When will CC be completly HIPAA compliant with End to End Encryption

EllenL27 · ‎01-16-2025

We have had a longstanding account with Constant Contact but when it came to developing a patient-communications database for marketing purposes, we discovered that CC emails are not end-to-end encrypted nor is the email database storage encrpyted/safe for PHI. We switched and now send monthly emails . The security is great but it lacks many of CC's great features and is very difficult to work with. When will Constant Contact develop a truly end-to-end HIPAA compliant feature that allows us to come back for these marketing emails? I can't believe CC is so far behind on this. Would love to know if this is in development. A BAA agreement along is not sufficient.

William_A · ‎01-16-2025

Hello @EllenL27 ,

There are currently no plans to go beyond our existing functions and setup. Our system is meant for general online marketing- not for storing or handling of patients' private and sensitive health data. Per our Terms, we prohibit sensitive health information of any kind, including sensitive PHI (for example: mental health, substance abuse, or HIV information) from being stored on or transmitted through our systems. Our services were not built for electronic medical records (EMR). If you have such information to send, please do not use Constant Contact for those purposes.

If you have further questions regarding how we work within HIPAA regulations, please see our article on Business Associate Agreements (BAA) or email legal(at)constantcontact(dot)com.

When will CC be completly HIPAA compliant with End to End Encryption

Getting Started with Ideas

What's New?