HIPAA Compliance and ActiveDEMAND

Getting a BAA for HIPPA Compliance

ActiveDEMAND has a strong focus on security. For customers in the healthcare sector who process Electronic Personal Health Information (ePHI), ActiveDEMAND can help support compliance by executing a Business Associate Agreement (BAA) along with the customer.

For customers who are processing ePHI and are bound by HIPAA, they have to follow mandatory steps to establish a Secure Operating Environment (SOE).
Steps include:

SOE Compliance

Restrict Access

ActiveDEMAND supports multiple roles with different access capabilities. To reduce risk, employees and agents should only have the minimum access levels required to do their job.

IP Whitelisting

Whitelist IPs to only those users who should be able to access the platform.

Agent end-point computer security

Keep employee and agent end-points (computers, phones, any device used to access ActiveDEMAND) secure. The software must remain up to date and logins must be appropriately difficult to attack. Consult your IT company for structure on securing end-point access.


Using secure SSL communication is required. ActiveDEMAND requires the use of secure HTTPS and SSL to access the platform.

Mandatory Two-Factor Authentication (2FA) and password complexity

2FA and password complexity standards must be configured inside ActiveDEMAND and enforced on users.

User Data Rights

ActiveDEMAND supports user data rights. Customers can configure ActiveDEMAND to allow end-users to download and/or request deletion of their data (similar to a “Forget me” request in GDPR or personal data deletion requests in CCPA)

Book a free demo

Case Study



5-star   Reviews by G2 Crowd

"ActiveDEMAND allows us to deliver very specific marketing messages to our customers and easily measure their response. This enables us to tailor our messaging based on real data. All of this without breaking stride in delivering serve to our customers."

Ryan Plester, Administrator, WRA

Free Demo