Dealing with protected health information was always off limits for HubSpot users — but no longer. As of June 4, 2024, Enterprise customers with protected health information (PHI) covered under HIPAA can now store such data in Smart CRM. It’s all thanks to HubSpot’s public beta launch seeking to empower compliance better.
“Is HubSpot HIPAA compliant?” is a question we’ve been asked over and over again, and we are thrilled to finally respond with, “You bet!” Here, we explain the importance of HubSpot HIPAA compliance and how to quickly activate it in your HubSpot account.
Disclaimer: We are an Elite HubSpot Solutions Partner, not lawyers. This should not be interpreted as legal advice. Always seek your own legal counsel for matters concerning compliance, particularly as regulations change. Please be aware that there may be other data privacy or data protection regulations to adhere to outside of HIPAA compliance.
Why is HubSpot HIPAA compliance important?
HIPAA, otherwise known as the Health Insurance Portability and Accountability Act, stipulates security standards for protecting sensitive customer health information. And while HubSpot already allows users to store sensitive data in its Smart CRM, supporting HIPAA compliance is a relatively new thing.
If your organization is a HIPAA-covered entity, keeping sensitive health information isn’t just a good idea — it’s the law. HIPAA compliance is a serious matter, enforced by the U.S. Department of Health and Human Services Office for Civil Rights. Get on the wrong side of HIPAA regulations and there can be major penalties for violations. This is why having HIPAA-compliant software — whether for marketing, sales, or service — is a crucial piece in adhering to the standards.
Before you migrate any sensitive health data into HubSpot, you must do your due diligence. This might involve:
- understanding HIPAA regulations and what they mean for your organization
- understanding HubSpot’s capabilities and limitations in storing sensitive data
- seeking your own legal counsel for advice on HIPAA compliance.
Figuring out how your organization handles sensitive customer data should be one part of your organization’s broader HubSpot and data management strategy. For expert tips to maximize your HubSpot usage, grab our 24 HubSpot Hacks Guide.
Activate the HubSpot HIPAA beta
Once you have done your research and sought legal counsel, you can start storing PHI with HubSpot. You’ll need to switch on HIPAA-specific sensitive data settings, which will enable you to create sensitive data properties and upload attachments containing protected health information.
First, you will need to enroll in the public beta.
Next, turn on HIPAA-protected sensitive data settings. Only users with Super Admin permissions can action this change.
1. In your HubSpot account, click the Settings icon in the top navigation bar.
2. In the left sidebar menu, navigate to Account Setup > Privacy & Consent.
4. Tick the boxes for the categories of data you’ll store. For HIPAA-covered data, choose Health/Medical Data and confirm you’re a HIPAA-covered entity or business associate.
5. Next, read and accept the Sensitive Data Beta Terms, and the Business Associate Agreement (if applicable).
- To activate, click Turn on sensitive data settings.
All set! You are now ready to create properties for storing protected health information.
Creating properties for HIPAA-protected data
Super Admins can choose to set certain properties as sensitive and specify that they will store PHI. This won’t behave any differently to other sensitive data properties, they are just identified as storing PHI.
Creating properties to store HIPAA-protected data only takes a moment. Just be careful to do it right — once marked as sensitive, you can’t revert the setting.
1. In your HubSpot account, click the Settings icon and navigate to Properties.
2. Click Create property and add its basic information.
3. Next, select Sensitive data to mark the property as sensitive.
4. To specify it will store HIPAA-protected health data, tick the box confirming the data contains PHI (shown below).
- To set access levels, choose whether everyone or just Super Admins can view and edit the property’s values.
- Complete the property setup and click Create.
And that’s it! If you’d like to go further and securely store HIPAA-protected attachments, you can find out more here.
Integrate HIPAA compliance into your HubSpot strategy
For organizations in healthcare, ensuring HIPAA compliance with help from HubSpot can be a big leap toward better data management. But we understand it may feel a little daunting to make the move, especially if you are new to HubSpot. Luckily, you’ve come across an Elite HubSpot Solutions Partner!
Our team has empowered all kinds of healthcare organizations to harness the full power of HubSpot, and we’ve been doing it since 2012 — long enough to see the platform evolve into what it is today. We’re focused on making enterprise-level HubSpot usage straightforward, and more importantly, impactful.
Have a question for us on your HubSpot strategy? Contact us.
