We’re pleased to announce that Plivo has renewed its HIPAA compliance for 2024, reaffirming our commitment to security for healthcare customers. Our latest SOC 2 Type 2 audit report also covers HIPAA compliance.
The Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) protect the privacy and security of patients' medical information, known as protected health information (PHI). Healthcare organizations in the US must follow HIPAA's Privacy and Security Rules for handling PHI and must work with business associates that also protect PHI.
At Plivo, we understand the importance of securing PHI. For eligible customers, Plivo can sign a HIPAA business associate agreement (BAA) as part of our Enterprise package. The BAA contractually obligates us to properly safeguard PHI in alignment with HIPAA standards.
Our Commitment to Security
Plivo implements various data security controls, including:
- Encryption: Data in transit and at rest is encrypted using strong protocols like AES-256.
- Access controls: Strict access controls and personnel policies protect systems handling PHI.
- Data redaction: PHI details are redacted from logs and audits.
- Independent verification: Independent third-party auditors routinely verify our HIPAA compliance controls.
Security is a Shared Responsibility
However, HIPAA compliance is a shared responsibility between Plivo and our customers. While we provide the compliant platform and infrastructure, customers must also use Plivo in a way that follows HIPAA guidelines, including:
- Securing their Plivo account credentials
- Ensuring PHI is only accessed in secure environments
- Making sure their application instructions to Plivo align with HIPAA rules
For healthcare organizations that need to comply with HIPAA and HITECH, Plivo provides the capabilities and assurances to securely build communication workflows. Contact our sales team to learn more about HIPAA compliance with Plivo.
.png)
