Sensitive Data and HIPAA Compliance in HubSpot

A quick overview on sensitive data and HIPAA Compliance features in HubSpot

These features are new and/or in beta so there will be more information coming out.

Important Terms on this page:

  • HIPAA: Health Insurance Portability and Accountability Act
  • BAA: Business Associate Agreement
  • PHI: Protected Health Information

Relevant HubSpot Features:

  1. Store Sensitive Data (HubSpot KB link)
  2. Store protected health data in HubSpot (BETA) (HubSpot KB link)

Store Sensitive Data

  • If this setting is turned on in your HubSpot portal, you will gain the ability to create custom properties to store sensitive data, and restrict user access to those properties using field level permissions.
  • This page outlines permitted sensitive data.
  • Once you turn on sensitive data you cannot turn it off in your portal.
  • Only Super Admins can create sensitive data properties.
  • Sensitive data properties can be used in forms.

Question: Do you need to store full credit card numbers?

If YES, this is not yet available as a feature in HubSpot and sensitive data settings don't permit this.


Question: Do you need to store passport numbers, drivers license numbers, last 4 digits of card or account numbers, income/salary information, gender, age or other demographics?

If YES, you can use sensitive data settings in HubSpot.


Example of creating a new sensitive data property:

image (4)

Example logged in as a non-Super Admin, who cannot see the sensitive data:

image (5)

Store protected health data

Health data subject to HIPAA is NOT included as permitted in Sensitive Data.

If you need to store HIPAA health data, then you need to utilise the HIPAA public BETA.

Question: Is your organisation a HIPAA-covered entity or will you need a BAA?

If YES, utilise the public beta for HIPAA.

If NO, you may want to utilise the sensitive data features.

Go to your HubSpot Account > Product Updates and search 'Store HIPAA data in HubSpot' to find more information about the beta.


The process to create sensitive data properties with HIPAA health data is the same as above, but you'll also need to select: