1 min read

Is ChatBot HIPAA compliant?

Hannah Trum December 3, 2020

HIPAA compliance
ChatBot logo
ChatBot logo Adding a live chat feature to your website can make it easy to communicate with patients. However, for those in healthcare who handle protected health information (PHI), your live chat option must be HIPAA compliant. Today let’s look at ChatBot for HIPAA compliance.

About ChatBot

ChatBot is an “all-in-one platform to build and launch conversational chatbots without coding.”  Features of ChatBot include ready-to-use templates, open API, metrics and reporting, and app integration (such as Facebook Messenger or LiveChat ).

 

ChatBot and business associate agreements

A covered entity and a business associate must sign a business associate agreement (BAA) to remain HIPAA compliant. We found no information about BAAs on ChatBot’s website.

 

ChatBot and PHI

PHI is considered any type of information that can identify a patient which is used during patient care. Keeping PHI safe from data breaches (intentional or accidental) is a key factor of HIPAA compliance.  ChatBot offers no information about PHI on its website.  The company does, however, collect personal information about its users. Per its privacy policy , personal information includes usernames, age, addresses, contact details, chat history, and credit card information.  ChatBot does allow authorized employees and third parties, such as contractors or partners, to access this information.

 

Conclusion

One of the key components of HIPAA compliance is an executed BAA. We found no information on ChatBot’s willingness to sign a BAA. Therefore ChatBot is not HIPAA compliant.  Covered entities who chose to use ChatBot as a live chat option on their websites must not use, send, or store any PHI on the platform.

 

Communicate directly with HIPAA compliant email

Live chat solutions can offer an easy way to speak with patients, however, not every solution is HIPAA compliant.  Those in healthcare who want to send direct, hassle-free communication to their patients (including PHI) should consider using a HIPAA compliant email solution, like Paubox Email Suite Our solution ensures that 100% of the emails you send are secure, but with the added benefit of making the experience seamless. As soon as the product is configured, all outbound emails will be encrypted.  Paubox Email Suite integrates with your existing email platform (like Google Workspace or Microsoft 365 ), so you won’t have to worry about changing your email workflow to use it.
 
Try Paubox Email Suite for FREE today.
Start for free
Secure every email you send and receive HIPAA compliant. Threat-proof. Hassle-free.
Image of a workplace with an open laptop.

Creating a HIPAA compliant workplace environment

Picture of Tshedimoso Makhene Tshedimoso Makhene : April 24, 2025

“The HIPAA Privacy Rule establishes national standards to protect individuals' medical records and other individually identifiable health information...

HIPAA compliance
Read More
HIPAA text with notepad and stethoscope

FAQs: HIPAA covered entities

Picture of Liyanda Tembani Liyanda Tembani : February 13, 2024

Under HIPAA, covered entities include health plans, healthcare providers who electronically transmit health information, and healthcare...

HIPAA compliance
Read More
hand in cast being cared for

Do occupational health workers need to be HIPAA compliant?

Picture of Tshedimoso Makhene Tshedimoso Makhene : December 28, 2023

Occupational health workers must be HIPAA compliant when handling protected health information. HIPAA compliance ensures that occupational health...

HIPAA compliance
Read More

Subscribe to Paubox Weekly

Every Friday we bring you the most important news from Paubox. Our aim is to make you smarter, faster.