The Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) protect the privacy and security of patients’ medical information, known as protected health information (PHI), in the United States. Healthcare organizations must follow HIPAA’s Privacy and Security Rules for handling PHI, and can work with business associates that also protect PHI.
At Plivo, we understand the importance of securing PHI. For eligible customers, Plivo can sign a HIPAA business associate agreement (BAA) as part of our Enterprise package. The BAA contractually obligates us to properly safeguard PHI in alignment with HIPAA standards.
Plivo has renewed our HIPAA compliance for 2023, reaffirming our commitment to healthcare customers. HIPAA compliance is also covered in our latest SOC 2 Type 2 audit report.
Plivo implements various controls to keep data secure, including:
- Encryption of data in transit and at rest using strong protocols like AES-256
- Access controls and personnel policies to protect systems handling PHI
- Redaction of PHI details from logs and audits
- Independent third-party auditors routinely verify our HIPAA compliance controls.
However, HIPAA compliance is a shared responsibility between Plivo and our customers. While we provide the compliant platform and infrastructure, customers must also use Plivo in a compliant manner, including:
- Securing their Plivo account credentials
- Ensuring PHI is only accessed in secure environments
- Making sure their application instructions to Plivo align with HIPAA rules
For healthcare organizations that need to comply with HIPAA and HITECH, Plivo provides the capabilities and assurances to securely build communication workflows. Contact our sales team to learn more about HIPAA compliance with Plivo.
