Understanding Sensitive Data and How to Utilize Sensitive Data with HubSpot

Table of Contents:

1. What to do when you see sensitive data
2. Understanding sensitive data
3. HubSpot configurations for sensitive data
4. Handling sensitive data in HubSpot 
5. Unique identifiers and data management

Sensitive data in HubSpot includes any information requiring special handling to maintain privacy, security, and compliance (e.g., HIPAA, financial data protection). This may include PII (like names, DOBs) and PHI (like medical or insurance details).

⚠️ Important: Sensitive Data Settings are available only in HubSpot Enterprise accounts.
Once enabled, this configuration is irreversible — proceed with caution and full compliance review.

---

🚩What to do when you see sensitive data:

If you see a sensitive property during discovery, HubSpot audits, or portal reviews

• Flag it internally in your discovery notes.
• Notify your Project Lead or Compliance contact at Vye.
• Ensure someone at Vye remains a SUPER ADMIN throughout the entire process. Without this, we will be unable to edit or view any data. 
• Do not modify, export, or import that data without proper authorization.

Not sure where sensitive data lives? Check out this video below ⬇️

 

When advising clients in regulated industries:

1. Start with “Why.”
Confirm the business reason for collecting sensitive data.
→ If it’s not required for a clear goal, don’t collect it.

2. Define “What’s Sensitive.”
Ensure clients understand what qualifies as sensitive (PII, PHI, payment info, etc.) and how HubSpot protects it through Sensitive Data settings, permissions, and audit logs.

3. Use HubSpot’s Built-In Protections.
Always rely on HubSpot’s Sensitive Data framework—never manage these protections manually.
→ This keeps the account compliant and data secure.

---

1. Understanding Sensitive Data

Sensitive data includes any information that could expose a client, patient, or customer to privacy risks if improperly accessed or shared. Common examples:

• Personally Identifiable Information (PII): Name, date of birth, address, phone number, social security number
• Protected Health Information (PHI): Medical records, health identifiers, account or insurance numbers
• Other Sensitive Fields: Payment information, account credentials, or other regulated identifiers

Ask yourself:

1️⃣ Does this data identify a person? (name, DOB, phone, email)
2️⃣ Is the form related to health, treatment, patients, or providers? OR
3️⃣For Finance, can it identify a person and it relates to their finances?

If yes to both 1 and 2 or 1 and 3, it’s Sensitive Data.

Best Practice: Only collect and store sensitive data that serves a defined, compliant business purpose.

---

2. HubSpot Configuration for Sensitive Data

Sensitive data handling is available only with HubSpot Enterprise subscriptions. Once enabled and configured for HIPAA compliance, this setting is irreversible.

Steps to Configure Sensitive Data in HubSpot

1. Navigate to Privacy and Consent Settings
   
   1. Go to Settings → Privacy & Consent → Data Sensitivity.
   2. Enable the option to manage sensitive data.
2. Create Sensitive Properties
   
   1. Identify any properties that will store PHI or other sensitive data.
   2. Mark these as Sensitive within property settings.
   3. Assign the highest sensitivity level to fields that could contain PHI (e.g., “Additional Comments”).
3. Restrict Access
   
   1. Limit sensitive property visibility to Super Admins or users with explicit access.
   2. Create custom permission sets for specific teams (e.g., partner admins, compliance officers).
4. Audit Log Configuration
   
   1. Access the Audit Log under Account Management.
   2. This log tracks who views or modifies sensitive data fields.
   3. Use it for compliance monitoring and investigations as needed.
5. Secure Importing
   
   1. For clients migrating existing PHI, ensure secure import processes are followed.
   2. Provide additional training if sensitive fields are imported from legacy systems.

PLEASE NOTE: To enable and update these settings the user must be a Super Admin in the client's portal. Additionally, by default Partner Admins are enabled to see sensitive data. Utilize the teams settings to ensure only the individuals who absolutely need to view sensitive data have access.

---

3. Handling Sensitive Data in HubSpot

---

4. Unique Identifiers and Data Management

When sensitive information (like account numbers) is required for tracking or deduplication:

• Use custom unique identifiers in HubSpot (e.g., randomly generated codes).
• This allows accurate record matching without storing actual sensitive values.
• Avoid using email or company domains if unavailable—unique IDs can be used instead.

 

Additional resources

• For more information about HubSpot’s security program, refer to the HubSpot Trust Center.
• To learn how Sensitive Data affects other HubSpot tools, refer to this article.
• To learn how to manage Sensitive Data via API, refer to the developer documentation.