictates the protections the business associate is required to have in place to ensure the confidentiality, integrity, and availability of PHI. It also requires each signing party to be responsible for maintaining their own HIPAA compliance.

Mailgun states on their website that they are willing to sign BAAs with their healthcare clients.

To learn more about Mailgun’s BAA, please click here.

Let’s Simplify Compliance

Do you need help with HIPAA? Compliancy Group can help!

Learn More!
HIPAA Seal of Compliance

Mailgun Email Security

As mentioned above, business associates must have security measures in place to protect PHI. Mailgun email software utilizes encryption so that users can securely send emails. They also enable detailed audit logs to track email access.

Emails and Patient Consent

Before you can communicate with a patient via email, you must receive written patient authorization. In addition, to send patients marketing emails, you must receive explicit consent to send this type of email. To be HIPAA compliant, you must also provide means for patients to opt out of marketing emails should they no longer wish to receive them. Lastly, marketing emails should never contain PHI unless the patient gives consent for their information to be shared in this manner.

Is Mailgun HIPAA Compliant?

Is Mailgun HIPAA compliant? Yes, provided that you have a signed BAA, and the service is used in compliance with HIPAA standards.