Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

1 min read

Is ChatBot HIPAA compliant?

Hannah Trum December 03, 2020

Email cybersecurity
Is ChatBot HIPAA compliant?
Is-ChatBot-HIPAA-Compliant-Paubox Adding a live chat feature to your website can make it easy to communicate with patients. However, for those in healthcare who handle protected health information (PHI), your live chat option must be HIPAA compliant. Today let’s look at ChatBot for HIPAA compliance.

About ChatBot

ChatBot is an “all-in-one platform to build and launch conversational chatbots without coding.”  Features of ChatBot include ready-to-use templates, open API, metrics and reporting, and app integration (such as Facebook Messenger or LiveChat ).

 

ChatBot and business associate agreements

A covered entity and a business associate must sign a business associate agreement (BAA) to remain HIPAA compliant. We found no information about BAAs on ChatBot’s website.

 

ChatBot and PHI

PHI is considered any type of information that can identify a patient which is used during patient care. Keeping PHI safe from data breaches (intentional or accidental) is a key factor of HIPAA compliance.  ChatBot offers no information about PHI on its website.  The company does, however, collect personal information about its users. Per its privacy policy , personal information includes usernames, age, addresses, contact details, chat history, and credit card information.  ChatBot does allow authorized employees and third parties, such as contractors or partners, to access this information.

 

Conclusion

One of the key components of HIPAA compliance is an executed BAA. We found no information on ChatBot’s willingness to sign a BAA. Therefore ChatBot is not HIPAA compliant.  Covered entities who chose to use ChatBot as a live chat option on their websites must not use, send, or store any PHI on the platform.

 

Communicate directly with HIPAA compliant email

Live chat solutions can offer an easy way to speak with patients, however, not every solution is HIPAA compliant.  Those in healthcare who want to send direct, hassle-free communication to their patients (including PHI) should consider using a HIPAA compliant email solution, like Paubox Email Suite Our solution ensures that 100% of the emails you send are secure, but with the added benefit of making the experience seamless. As soon as the product is configured, all outbound emails will be encrypted.  Paubox Email Suite integrates with your existing email platform (like Google Workspace or Microsoft 365 ), so you won’t have to worry about changing your email workflow to use it.
 
Try Paubox Email Suite for FREE today.
Start for free

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.