We're making it easier to get around Constant Contact with a brand new left navigation. Not all accounts have that change yet, so if your navigation looks different from our articles, that's why–but everything from the top can now be found on the left!

Email and Digital Marketing
How can we help you?
Search our help articles, video tutorials, and quickstart guides

You've got this. You've got us. Search our Knowledge Base to quickly find answers to your questions.

Business Associate Agreements (BAAs)

Article: 000006240
Updated: August 5, 2024

Request a BAA from Constant Contact to comply with HIPAA regulations

Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), covered entities have an obligation to safeguard the protected health information (PHI) of their patients and, in certain circumstances, require their business associates to enter into a business associate agreement (BAA) that meets the requirements of HIPAA. Constant Contact could be considered a business associate to certain customers that handle PHI.

If you are a covered entity, and require a business associate agreement, please contact us at legal@constantcontact.com to request a business associate agreement prior to using our services with your email subscribers. You'll send the signed agreement back to us at the same email address.

Constant Contact will only sign our business associate agreement. We cannot make any changes to our standard form of business associate agreement under any circumstances.

Please note that you:

  • Are responsible for your compliance with HIPAA and we recommend you discuss your legal obligations under HIPAA with an attorney that specializes in this area.
  • Should not to import or incorporate any PHI in the services other than the fact that the individuals on your email subscriber lists may have a relationship with your business.
  • Are responsible for the types of data you store in your Constant Contact account and any requests by your subscribers for their data should go to you.
  • Are responsible for creating strong passwords for your Constant Contact account, ensuring that multi-factor authentication is enabled on your Constant Contact account, and taking advantage of our multi-user capabilities (if applicable). If you have more than one person working in your account, check out how to allow additional users by assigning additional users a role to limit access within your account.
  • Must abide by our Terms of Service, which prohibit sensitive personal or health information of any kind, including sensitive PHI (for example: mental health, substance abuse, or HIV information) from being stored on or transmitted through our systems, except for the contact information of your email subscribers. Our services were not built for electronic medical records (EMR). If you have such information to send, please do not use Constant Contact.

Finally, as required under HIPAA, we employ administrative, physical, and technical safeguards to protect all of our customers’ subscriber data. More information on HIPAA can be found at the Department of Health and Human Services (HHS).

 

Any links we provide from non-Constant Contact sites or information about non-Constant Contact products or services are provided as a courtesy and should not be construed as an endorsement by Constant Contact.


Questions?

Ask the Community

Did this article answer your question?


Constant Contact Logo

Copyright © 2025 · All Rights Reserved · Constant Contact · Privacy Center