1 min read

Is ACT! CRM HIPAA compliant? (2025 update)

Kirsten Peremore Oct 31, 2025 12:30:00 AM

HIPAA Compliance

Is ACT! CRM HIPAA compliant? (2025 update)

Based on our research, ACT! CRM is not HIPAA compliant because it does not meet the requirements set by the U.S. Department of Health and Human Services (HHS).

What is ACT! CRM?

ACT! CRM is a customer relationship management platform designed to help businesses manage contacts, automate sales communication, and streamline customer engagement. With ACT! CRM, users can organize customer data, track sales pipelines, send email marketing campaigns, and generate reports to support customer relationships and sales growth.

Will ACT! CRM sign a business associate agreement (BAA)?

No, ACT! CRM will not sign a business associate agreement.

Is ACT! CRM HIPAA compliant?

ACT! CRM does not sign a BAA, and as a result, it is not HIPAA compliant. Healthcare providers and business associates should avoid using ACT! CRM to store or process protected health information (PHI).

The HIPAA compliant solution: Paubox

Paubox has developed a HIPAA compliant email and texting solution that makes it easier for providers to connect with their patients. It eliminates the need for third-party apps or logins, allowing patients to receive secure, encrypted texts and emails directly on their phones.

Learn more: HIPAA Compliant Email: The Definitive Guide

FAQs

What is HIPAA?

HIPAA sets national standards for protecting the privacy and security of certain health information. HIPAA ensures healthcare organizations can securely exchange electronic health information, and violations can result in serious penalties.

Who does HIPAA apply to?

HIPAA applies to covered entities, including healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates that perform services involving PHI on behalf of covered entities.

What is a business associate agreement?

A BAA is a legally binding contract establishing responsibilities for protecting PHI between a HIPAA-covered entity and its business associate. Without a BAA, software cannot be used to store or transmit PHI in a HIPAA-regulated environment.