Agency Operations
      Back to home
      1. Vye Knowledge Center
      2. Agency Operations

      Managing Sensitive Data in HubSpot

      Internal reference for identifying, setting up, and supporting sensitive data clients in HubSpot.

      Overview

      Sensitive data in HubSpot refers to any information that requires special handling to maintain privacy, security, and compliance with data protection laws (such as HIPAA for healthcare organizations). Examples include personally identifiable information (PII) and protected health information (PHI), such as dates of birth, addresses, medical data, or social security numbers.

      HubSpot’s Sensitive Data Management features are designed for Enterprise-level accounts, providing configuration options that ensure data is masked, access-restricted, and fully auditable.

      This article outlines:

      • What qualifies as sensitive data
      • How to configure HubSpot for sensitive data handling
      • Best practices for permissions, access, and compliance

      1. Understanding Sensitive Data

      Sensitive data includes any information that could expose a client or patient to privacy risks if improperly accessed or shared. Common examples:

      • Personally Identifiable Information (PII): Name, date of birth, address, phone number, social security number
      • Protected Health Information (PHI): Medical records, health identifiers, account or insurance numbers
      • Other Sensitive Fields: Payment information, account credentials, or other regulated identifiers

      Best Practice: Only collect and store sensitive data that serves a defined, compliant business purpose.

      2. HubSpot Configuration for Sensitive Data

      Sensitive data handling is available only for Enterprise accounts. Once enabled and configured for HIPAA compliance, this setting is irreversible.

      Steps to Configure Sensitive Data in HubSpot

      1. Navigate to Privacy and Consent Settings
        • Go to Settings → Privacy & Consent → Data Sensitivity.
        • Enable the option to manage sensitive data.
      1. Create Sensitive Properties
        • Identify any properties that will store PHI or other sensitive data.
        • Mark these as Sensitive within property settings.
        • Assign the highest sensitivity level to fields that could contain PHI (e.g., “Additional Comments”).
      1. Restrict Access
        • Limit sensitive property visibility to Super Admins or users with explicit access.
        • Create custom permission sets for specific teams (e.g., partner admins, compliance officers).
      1. Audit Log Configuration
        • Access the Audit Log under Account Management.
        • This log tracks who views or modifies sensitive data fields.
          1. Use it for compliance monitoring and investigations as needed.
      1. Secure Importing
        • For clients migrating existing PHI, ensure secure import processes are followed.
        • Provide additional training if sensitive fields are imported from legacy systems.

      3. Handling Sensitive Data in HubSpot

      4. Unique Identifiers and Data Management

      When sensitive information (like account numbers) is required for tracking or deduplication:

      • Use custom unique identifiers in HubSpot (e.g., randomly generated codes).
      • This allows accurate record matching without storing actual sensitive values.
      • Avoid using email or company domains if unavailable—unique IDs can be used instead.

      5. Client Consultation and Education

      When working with clients in regulated industries, our job is to help them make smart, compliant decisions about collecting and managing sensitive data. Before setting anything up in HubSpot, we should help the client evaluate whether they actually need to collect sensitive information at all. Often, it’s best to start by understanding their goals—what they’re trying to do with the data—and then work backward to figure out the minimum amount of information needed to support those goals.

      We should also make sure clients understand what counts as sensitive data and how HubSpot’s sensitive data tools work to protect it. This includes explaining permission settings, audit logs, and the difference between standard and sensitive properties. Part of our role is to guide clients through safe practices for things like form setup, chatbots, and data storage, helping them avoid unnecessary risks.

      Whenever possible, we should encourage clients to use HubSpot’s built-in Sensitive Data settings instead of trying to manage these protections manually. This ensures the account stays compliant and that any sensitive information is properly secured within HubSpot’s framework.

      Additional resources