Are Facebook Ads HIPAA compliant? (2025 update)

Based on our research, Facebook Ads is not HIPAA compliant because it does not meet the requirements set by the U.S. Department of Health and Human Services (HHS) to safeguard protected health information (PHI).

What is Facebook Ads?

Facebook Ads is an online advertising platform that allows businesses to promote their products and services across Meta’s ecosystem, including Facebook, Instagram, WhatsApp, and Messenger. The platform provides tools for businesses to create targeted ad campaigns aimed at increasing engagement, boosting sales, and driving traffic.

However, Facebook Ads is not HIPAA compliant because Meta does not offer sufficient safeguards for PHI, and there is no mechanism to ensure compliance with HIPAA security and privacy requirements. 

Related: Are Facebook Ads HIPAA compliant? (2025 update)

Will Facebook Ads sign a business associate agreement (BAA)?

No, Facebook Ads will not sign a business associate agreement, and therefore, it is not HIPAA compliant.

Are Facebook Ads HIPAA compliant?

Facebook Ads does not sign a BAA and lacks the necessary security measures to protect PHI. As a result, it is not HIPAA compliant.

The HIPAA compliant solution: Paubox

Paubox has developed a HIPAA compliant email and texting solution that makes it easier for providers to connect with their patients. It eliminates the need for third-party apps or logins, allowing patients to receive secure, encrypted texts and emails directly on their phones.

FAQs

What is HIPAA?

HIPAA sets national standards for protecting the privacy and security of certain health information, known as PHI. HIPAA ensures that healthcare providers and insurers can securely exchange electronic health information. Violations of HIPAA can result in significant fines and penalties for covered entities.

Who does HIPAA apply to?

HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates—third-party vendors that perform certain functions or activities on behalf of covered entities.

What is a business associate agreement?

A BAA is a legally binding contract that establishes a relationship between a HIPAA-covered entity and a business associate.