Will make.com sign a BAA for HIPPA?

Rapidly expanding sector of private businesses in health industries under HIPPA compliance are heavy into marketing and sales CRMs, appointment management, etc. I’m seeing a bunch of integration companies popping up with marketing specifically saying make.com isn’t HIPPA compliant and they are… trying to siphon people away from here. Given this is the greatest integration platform on the planet… how do we ensure make.com captures this entire industry?

Welcome to the Make community!

This is correct. Make is currently not HIPPA compliant, last known Feb 2023:

For more information, see Is make HIPPA compliant? - #2 by Michaela

That’s a great idea! You can submit this suggestion to the Idea exchange, under Platform ideas and improvements.

Don’t forget to search for it first, just in case someone already suggested it, so that you don’t end up creating a duplicate.
Screenshot_2024-01-17_130153

2 Likes

It appears Make actually meets the HIPPA requirements according to the Data Processing Agreement, and it doesn’t need to be certified HIPPA compliant to be used by healthcare. It only needs to sign a BAA (Business Associate Agreement) which is near identical to the Data Processing Agreement they already sign, just with some additional specific references to health data. i.e. use the term “Patient Data” instead of “PII” and make some references to HIPPA.

It would seem that Make could easily have a BAA setup that is really just a healthcare version of the DPA that already exists and open up this entire marketplace. As healthcare has finally moved to being cloud based, there’s an enormous amount of integration needs between the healthcare systems and all the regular software integrations already in Make.

Easy fix. One document. No other changes needed that I can see.

@samliew Would Make sign a BAA?

For an official response regarding this, you will want to contact support directly.

Hope you can share the resolution with us if you manage to solve this problem!

2 Likes

Unfortunately, they refuse. It’s too bad because they have all the pieces in place but won’t do it. Almost every company that has an integration with Make will sign one… Google, Microsoft, Zoom, slack, Shopify, mailchimp, hubspot, adobe, heck, even OpenAI with all their data/privacy questions will sign one, just to give you an idea of the broad range of companies that provide a BAA. It’s very very common. Now imagine any type of health clinic, dentist, all the way up to a health insurance company who uses any of these standard softwares will not be able to use Make for their integrations. This has proven to be a massive boom as health data has moved to the cloud and I’m seeing integration startup companies raising 8 figure rounds just by advertising against how make and zap won’t provide a BAA and they will.

Big opportunity. Just imagine how much data needs to move around. Probably 80% of America is in 10+ different medical databases somewhere.

Kinda silly that we may need to change integration software because of it…