Question on HIPAA or PIPEDA Compliance

Data Team Flow Analytics
Data Team Flow Analytics Member Posts: 1
edited July 2022 in Ideas and Product Feedback #1

Hello, would like to clarify whether you comply HIPAA (US standard) or PIPEDA (Canadian standard) ? This information will be very useful for us on considering using your tool. Thank you

0
Up
0 votes

· Last Updated -

Comments

  • Kreete K
    Kreete K Pipedrive Team Posts: 355 PIPEDRIVE TEAM
    5 Likes First Anniversary First Answer Name Dropper
    edited June 2022 #2

    Hello!

    Unfortunately, we are currently not HIPAA or PIPEDA compliant. We do have SOC2 and SOC3 certifications and are fully GDPR compliant.

    For more information, you can check our terms of service, and privacy policy or download additional resources under "Resources" and "Certificates" here: https://www.pipedrive.com/en/features/privacy-security

  • James Torres Manglona
    James Torres Manglona Member Posts: 2
    edited June 2022 #3

    We are in compliance with the US and specifically for The State of Texas.

  • James Torres Manglona
    James Torres Manglona Member Posts: 2
    edited June 2022 #4

    We are in compliance with the industry specific and not applicable to the whole international industry.

  • Eric A Gombrich
    Eric A Gombrich Member Posts: 9
    First Comment
    edited June 2022 #5

    Please also know that in British Columbia, Canada, there are restrictions that impose even more stringent requirements than PIPEDA...

  • Mo Rea
    Mo Rea Member Posts: 19
    First Comment
    edited June 2022 #6

    I don't understand where this question came from.  I'm from the US and work selling medical products.  As a CRM, I don't see why Pipedrive would have to be HIPAA compliant.  It's not marketed as a patient portal or anything to do with medical histories as far as I'm concerned.  Unless you were trying to use it specifically for campaigns to market to your patients.  In which case I would recommend straight mailchimp or similar service to add a widget to your website and add the required language for opting in.  On the other end I would suggest having the employee who manages the marketing sign something ensuring compliance (ie not adding people on facebook they see come in as patients). Hope this helps!

  • Gregory Anderson
    Gregory Anderson Member Posts: 3
    edited June 2022 #7
    Kreete K said:

    Hello!

    Unfortunately, we are currently not HIPAA or PIPEDA compliant. We do have SOC2 and SOC3 certifications and are fully GDPR compliant.

    For more information, you can check our terms of service, and privacy policy or download additional resources under "Resources" and "Certificates" here: https://www.pipedrive.com/en/features/privacy-security

    Thanks Kreete, 

    Can you explain what criteria you are not meeting that you would need to in order to be hipaa compliant? 

Categories