There’s a brand new HubSpot update regarding sensitive medical information: in addition to updates on handling financial and personal data, HIPAA is now an available option!  

What’s HIPAA?  

HIPAA stands for Health Insurance Portability and Accountability Act, a legislation that aims to keep medical information safe through regulated data privacy practices. HIPAA governs the transmission of financial and administrative transactions, but one of its key components is what’s known as “HIPAA Compliance”.  

HIPAA Compliance consists of several regulations, where it’s possible to point out the following:

  • Standards for Privacy of Individually Identifiable Health Information: It comprises national standards for protecting medical information. 
  • HIPAA Enforcement Rule: If there’s a compliance violation in HIPAA, the Enforcement Rule determines possible courses of action to thoroughly investigate it.  
  • ePHI stands for Security Standards for the Protection of Electronic Protected Health Information and standardizes security practices for patient data stored and shared digitally. 
     

What Does This Update Look Like in HubSpot? 

Navigate to the privacy and consent settings on your HubSpot instance. You’ll find a sensitive data section allowing you to configure how that data will be handled within your account. HubSpot already had the option to enable sensitive data settings for personal and financial information, but now it also includes HIPAA.  

configure sensitive data settings in HubSpot

So, if you have health and medical data stored in your HubSpot instance, you must enable this setting to comply with this data’s regulations. Remember: Once enabled, the HIPAA setting can’t be turned off, and you will notice how it impacts your HubSpot instance in several areas.  

type of sensitive data to store

If you enable the HIPAA setting and then create a property, you can mark it as data-sensitive if it will store medical information. This setup will encrypt the data stored in the property to comply with the necessary regulations.  

How Can You Identify Which Information Must be HIPAA Compliant? 

Going back to the bulleted list of HIPAA regulations, the one that will help you answer this question is the Standards for Privacy of Individually Identifiable Health Information. We’ve already gone through what it is, but you must know that it covers information held orally, digitally, or in physical documentation.    

This implies that information that includes a patient’s address, biometric identifiers, current physical or mental health condition (past and future, too!), and basically any other piece of personal and health-related information must be HIPAA compliant.    

Therefore, enabling this setting in your HubSpot account is mandatory if you’re an institution that handles this type of data. That’s the only way to ensure that every property you create and tag as HIPAA-compliant follows the specific regulations required.  

Don’t Know Where to Start with HubSpot?  

At SR Pro Marketing, we know data privacy and compliance are top priorities for institutions in different industries, and HIPAA is no exception. Leave it in the hands of professionals who can ensure your data management is up to date with regulations, HubSpot’s new features, and best practices. Contact us today!