Is Olark HIPAA compliant?

Featured image

Share this article

Olark-Company-Logo

Chatbots are taking over the Internet. Websites from every corner of the World Wide Web utilize these services every day. You might even hear that *pop* sound before you see an automated chatbot message appear. 

With their rise in popularity, it’s essential to know if a chatbot is HIPAA compliant before you add one to the services you provide your patients. 

Today we are going to determine if Olark is a safe option for healthcare providers to use.

About Olark

Olark is a cloud-based live chat solution that enables businesses to interact with customers through their own websites. 

Per its website, other features of Olark include analytics, automated messaging, custom chat forms, and integration “with your favorite platforms.” 

Olark and business associate agreements

A business associate agreement (BAA) is required for HIPAA compliance. It is a written contract between a covered entity and a business associate

Olark does not currently sign BAAs for customers. As stated on the company’s blog:


We believe that your coverage under our Terms of Service provides protection comparable with a reasonable BAA (business associate agreement), but do not have a process in place to sign them on a customer by customer basis at this time.


However, per the U.S. Department of Health and Human Services (HHS):


The Privacy Rule requires that a covered entity obtain satisfactory assurances from its business associate that the business associate will appropriately safeguard the protected health information it receives or creates on behalf of the covered entity. The satisfactory assurances must be in writing, whether in the form of a contract or other agreement between the covered entity and the business associate. 


In other words, a BAA is a requirement for HIPAA compliance so Olark’s above statements are not enough to ensure HIPAA compliance.

Protected health information and Olark

Protected health information (PHI) is any information that can identify a patient and is used during patient care. Protecting PHI is essential to maintain HIPAA compliance. 

Olark’s Terms of Service state: 


Olark will not be liable in any way to End Users, either directly or indirectly. As between Olark and you, you are responsible for ensuring that End Users do not communicate information in violation of law using the Service, and for advising them against transmitting sensitive information using the Service, including but not limited to health/medical information or personally identifiable information of minors.


PHI would be considered sensitive information. Since Olark accepts no responsibility to protect it, this is yet another reason healthcare providers should not partner with Olark.

Conclusion

Olark is not HIPAA compliant because it will not sign a BAA.

Reach your patients directly with Paubox Email Suite

Using Olark to communicate with your patients in a HIPAA compliant manner may not be possible, but you can send HIPAA compliant email directly to your patient’s inboxes with Paubox Email Suite

Paubox Email Suite helps ensure that 100% of the emails you send are secure in transit all the way to your recipient’s inbox, but with the added benefit of making the experience seamless. As soon as the product is configured, all outbound emails will be encrypted. 

Our product integrates with your existing email platform, (like Google Workspace or Microsoft 365), so you won’t have to worry about changing your email workflow to use it. 

If you’re looking for data loss prevention (DLP) or email archiving, don’t worry — Paubox Email Suite Premium has you covered. Our Premium service also includes inbound security features that block spam emails containing malware, ransomware, and more.

In addition, our patented ExecProtect feature offers protection from display email spoofing emails

For a full description of all our service levels, click here.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Hannah Trum

Read more by Hannah Trum

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022