Back to overview

Can you work with HubSpot and still be HIPAA compliant?

Author avatar Davey Minkhorst
Dec 12, 2022
CRM Operations
blog thumb
background visual
Can you work with HubSpot and still be HIPAA compliant?

From e-commerce to the medical industry: everyone loves HubSpot. Its user-friendliness is one of the main reasons people choose HubSpot. But in any industry nowadays, data is a sensitive factor. Especially medical data.

How can you benefit from all HubSpot has to offer, while keeping your medical data safe? Let’s take a look at what the issue is, and how we can solve it. We’ll give you a real example of one of our clients to demonstrate the possibilities, so read on!

The challenge

First things first: it is legally not allowed to store medical data in HubSpot. That doesn’t mean you can’t use HubSpot and its features at all, though.

We often see organizations using HubSpot Marketing Hub and Sales Hub for attracting new clients or patients. But as soon as someone actually becomes a client or patient, their data is stored in an EPD. There, you organize reminders for appointments, medical files, and data on the client. The issue here is that you’ll work with two systems — one for marketing and sales, and one for actual patients. Looking for information can become a time-consuming activity, and it’s harder to create complete analyses and detailed reports. And that’s what you’ll need to make well-thought-out decisions for your business.

The solution

A smooth HubSpot integration. With the right expertise, it’s possible to connect both systems in a way that your staff with medical access can work within the two systems, while it feels like working in just 1 tool. Meanwhile, your sales and marketing team won’t have access to sensitive data, only the data they need to grow your business and deliver top-notch customer service. Simply put: they will know where the client is in their customer journey, but not what’s happening practically.

Case: Synthesis Retreat

For our customer Synthesis Retreat, a medical screening is part of the customer journey. An important part, actually. It’s the tipping point from lead to customer, but both marketing and sales and medical professionals are involved.


Synthesis is a legal, medically supervised, truffle retreat center for professionals to experience personal growth, emotional breakthroughs, and spiritual development. To ensure a safe experience on their retreats, customers will have to fill out an extensive health screener before participating, to see if they will make a safe fit.

How did we take care of this challenge regarding sensitive yet crucial information? Once someone signs up, HubSpot will note that they’re showing interest in a retreat and store relevant data on the customer.

The medical data will be stored in EPD, completely separated from HubSpot and completely HIPAA compliant. Later on, doctors can access this to decide whether or not someone can take part in the retreat.

Their verdict, without any personal information or explanation, is synced with HubSpot — for instance like a simple Yes or No — so the sales team can take up the next steps in the customer journey.

Wiljekoffie: get it right

The question isn’t if you can store medical data safely, it’s how. We’ve got the answer. Data storage isn’t some side project in your organization, it has become one of the key components of a successful business — just look at the risks.

Do you want to proactively show that you put privacy first? We’re here to help. Benefit from everything HubSpot has to offer, all while keeping your data safe.

Let’s talk integrations:

Get in touchGet in touch