Based on our research, Facebook Ads is not HIPAA compliant because it does not meet the requirements set by the U.S. Department of Health and Human Services (HHS) to safeguard protected health information (PHI).
Facebook Ads is an online advertising platform that allows businesses to promote their products and services across Meta’s ecosystem, including Facebook, Instagram, WhatsApp, and Messenger. The platform provides tools for businesses to create targeted ad campaigns aimed at increasing engagement, boosting sales, and driving traffic.
However, Facebook Ads is not HIPAA compliant because Meta does not offer sufficient safeguards for PHI, and there is no mechanism to ensure compliance with HIPAA security and privacy requirements.
Related: Are Facebook Ads HIPAA compliant? (2025 update)
No, Facebook Ads will not sign a business associate agreement, and therefore, it is not HIPAA compliant.
Facebook Ads does not sign a BAA and lacks the necessary security measures to protect PHI. As a result, it is not HIPAA compliant.
Paubox has developed a HIPAA compliant email and texting solution that makes it easier for providers to connect with their patients. It eliminates the need for third-party apps or logins, allowing patients to receive secure, encrypted texts and emails directly on their phones.
HIPAA sets national standards for protecting the privacy and security of certain health information, known as PHI. HIPAA ensures that healthcare providers and insurers can securely exchange electronic health information. Violations of HIPAA can result in significant fines and penalties for covered entities.
HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates—third-party vendors that perform certain functions or activities on behalf of covered entities.
A BAA is a legally binding contract that establishes a relationship between a HIPAA-covered entity and a business associate.