# Is LimeCall HIPAA Compliant? **Is LimeCall HIPAA Compliant?** Yes we are! Let's take a look. **What is HIPAA?** If you're here, chances are you're familiar with HIPAA. HIPAA stands for Health Insurance Portability and Accountability Act, a federal law establishing national standards to safeguard sensitive patient health information from unauthorized disclosure. **Is SMS a HIPAA-compliant channel?** SMS isn't inherently secure as a channel because messages can be unencrypted and exchanged on personal devices. However, it's possible to use SMS in a HIPAA-compliant manner. Healthcare providers must ensure patients give consent for SMS communication and utilize a business solution with appropriate security measures to safeguard PHI (Personal Health Information). **How do we protect PHI?** LimeCall stores all PHI in a secure HIPAA-compliant cloud environment and adheres to standard encryption protocols to safeguard your data at every step. **How to get started?** 1. Have a conversation with a LimeCall representative to discuss our platform and your business requirements. 2. Select the best plan for your business needs. 3. Review and complete our Business Associate Agreement (BAA). 4. Set up user permissions, auto-responses, and patient consent opt-in. 5. Go live! **What are the costs?** The cost for HIPAA Compliant messaging varies based on several factors. Please contact your LimeCall representative or reach out to sales at 415-214-8977 for further discussion. **Is MMS (multimedia) messaging covered?** Yes! MMS or multimedia messaging is eligible for HIPAA compliance. Outbound MMS sent by customers who sign a BAA with LimeCall for HIPAA compliant use cases will be covered. **Is Live Chat HIPAA compliant?** Yes, you can utilize our website widget for SMS or Live Chat conversations with your patients. **Is WhatsApp HIPAA compliant?** No, WhatsApp, a subsidiary of Facebook, doesn't sign BAAs, and LimeCall's integration for WhatsApp can't be used with a HIPAA compliant use-case currently. **Is the LimeCall API HIPAA compliant?** Yes, the LimeCall API allows your team to programmatically send messages and manage contact information, including ePHI, securely. However, integrating the LimeCall API into third-party services or using webhook features to send information to third-party services will require a BAA with all involved vendors and careful handling of ePHI. **Note**: The above isn't official legal advice from LimeCall. We recommend consulting legal counsel when setting up SMS communications at your practice. **Questions? Contact or text us at +1 (415) 430-9601.** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.limecall.com/managers-handbook/register-for-a2p/is-limecall-hipaa-compliant.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.