Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

Is CometChat HIPAA compliant?

Is CometChat HIPAA compliant?

CometChat is a communication platform that offers APIs and SDKs to enable real-time chat, voice and video calls, and interactive features within websites and applications.

It serves various communication needs, from social networking and e-commerce to healthcare services. More specifically, CometChat offers adaptable solutions for smooth user interactions, while meeting healthcare data protection requirements.


Is CometChat HIPAA compliant? 

Yes, based on our research, CometChat can be HIPAA compliant with the proper configurations and agreements in place.


Will CometChat sign a business associate agreement (BAA)?

Yes, CometChat will sign a business associate agreement, which can be reviewed here.


What does the CometChat BAA cover?

According to their terms of service “If Subscriber is subject to HIPAA and providing or processing any PHI in connection with the Services that CometChat has designed to be, and identified as, a HIPAA compliant Service in the Documentation or Exhibit A, then prior to accessing or using such Services,  Customer must notify CometChat in writing thereof and enter into a Business Associate Agreement (“BAA”).”

Their BAA covers:

  • Subscriber requirements under HIPAA
  • Handling protected health information (PHI)
  • Designated HIPAA compliant services
  • Mandatory notifications


What does the CometChat BAA exclude?

The CometChat Business Associate Agreement (BAA) specifies limitations regarding coverage. Firstly, it does not extend to the application's end-use or potential misuse by customers beyond the intended functionalities outlined by CometChat. This means that any misuse or unintended use of the application falls outside the scope of the BAA. 

Secondly, while the BAA ensures compliance within CometChat's provided services, it does not cover the mishandling of Protected Health Information (PHI) that occurs outside of these designated services. 

Their terms state: "Unless expressly noted otherwise, Services not listed on Exhibit A, are not designed to be HIPAA compliant and will not be subject to any HIPAA or BAA related obligations."

So, subscribers must exercise caution when managing PHI to maintain HIPAA compliance beyond CometChat's platform.



CometChat signs a BAA andwith the proper use and configurations, can be HIPAA compliant.

Learn more: HIPAA compliant email API 



What is a business associate agreement?

A business associate agreement (BAA) is a legally binding contract that establishes a partnership between a HIPAA-covered entity and a business associate. This contract is essential for ensuring that PHI is handled securely and in compliance with HIPAA regulations.


What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that creates national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge.


Who does HIPAA apply to?

HIPAA applies to covered entities such as healthcare providers, health plan providers, and healthcare clearinghouses. It also applies to business associates, which are service providers that perform activities involving the use or disclosure of PHI on behalf of, or provides services to, a covered entity.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.