Is LimeCall HIPAA Compliant?

Yes we are! Let's take a look.

What is HIPAA?

If you're here, chances are you're familiar with HIPAA. HIPAA stands for Health Insurance Portability and Accountability Act, a federal law establishing national standards to safeguard sensitive patient health information from unauthorized disclosure.

Is SMS a HIPAA-compliant channel?

SMS isn't inherently secure as a channel because messages can be unencrypted and exchanged on personal devices. However, it's possible to use SMS in a HIPAA-compliant manner. Healthcare providers must ensure patients give consent for SMS communication and utilize a business solution with appropriate security measures to safeguard PHI (Personal Health Information).

How do we protect PHI?

LimeCall stores all PHI in a secure HIPAA-compliant cloud environment and adheres to standard encryption protocols to safeguard your data at every step.

How to get started?

1. Have a conversation with a LimeCall representative to discuss our platform and your business requirements.

2. Select the best plan for your business needs.

3. Review and complete our Business Associate Agreement (BAA).

4. Set up user permissions, auto-responses, and patient consent opt-in.

5. Go live!

What are the costs?

The cost for HIPAA Compliant messaging varies based on several factors. Please contact your LimeCall representative or reach out to sales at 415-214-8977 for further discussion.

Is MMS (multimedia) messaging covered?

Yes! MMS or multimedia messaging is eligible for HIPAA compliance. Outbound MMS sent by customers who sign a BAA with LimeCall for HIPAA compliant use cases will be covered.

Is Live Chat HIPAA compliant?

Yes, you can utilize our website widget for SMS or Live Chat conversations with your patients.

Is WhatsApp HIPAA compliant?

No, WhatsApp, a subsidiary of Facebook, doesn't sign BAAs, and LimeCall's integration for WhatsApp can't be used with a HIPAA compliant use-case currently.

Is the LimeCall API HIPAA compliant?

Yes, the LimeCall API allows your team to programmatically send messages and manage contact information, including ePHI, securely. However, integrating the LimeCall API into third-party services or using webhook features to send information to third-party services will require a BAA with all involved vendors and careful handling of ePHI.

Note: The above isn't official legal advice from LimeCall. We recommend consulting legal counsel when setting up SMS communications at your practice.

Questions? Contact support@limecall.com or text us at +1 (415) 430-9601.