HIPAA CALL TRACKING

Keep your patients’ data safe, private and compliant.

Nimbata is a HIPAA-ready call tracking software enabling healthcare marketers stay compliant as they run ads protecting the privacy of first-party patient data (PHI).

Become a Partner

HIPAA Call Tracking for Healthcare Marketers

Get the customer data you need to grow your business, all in a HIPAA-compliant way

Nimbata is loaded with powerful features to help you protect any sensitive patient information using best-in-class security and encryption standards. Use a business associate agreement (BAA) so your organization can collect health information safely and securely.

HIPAA Call Tracking blog posts visuals new 14

Keep customer data private by default

Safely send customer data to destinations that are not HIPAA compliant, like Google Analytics, so you can track behavior without revealing who the user is. Nimbata Privacy Shield capabilities means nimbata removes/hashes user identifiers and redacts any fields containing protected health information (PHI) in an irreversible way out of the box, eliminating any possible leak.

Reduce Compliance Risk

Nimbata HiPAA accounts provide the ability to enforce high security measures such as automatically blocking PHI in event notifications, user properties, reducing compliance risks in integrations

HIPAA Call Tracking Copy of HIPAA Compliant Account

HIPAA Call Tracking blog posts visuals new 15

Build better audiences with PHI, advertise without it

Big Ad Platforms like Google and Meta aren’t privacy first and dont sign BAAs. This prevents healthcare organizations to leverage customer data for ad campaigns.

Nimbata helps you build target-rich audiences using PHI in a BAA-protected platform, then sends the user data without PHI to your ad platform.

Nimbata’s security features in compliance with HIPAA

Handing Personal Information

All Personally Identifiable Information (PII) under healthcare accounts are encrypted and stored on secure servers to ensure its protection. For further security, this information isn’t included in Email Notifications.

Data Encryption

Nimbata helps protect any Patient data (PHI) by encrypting your information during transit and at rest, helps protect your HIPAA data.

Secure User-level permissions

No need for coding or complex interfaces. With Nimbata’s click-n-play functionality, you can design advanced processes, automations, and call flows, as easily as playing with Lego blocks. Just Click-n-play!

BAA for full protection

Seamlessly integrate your call data with your favorite apps, from CRMs like HubSpot, Salesforce, ZOHO, and Pipedrive to ad platforms such as Meta, Google, and Bing Ads, or reporting tools.

FAQ

Is Call Tracking HIPAA-compliant?

If you work in or for organizations in the healthcare industry, you need HIPAA-compliant call tracking and conversion attribution software. It’s a legal requirement and improves the patient experience since they can be confident their information is safe.
When the proper physical, technical, and administrative safeguards are in place, call tracking can maintain HIPAA compliance. Leveraging providers like Nimbata that follow the needed security measures ensures your marketing activity and advertising campaign can maintain the confidentiality, integrity, and security of any protected health information you store or communicate with other authorized parties/services.

What HIPAA regulations apply to call tracking?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a U.S federal law established to protect private health information. HIPAA encompasses the following four rules that control how PHI is safeguarded and managed.
Privacy Rule: Instructions regarding an individual’s right to manage how their identifiable health information is used
Security Rule: A series of guidelines to safely manage the confidentiality, integrity, and accessibility of electronic PHI as it’s created, distributed, managed, and received (e.g. regular risk assessments).
Enforcement Rule: Provisions for holding covered entities and associates accountable through financial penalties and court procedures.
Breach Notification Rule: Requirements for when (within 60 days) and how covered entities and business associates notify related parties about a breach of PHI.

How do I know the calls are secure and HIPAA compliant?

We take safeguarding patient health information seriously. To protect PHI and adhere to HIPAA and other industry regulations, we secure our text message solution with a comprehensive scope of physical, technical, and administrative safeguards. We also use encryption to ensure sensitive information remains confidential and secure by being unreadable by unauthorized third parties.

Does Nimbata offer HIPAA Compliant Call Tracking?

HIPAA provides foundational guidelines surrounding the release of sensitive data that is considered protected health information (PHI). By design, Nimbata offers a range of features to enable marketers to run marketing campaigns in a HIPAA-compliant way, including Nimbata privacy shield for handling sensitive data and PHI, securing data with Data Encryption, allowing Secured Account Access, Auditing of account Activities.
On top of the features, we offer to sign a Business Associate Agreement (BAA) to maintain PHI security.
Users with a Marketing or Agency Plan need to elect to switch their account to the HIPAA-ready account type and leverage Nibmata in a HIPAA-compliant manner.
There is no official HIPAA/HITECH certification. In order to support HIPAA compliance, Nimbata has reviewed the HIPAA regulations and updated its product, policies and procedures to be HIPAA compliant.

Is activating the HIPAA account enough to be compliant?

While Nimbata has taken appropriate measures for the security, privacy of sensitive information, customers are responsible for requesting the correct configuration in Nimbata, as well as any connected system or integration, in order to meet their needs for enforcing policies in their organizations to meet HIPAA compliance.

How can I get a BAA in place with Nimbata?

To get a Business Associate agreement, you can visit your account settings and elect to convert your account to a “HIPAA Account”. You can also contact your Nimbata Growth specialist or talk to an expert to learn more.

How does Nimbata handle Protected Health Information?

It is important to understand that not all modules of nimbata require capturing, recording, or storing sensitive information such as personal data or protected health information. That being said, in the event that your needs when performing marketing activities and call tracking are such that require you to keep certain sensitive data, Nimbata allows you to take utmost care when it comes to handling PHI. This happens in two pillars: a) flexibility to mask/ redact certain data types or choose what to store. b) If the use of call tracking requires storing any data deemed sensitive, Nimbata allows users to convert their account to a HIPAA account, in which case we can sign a Business Associate agreement which helps reassure how we handle and secure ePHI.

Is the HIPAA-ready version of Nimbata different from the non-HIPAA eligible version?

No. Nimbata’s HIPAA-ready accounts have the necessary security controls to support HIPAA, but their functionality does not change. However, there may be customer requirements that need to be implemented on a case-by-case basis.

Is there a separate charge for signing a BAA with Nimbata?

Customers wishing to sign a BAA with Nimbata must have a HIPAA enabled account which is offered only in the Marketing and Agency Plan. Please contact support or talk to one of our product experts.

Are Ad-tech platforms like Google Ads or Facebook HIPAA compliant?

This can vary on the different capabilities of the platform and the features that you utilize. More often than not ad platforms require data to perform their targeting and the more data you provide the more likely you are to risk to provide sensitive data as well. However, beyond the security and privacy features, the BAA is a key component of HIPAA compliance and many ad tech platforms like Google Ads or Facebook does not offer a BAA. Furthermore, ad platforms offer retargeting capabilities which rely on collecting user data for their advertising program.

Need some more information? Contact us!

Talk to a product specialist!

Call Activity View - Nimbata Call Tracking