.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
Is Smartsheet HIPAA compliant? (2026 update)
Smartsheet is a collaborative work management and project tracking platform that enables organizations to manage workflows, automate processes, and...
2 min read
A live chat solution can help healthcare providers engage with patients in a quick, direct manner. However, it is important for covered entities to choose a HIPAA compliant option. Today we’ll explore SmartBot360 for HIPAA compliance.
About SmartBox360
SmartBot360 is a chatbot service that offers customizable workflows and “healthcare templates” for “small offices or enterprise healthcare websites.” The solution integrates with various programs, including Google products , HubSpot , Salesforce , and Facebook Messenger .SmartBot360 and business associate agreements
To remain HIPAA compliant, a covered entity and a business associate must sign a business associate agreement (BAA). Despite boasting itself as HIPAA compliant, SmartBot360’s website makes no mention of BAAs. We reached out to the company to inquire about a BAA but did not receive an answer. The company’s website states, “HIPAA privacy and security has been built into the platform from day one and not as an afterthought. We have developed proprietary techniques to balance security with frictionless patient experience.” However, SmartBot360 shares no extra information about what these privacy and security measures are. Additionally, the company states that it will not share individual information with any third party outside the chatbot owner. It also does not sell user data.Free Whitepaper "Top Five Barriers to Secure Email Communication and How to Overcome Them"
SmartBot360 and protected health information
Keeping protected health information (PHI) safe is an integral part of HIPAA compliance. PHI is considered any information that can identify a patient and is used during patient care. While SmartBot360’s website makes no mention specifically of PHI, its Privacy Policy does state, “Wherever we collect sensitive information, that information is encrypted and transmitted to us in a secure way.”Conclusion
A crucial part of maintaining HIPAA compliance is an executed BAA. We found no information on SmartBot360’s willingness to sign a BAA. We reached out to SmartBot360’s customer support team to inquire about BAAs but did not receive a reply. However, the company boasts its HIPAA compliance and healthcare clients on its website. Therefore, it is inconclusive if SmartBot360 is HIPAA compliant.Worry-free communication with HIPAA compliant email
It is possible to use SmartBot360 regardless of its HIPAA compliance status, but covered entities must make sure not to send or receive PHI via this solution unless there is an executed BAA. Another direct communication line healthcare providers should consider is a HIPAA compliant email solution, like Paubox Email Suite . With our product, outbound emails encrypt by default. You send from your existing email platform (such as Microsoft 365 and Google Workspace ). Paubox Email Suite requires no change in your email behavior. Leave the patient portals and logins behind .
Does HIPAA apply to small health plans?
Kirsten Peremore : September 26, 2023
While small health plans have some exemptions and reduced regulatory burdens under HIPAA compared to larger health plans, core provisions still...
HIPAA breaches in 2024: What the numbers say about small providers
Lilly Ohno : May 6, 2025
This analysis presents a data-driven examination of HIPAA breach reports filed with the OCR, covering both resolved and unresolved cases from 2024....