Hightouch for Healthcare — HIPAA-Compliant CDP (2026)

Hightouch's product page for healthcare customers, covering HIPAA compliance posture and the BAA process.

Key facts surfaced (2026-05-06, via search):

• BAA: Hightouch is HIPAA-compliant and provides a standard BAA for customer signature; can also work with existing customer BAAs.
• Why warehouse-native simplifies HIPAA: Hightouch does not store customer data. All processing runs within the customer's own data warehouse. PHI never leaves the customer's controlled environment.
• Compliance posture: Granular access controls, data governance, audit logging at the warehouse layer.
• Contrast with traditional CDPs: Traditional packaged CDPs ingest and store data in a vendor-controlled environment, which creates BAA complexity and PHI exposure. Hightouch avoids this by design.

Relationship to existing KG nodes:

• Supports vendor.hightouch candidate node HIPAA subsection (drafted in evolution-log/2026-05-06/web-refresh.md).
• Relevant to org-dim/industry.healthcare.md — healthcare-specific CDP vendor selection guidance.
• Addresses "HIPAA-compliant CDP vendors" queue topic.