Is Affise HIPAA compliant? (2025 update)

Based on our research, Affise is not HIPAA compliant because it does not meet the requirements set by the U.S. Department of Health and Human Services (HHS) to safeguard protected health information (PHI).

What is Affise?

Affise is a performance marketing and affiliate tracking platform that helps advertisers, networks, and agencies run, track, and optimize partner marketing campaigns. With Affise, organizations can manage attribution, reporting, and partner payouts while using tools for tracking and analytics. Our one-sentence HIPAA assessment. Affise is an adtech vendor and not positioned as a HIPAA-focused service, so it is not suitable for handling PHI in covered-entity scenarios.

Will Affise sign a business associate agreement (BAA)?

No. Affise does not publish a business associate agreement on its privacy or legal pages, and we found no public statement that Affise will sign a BAA. Covered entities should treat Affise as a non-BAA vendor and avoid sending PHI to the service unless an executed BAA is obtained.

What does Affise’s privacy/controls cover?

Affise’s e-privacy white paper and privacy materials describe commitments to data protection and list technical and organizational measures oriented toward adtech use cases and privacy laws such as GDPR and ePrivacy. Key controls and practices they describe include:

• Data minimization for tracking and attribution data.
• Role-based access controls and staff security practices.
• Encryption of sensitive data in transit and at rest where applicable.
• Logging, monitoring, and incident response procedures.
• Breach notification processes aligned with their legal obligations.
• Affise focuses on general privacy and security for advertising and analytics data rather than HIPAA-specific protections or contractual commitments required for PHI handling.

Is Affise HIPAA compliant?

Affise does not sign a BAA, and as a result, is not HIPAA compliant. Covered entities should not send PHI to Affise unless an executed BAA is in place that clearly covers the intended PHI uses.

The HIPAA compliant solution: Paubox

Paubox has developed a HIPAA compliant email and texting solution that makes it easier for providers to connect with their patients. It eliminates the need for third-party apps or logins, allowing patients to receive secure, encrypted texts and emails directly on their phones.

Learn more: HIPAA Compliant Email: The Definitive Guide

FAQs

What is HIPAA?

HIPAA sets national standards for protecting the privacy and security of certain health information. HIPAA protects the privacy and security of individuals’ health information and ensures that healthcare providers and insurers can securely exchange electronic health information. Violations of HIPAA can result in significant fines and penalties for covered entities.

Who does HIPAA apply to?

HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. Business associates are entities that perform functions or activities on behalf of a covered entity and have access to PHI.

What is a business associate agreement?

A BAA is a legally binding contract that establishes a relationship between a covered entity under HIPAA and its business associates. The agreement ensures the proper protection of PHI as required by HIPAA regulations.