Skip to main content
Best answer

Why isn't HIPAA compliance supported?


Did this topic help you find an answer to your question?
Show first post
This post has been closed for comments. Please create a new post if you need help or have a question about this topic.

44 replies

Forum|alt.badge.img+3
  • Beginner
  • 87 replies
  • September 15, 2021

Sure I cast a paper ballot and you can count it twice!!

 

Yes you have my vote for HIPAA compliance.


SamB
Community Manager
Forum|alt.badge.img+11
  • Community Manager
  • 7811 replies
  • September 15, 2021

Hey @planitmars and @blueguy, welcome to the Community!

I’m happy to confirm that your votes have been added for Zapier to become HIPAA compliant. :)


  • New
  • 1 reply
  • December 23, 2021

As one of the many new healthcare tech startups flooding the market, I’ll mention my use case:  As a healthcare provider, I need a HIPAA compliant fax service.  Zendesk for enterprise, which is HIPAA compliant, is our front end, but has no fax features.   I signed up Fax.plus, and would love to use Zapier to integrate it with Zendesk, but activating the HIPAA compliance features of Fax.plus turns off integration with Zapier. 


Forum|alt.badge.img+3
  • Beginner
  • 87 replies
  • December 23, 2021

Dr. Case: 

I don’t know Zendesk or Fax.plus specifically but there are ways around this issue of using Zapier involving HIPAA compliant.

The primary things to understand are: 

  1. don’t send HIPAA compliant data to Zapier; that is, make sure there are no personal identifiers in the data that would make it HIPAA compliant
  2.  if you send data to Zapier, “tag it” with a number (i.e., submission ID) that you will use later to match up with the HIPAA compliant data once it is back in your HIPAA compliant system
  3. that should do it!

Happy Holidays!


christina.d
Forum|alt.badge.img+9
  • Zapier Staff
  • 2653 replies
  • December 24, 2021

Thanks for outlining your use case so clearly, @DrCase! I’ve passed your feedback and vote along to this feature request. While we don’t have updates to share at the moment around when/if this will become available, we’ll be sure to keep you in the loop as soon as we know more. 🙂


Zapier, 

Is there an update on HIPAA compliance certification? If not, please add my vote to the list. 

Thank you, 

William


christina.d
Forum|alt.badge.img+9
  • Zapier Staff
  • 2653 replies
  • January 27, 2022

Thanks for reaching out, @uuainsuranceplans! I don’t have any updates to provide at the moment but I did go ahead and share your thoughts with the team. We’ll be sure to keep you posted when and if we hear more about this. 🙂


+1000

Currently I can only use Zapier in a very limited fashion due to it lacking HIPAA compliance. Don’t make me switch! Some sort of official statement on Zapier’s plans would be most helpful.


christina.d
Forum|alt.badge.img+9
  • Zapier Staff
  • 2653 replies
  • February 8, 2022

Hi there, @Joseph Moore. Thank for reaching out and sharing your candid feedback! I’ve got your vote added to this feature request. While I don’t have an update or ETA to offer at the moment, we’ll definitely send an email as soon we have one to share.


Hey there @christina.d 

I also work at a health tech startup that would use Zapier, that would benefit a lot if you were HIPAA compliant. Please add my vote to this thread.


  • New
  • 1 reply
  • February 15, 2022

Pls add my vote as well. 


christina.d
Forum|alt.badge.img+9
  • Zapier Staff
  • 2653 replies
  • February 16, 2022

Hi there, @Leo Magalhaes and @Maggieh! Absolutely! I’ve got both of your votes added to that request. We’ll keep in you in the loop via email if and when this gets implemented. 🙂


  • New
  • 2 replies
  • April 14, 2022

Any updates on this

am going to have to leave and love Zapier !

 Thanks 


christina.d
Forum|alt.badge.img+9
  • Zapier Staff
  • 2653 replies
  • April 14, 2022

Hey there, @Solas. While I’m sorry to say, we don’t have any updates to share at the moment we definitely appreciate you checking back in. We’ll be sure to keep you and all the interested users in the loop though when and if this does go live. 


mobilityroute

It appears that with Zapier, most components if not all of the required and even most addressable requirements under HIPAA Security Rule are met.  

@DrCase , I would not recommend the advice from @blueguy without further consulting with an attorney.  §164.502(d) of the Privacy Rule permits a covered entity or its business associate to create information that is not individually identifiable by following the de-identification standard and implementation specifications in §164.514(a)-(b). However, I don’t believe the method suggested may meet those standards as it would still be a new individual identifier.

https://www.hhs.gov/hipaa/for-professionals/privacy/special-topics/de-identification/index.html#standard

Any organization dealing with ePHI should also carefully consult with an attorney who understands software/tech and HIPAA/HITECH regulations.

 

All technical requirements aside, Zapier must also offer to execute Business Associate Agreements as well-- which they do not. Users should not believe that they can be HIPAA compliant on the simple basis that Zapier is not providing any “guarantee” and that the User would be fully responsible, as the requirement for a BAA is a clear requirement in order to meet the standards under HIPAA/HITECH.
 

Additionally, if Zapier was to learn you are using the system to handle ePHI, it would automatically have obligations as outlined by federal law, which likely would mean it would have no choice but to suspend your services and make a report of the violation to the Office of Civil Rights for the US Dept. of Health and Human Services.

The lack of Zapier (or any vendor for that matter) not signing a BAA and not officially allowing their system for use with ePHI, does not mean they are completely resolved of obligations under the law should they become aware of it’s use with ePHI.

@christina.d , I hope this is something you review as well.


Count us out too. We have very big campaigns to automate for and HIPAA compliant tools are the only way we will. Does anybody have an alternative to Zapier that is HIPAA compliant?


mobilityroute
The Automator wrote:

Count us out too. We have very big campaigns to automate for and HIPAA compliant tools are the only way we will. Does anybody have an alternative to Zapier that is HIPAA compliant?

@The Automator 

Your only viable option is pretty much having an integration built between the two (or more) respective applications using their API’s you wish to integrate. We only use Zapier for non-HIPAA related matters, and even then due to Zapier costs and limitations in delays in tasks, some integrations a better done ourselves via those respective API’s.


  • New
  • 1 reply
  • May 27, 2022

Hi @SamB / @christina.d any updates on when the Zapier integration would be HIPAA compliant? If not, would Zapier be willing to sign a BAA with an organization? Thanks!


jesse
Forum|alt.badge.img+9
  • Architect
  • 1348 replies
  • May 27, 2022

 @The Automator and @akhp we have your interest recorded for this. Unfortunately, no updates as of yet. I am going to close this thread until we have an update to share but please feel free to direct follow-up questions around this topic to our support team and they can help in the meantime: https://zapier.com/app/get-help