Question on HIPAA or PIPEDA Compliance

Hello, would like to clarify whether you comply HIPAA (US standard) or PIPEDA (Canadian standard) ? This information will be very useful for us on considering using your tool. Thank you

0
0 votes

· Last Updated -

Comments

  • Kreete K
    Kreete K Moderator Posts: 232 PIPEDRIVE CUSTOMER SUPPORT
    100 Comments 5 Answers Second Anniversary 5 Likes
    edited June 27 #2

    Hello!

    Unfortunately, we are currently not HIPAA or PIPEDA compliant. We do have SOC2 and SOC3 certifications and are fully GDPR compliant.

    For more information, you can check our terms of service, and privacy policy or download additional resources under "Resources" and "Certificates" here: https://www.pipedrive.com/en/features/privacy-security

  • James Torres Manglona
    edited June 17 #3

    We are in compliance with the US and specifically for The State of Texas.

  • James Torres Manglona
    edited June 17 #4

    We are in compliance with the industry specific and not applicable to the whole international industry.

  • Eric A Gombrich
    Eric A Gombrich Posts: 9
    edited June 17 #5

    Please also know that in British Columbia, Canada, there are restrictions that impose even more stringent requirements than PIPEDA...

  • Mo Rea
    Mo Rea Posts: 29
    edited June 23 #6

    I don't understand where this question came from.  I'm from the US and work selling medical products.  As a CRM, I don't see why Pipedrive would have to be HIPAA compliant.  It's not marketed as a patient portal or anything to do with medical histories as far as I'm concerned.  Unless you were trying to use it specifically for campaigns to market to your patients.  In which case I would recommend straight mailchimp or similar service to add a widget to your website and add the required language for opting in.  On the other end I would suggest having the employee who manages the marketing sign something ensuring compliance (ie not adding people on facebook they see come in as patients). Hope this helps!

  • Gregory Anderson
    Gregory Anderson Posts: 3
    edited June 27 #7
    Kreete K said:

    Hello!

    Unfortunately, we are currently not HIPAA or PIPEDA compliant. We do have SOC2 and SOC3 certifications and are fully GDPR compliant.

    For more information, you can check our terms of service, and privacy policy or download additional resources under "Resources" and "Certificates" here: https://www.pipedrive.com/en/features/privacy-security

    Thanks Kreete, 

    Can you explain what criteria you are not meeting that you would need to in order to be hipaa compliant?