HIPAA

This article applies to:

The Health Insurance Portability and Accountability Act (HIPAA) applies to businesses required by federal law to align with privacy and security standards regarding personal medical information.

Enable HIPAA Security Controls in Keap 

The Admin Settings section labeled, Privacy contains a toggle button called HIPAA Security Controls. It is used to indicate to Keap that your business is regulated by HIPAA and that your Keap app contains Protected Health Information (PHI). It should only be activated by those customers who are regulated by HIPAA. 

  • This setting is located in Admin > Settings > Privacy & Compliance at the bottom of the page.



Important Note: While HIPAA is a U.S.-only regulation, it is difficult for us to effectively identify all of the operating territories of our customers, so this toggle displays in all Keap accounts.

  • By default, the toggle is set to have the HIPAA controls Disabled.
  • When you select and save the toggle to have HIPAA Security Controls Enabled, it can only be disabled again by contacting Keap Support and will be processed by an Advanced Support team member. To avoid accidentally enabling this security control, you will have to double confirm before saving it as Enabled.
  • Vendors that Keap contracts to provide overflow and after-hours support are not yet HIPAA compliant and cannot be granted access to an Keap account that contains PHI. This means that your account will be fully supported only by in-house Keap Support during regular business hours.

    USA Toll Free
    +1 866 800 0004 Ext. 2
    Monday-Friday 6AM - 5PM Arizona Time

     

Important Note: Enabling HIPAA Security Controls in Keap does not make your business HIPAA compliant. It identifies to Keap that your application with us contains HIPAA sensitive information. 


The Keap HIPAA Business Associate Agreement Addendum (BAA)

  • Keap offers customers the opportunity to execute our standard Business Associate Agreement Addendum (or BAA) that satisfies the applicable subcontracting requirements under HIPAA and the HITECH Act.
  • Before using Keap in support of your HIPAA compliance, be sure to do the following:
    • Configure your Keap app as a HIPAA app by enabling the HIPAA Security Controls. This setting is located in Admin > Settings > Privacy & Compliance, under the section labeled Privacy.
    • Once the HIPAA Security Control is enabled, review the BAA below, complete all the required fields, and sign the BAA in accordance with the instructions.
    • Be sure to confirm your email address after you sign. To do this, follow the instructions in the email you receive from Adobe® Sign. This verification email will be sent to the email address you specify when signing the Addendum. If you don't see the email in your inbox, be sure to check your spam folder.
    • A fully executed copy of the BAA will then be emailed to both parties.
  • To review the BAA, click here.


HIPAA FAQs

Q: What is HIPAA?
A: The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that sets baseline privacy and security standards for medical information. Click here to learn what types of businesses are regulated by HIPAA.

Q: What does enabling HIPAA security controls do for my application?
A: It signal to Keap that your application contains HIPAA protected information and/or your are an organization that is regulated by HIPAA.  Enabling HIPPA securing controls creates additional logs of who has accessed the account that are stored.  No fields other than first and last name, email address and phone number are able to be displayed anywhere outside of the app. 

Q: Is email sent through KEAP encrypted?
A:  It will not be encrypted, and we do not provide a secure way for non-users to access their information (aka a patient portal).

Q: What is a Business Associate?
A: People and companies that are hired or contracted by HIPAA covered entities. Keap is a business associate for our small business customers that are covered by HIPAA and have signed the Keap Business Associate Agreement Addendum.

Q: Is Keap HIPAA Certified?
A: There is no such thing as "HIPAA Certified", but the Keap software application is compatible with HIPAA, and Keap complies with HIPAA as a business associate as described in our BAA.

Q: I need advice on how to comply with HIPAA. What should I do?
A: Keap can’t provide any interpretation of HIPAA as it pertains to a customer’s particular circumstances. If you need help with HIPAA, consult a qualified attorney or legal advisor.

Q: Once I sign the BAA, does that mean I’m automatically HIPAA compliant?
A: HIPAA compliance is complicated, and the act of enabling HIPAA Security Controls in your Keap app does not alone make your business HIPAA compliant. But Keap is a HIPAA compatible application and can be used by organizations that are regulated by HIPAA to store, transmit, and otherwise process PHI.

Q: What about CustomerHub and third-party apps and services that integrate with Keap? Are those products and services HIPAA compatible too?
A: CustomerHub is not HIPAA compatible. Other Marketplace vendors may or may not offer HIPAA compatible solutions. Be sure to check directly with your Marketplace vendors – the Keap BAA does not cover your use of third party products or services.

Did this article answer your question?
Thank you for your feedback!