Lately we've been discussing in the office whether certain cloud-based solutions are HIPAA compliant or not. Intercom is popular customer messaging platform. We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.
In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:
- Amazon CloudFront
- Apple iCloud
- Citrix ShareFile
- Google Calendar
- Google Docs
- Google Drive
- Google Forms
- Google Hangouts
- Google Voice
- Microsoft 365
The purpose of this post is to determine if Intercom offers HIPAA compliance or not.
SEE ALSO: HIPAA Breaches and Cloud Providers
Intercom is a US-based software company that makes a customer messaging platform. The company allows software businesses to chat with prospective and existing customers within their app, on their website, through social media, or via email.
Intercom and the Business Associate Agreement
We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance to ensure security and privacy. We checked the Intercom site and quickly found what we were looking for on their Terms and Conditions page. In it, Intercom points out: No Sensitive Personal Information. Customer specifically agrees not to use the Services to collect, store, process or transmit any Sensitive Personal Information. Customer acknowledges that Intercom is not a Business Associate or subcontractor (as those terms are defined in HIPAA) or a payment card processor and that the Services are neither HIPAA nor PCI DSS compliant. Intercom will have no liability under this Agreement for Sensitive Personal Information, notwithstanding anything to the contrary herein.
Does Intercom Offer HIPAA Compliant Service?
The Business Associate Agreement is a key component to HIPAA compliance between a Covered Entity and a Business Associate. Since Intercom specifically states in their Terms and Conditions that they do not offer a BAA nor do they allow customers to store PHI in their platform, we conclude it is not a HIPAA compliant service.
Conclusion: Intercom is not HIPAA Compliant.