Engaging Networks, a leading provider of digital fundraising and marketing software for nonprofits, announced the successful completion of a rigorous, third-party validation of its compliance with the Health Information Portability and Accountability Act (HIPAA).

This comprehensive assessment was conducted by ControlCase, a global leader in compliance, certification, and security services.

This critical achievement establishes Engaging Networks as a fully verified Business Associate (BA), confirming that its platform has implemented the necessary administrative, technical, and physical safeguards to protect Electronic Protected Health Information (ePHI) maintained on behalf of its healthcare clients.

“Hospitals and healthcare organizations deserve to know that their HIPAA data will be kept safe, secure, and private,” Clinton O’Brien, President and Chief Operating Officer of Engaging Networks, said. “They shouldn’t have to take our word for it, either. Many other software companies only ‘self-attest’ to being HIPAA compliant, in effect ‘grading their own homework.’ In contrast, we underwent a rigorous outside audit to prove that Engaging Networks truly is a secure fundraising platform in which health organizations can confidently store valuable PHI and donor data. As an independent technology company with no outside owners or investors trying to tell us what to do, Engaging Networks is answerable only to our clients. That’s why we never stop working to earn and remain worthy of our clients’ trust.”

A New Level of Trust for Grateful Patient Giving Programs

HIPAA compliance is uniquely vital for medical-related nonprofits, especially hospital foundations that rely on Grateful Patient Giving programs. Engaging Networks’ third-party validated compliance offers specific advantages for these organizations:

• Enabling Digital Personalization Safely: Compliance ensures that fundraising teams can leverage permissible data for Digital Grateful Patient Giving to create highly personalized, relevant outreach while strictly protecting PHI and respecting the boundary between medical and fundraising data.
• Meeting Donor Expectations: Today’s donors, especially those who are also patients, expect their medical information to be handled with the highest degree of privacy and security. Demonstrating third-party validated HIPAA compliance is a powerful way to signal to these donors that their information is safe and respected, reinforcing donor loyalty.
• Mitigating Hospital Nervousness: The independent validation provides a crucial layer of trust and security, giving hospitals peace of mind that their associated fundraising arm is partnered with a vendor that internally guards and manages sensitive data.
• Demonstrating Internal Commitment: The validation confirms that Engaging Networks follows critical security protocols internally, including:
  • Data Minimization: Erasing certain data elements where appropriate.
  • Vendor Accountability: Avoiding the use of unverified downstream subcontractors.

“Many companies view security as a simple formality to acquire or retain clients,” Tiffany Ramzy, Head of Compliance and Risk at Engaging Networks, said. “At Engaging Networks, we fundamentally understand that the security around sensitive data is the core foundation of our long-term client relationships. This comprehensive, third-party validation — as well as security and data governance, generally — reinforces our commitment to safeguarding every piece of our clients’ information with integrity.”

The Strategic Advantage of Verifiable Compliance

For Covered Entities (CEs) in the healthcare philanthropy space, compliance verification is increasingly important as they seek to align their operations with proposed requirements to obtain written verification of BA compliance. Engaging Networks’ proactive step provides immediate, strategic value:

• Minimizes Legal and Financial Risk: The validation confirms that Engaging Networks has addressed common areas of BA compliance, including robust incident management preparation and the strict application of the minimum necessary standard to PHI access.
• Simplifies Due Diligence: The third-party validation significantly reduces the due diligence burden for healthcare organizations when executing the legally required Business Associate Agreement (BAA).
• Future-Proofing for Regulatory Alignment: This external validation aligns with the objective of HHS’ proposed rules to obtain written verifications from BAs, ensuring clients can continue providing services without disruption as new mandates are finalized.

What Is HIPAA and Why Does It Matter for Nonprofits?

The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. federal law enacted in 1996 that sets national standards for the protection of sensitive patient health information. HIPAA’s primary goal is to ensure that Protected Health Information (PHI) is kept private and secure while allowing the necessary flow of information for high-quality healthcare.

For healthcare foundations and hospital philanthropy teams, HIPAA compliance is essential because:

• Covered Entities and Business Associates: Hospitals are “Covered Entities,” while their software providers (like Engaging Networks) are “Business Associates.” Both must comply with HIPAA standards to protect patient and donor data.
• The Security Rule: This requires the implementation of administrative, physical, and technical safeguards, such as encryption and access controls, to ensure the confidentiality and integrity of electronic health data.
• Trust and Ethics: Beyond legal mandates, HIPAA compliance represents an ethical commitment to the donors and patients who fuel medical research and healthcare innovation.

“Too many platforms treat HIPAA as a checkbox. Engaging Networks took the harder path with independent validation, and that matters,” Paul St Onge, CEO and Co-Founder at Doing Good Digital, said. “For our healthcare clients, it’s the difference between hesitation and confidence when scaling digital grateful patient engagement.”

HIPAA compliance adds to Engaging Networks’ existing suite of data security and privacy assurances, which includes SOC2 (Service Organization Control 2), and PCI DSS (Payment Card Industry Data Security Standards).

The HIPAA compliance validation was officially announced on December 10, 2025.

Register for Our Upcoming Panel Discussion

The move toward third-party HIPAA validation is changing how hospital foundations approach digital growth. To dive deeper into these trends, join Engaging Networks, Doing Good Digital, and Children’s Wisconsin on February 5, 2026, for a special panel discussion:

What Hospital Foundations Need to Get Right About Data, Security, and Digital Fundraising

In this session, we will explore:

• Why the definition of “HIPAA Compliant” is changing and what to look for in a technology or services partner
• How to balance high-touch personalization in Grateful Patient programs with strict data governance
• First-hand insights from Children’s Wisconsin on how security impacts internal buy-in and platform decisions

Save your spot for the February 5th Webinar →