Subscribe
Subscribe to Email updates

Please use a valid email address.

SendBird's
Privacy Policy.
Search
SendBird announces HIPAA compliant in-app messaging
Share

SendBird announces HIPAA compliant in-app messaging

Jan 18, 2019

SendBird is proud to announce that its chat and messaging platform is now HIPAA compliant.

That means that Health Care Providers, including Telemedicine and virtual care providers, Health Plans, Health Care Clearing Houses, and Health Communities can send protected health information (PHI) and electronic PHI securely over the SendBird messaging platform using the SendBird SDK and API. You can read the release on Associated Press.

To achieve compliance, SendBird follows the Health and Human Services (HHS) guidance set out by HITECH in 2013. We’ve created the Organizational, Administrative, Technical, and Physical safeguards required to enable covered entities to protect PHI over in-app chat and messaging. And we’ve documented policies for reporting breaches, monitoring, assessing risk, and continuously improving our information management systems.

Talk to a chat expert about our in-app messaging solution for Healthcare.

Communication Platforms as a Service and HIPAA/HITECH 

Communication Platforms as a Service (CPaaS) are a natural fit for Healthcare companies, Telemedicine, virtual care providers, or other health providers because they allow patients to communicate with healthcare providers from the convenience of their mobile device - increasing patient access and, ultimately, improving health outcomes for patients.

Currently, there are two major ways that communications platforms transmit data to and from mobile devices:

  1. Traditional telephony networks
  2. Over-the-top (OTT) using internet protocol (IP)

IP Messaging and SMS - Are they both HIPAA compliant?

Currently SMS is one of the mainstays of the CPaaS category. But since SMS uses telephony networks and cannot be encrypted, SMS is not HIPAA compliant.

IP chat and messaging, on the other hand, can be encrypted in transit and in storage. It can, therefore, comply with both HIPAA and HITECH.

As a result of this division, CPaaS businesses tend to respond to requests for HIPAA along two lines: either (1) making recommendations to avoid passing PHI over unencrypted channels and, crucially, avoiding legal liability; or (2) proactively seeking HIPAA compliance.

Twilio, for example, uses traditional telephony for many of its products and requires that businesses seeking HIPAA compliance (1) not transmit any PHI along its unencrypted channels and (2) not consider Twilio a business associate.

HITECH defines a "business associate" as an entity that provides services, functions, or activities for a covered entity that requires access to PHI. So by claiming that they do not technically receive or store PHI, Twilio claims that they do not consider themselves a “business associate” of “covered entities.” In so arguing, they exclude themselves from any liability if a HIPAA violation occurs.

To more securely serve the Healthcare market, other CPaaS companies like SendBird, especially those that use IP, are proactively seeking HIPAA compliance. More and more, Healthcare companies require communications platforms to sign Business Associate Agreements (BAA) to commit their products to compliance with HIPAA and HITECH regulations.

As the mobile, on-demand, and virtual care industry continues to grow, more IP messaging companies are showing their commitment to privacy and security by complying with HIPAA

What does a HIPAA compliant SendBird mean for your Healthcare business or app?

To help you reach patients or those seeking health care with confidence, SendBird will sign a BAA as a commitment to the protection of your business’ ePHI and to compliance with HIPAA Privacy rules. This means, for example, that doctor-to-patient chat or a group discussion among specialists can remain secure, encrypted and HIPAA compliant.

2018 closed out a strong year for SendBird privacy. In addition to working for HIPAA compliance we also achieved compliance with GDPR and ISO27001 certification. We’re targeting SOC2 compliance for early this year.

We're Hiring!
Help SendBird build the world's no. 1 messaging platform
We're Hiring!
Help SendBird build the world's no. 1 messaging platform
Related articles
SendBird Ranks No. 38 on Y Combinator Top Companies List
Y Combinator has updated its list of the top 100 companies that began at the famed accelerator program. As a member of the Winter 2016 Y Combinator class, we’re proud to annou
MARK LEE
Vice President of Operations
Migrating chat made easy with Sync Server
Introduction Part of the challenge of migrating from one chat provider to another is not having a live migration solution ready. Building a live migration solution can be cost
ROMMEL SUNGA
Solutions Engineer
A letter to Layer’s customers
We at SendBird understand how hard development teams work to create great user experiences for their customers. It is often delicate for development teams to make decisions to
JOHN KIM
Chief Executive Officer
© SendBird 2019. All rights reserved.
Follow us