SendGrid HIPAA

SendGrid is a communication platform used for email marketing, voice, text, chat, and video. As a healthcare organization, you may be looking for a communication platform that you can use for communicating patient’s protected health information (PHI). However, before using a software, you must consider whether or not the platform is HIPAA compliant. The question of, is SendGrid HIPAA compliant, is discussed below.

Is SendGrid HIPAA Compliant: Security Features

Although software can never be considered fully HIPAA compliant, as software compliance comes down to how it is used by the end user, there are certain security features that are required to secure PHI. One such security measure is encryption. 

SendGrid clearly states on their website that they do not offer HIPAA compliant data transmission, “SendGrid does not natively support HIPAA compliant data transmission. We do not offer any encryption or security measures surrounding message transmission beyond those included in the SMTP RFC, which was not designed with HIPAA compliancy in mind.”

So, according to SendGrid’s privacy policy, SendGrid lacks the security measures required to be HIPAA compliant.

Why Compliancy Group

HIPAA Compliance is an important part of your business, so why not use someone you can trust? Compliancy Group is the only compliance firm to be listed on both Inc. 2020 Best Places to Work and 2020 Inc. 5000 list of the fastest-growing private companies in America. By working with us, you are welcomed into the safety of our family.

Put your trust in us

Is SendGrid HIPAA Compliant: Business Associate Agreements

In addition to security features, software providers that create, receive, transmit, store, or maintain PHI must be willing to sign a business associate agreement. SendGrid does not sign business associate agreements, stating, “SendGrid does not intend uses of the Service to create obligations under The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Gramm-Leach-Bliley Act (“GLBA”) or similar laws and makes no representations that the Service satisfies the requirements of such laws. If You are (or become) a Covered Entity or Business Associate (as defined in HIPAA) or a Financial Institution (as defined in GLBA), You agree not to use the Service for any purpose or in any manner involving Protected Health Information (as defined in HIPAA) or Nonpublic Personal Information (as defined in GLBA).”

Is SendGrid HIPAA Compliant?

No, SendGrid is not HIPAA compliant. They lack the proper security measures and will not sign a business associate agreement, and therefore cannot be used in conjunction with PHI.