A live chat solution can help healthcare providers engage with patients in a quick, direct manner. However, it is important for covered entities to choose a HIPAA compliant option.
Today we’ll explore SmartBot360 for HIPAA compliance.
SmartBot360 is a chatbot service that offers customizable workflows and “healthcare templates” for “small offices or enterprise healthcare websites.”
The solution integrates with various programs, including Google products, HubSpot, Salesforce, and Facebook Messenger.
SmartBot360 and business associate agreements
To remain HIPAA compliant, a covered entity and a business associate must sign a business associate agreement (BAA).
Despite boasting itself as HIPAA compliant, SmartBot360’s website makes no mention of BAAs. We reached out to the company to inquire about a BAA but did not receive an answer.
The company’s website states, “HIPAA privacy and security has been built into the platform from day one and not as an afterthought. We have developed proprietary techniques to balance security with frictionless patient experience.” However, SmartBot360 shares no extra information about what these privacy and security measures are.
Additionally, the company states that it will not share individual information with any third party outside the chatbot owner. It also does not sell user data.
SmartBot360 and protected health information
Keeping protected health information (PHI) safe is an integral part of HIPAA compliance. PHI is considered any information that can identify a patient and is used during patient care.
A crucial part of maintaining HIPAA compliance is an executed BAA. We found no information on SmartBot360’s willingness to sign a BAA.
We reached out to SmartBot360’s customer support team to inquire about BAAs but did not receive a reply.
However, the company boasts its HIPAA compliance and healthcare clients on its website.
Therefore, it is inconclusive if SmartBot360 is HIPAA compliant.
Worry-free communication with HIPAA compliant email
It is possible to use SmartBot360 regardless of its HIPAA compliance status, but covered entities must make sure not to send or receive PHI via this solution unless there is an executed BAA.
Another direct communication line healthcare providers should consider is a HIPAA compliant email solution, like Paubox Email Suite.
With our product, outbound emails encrypt by default. You send from your existing email platform (such as Microsoft 365 and Google Workspace). Paubox Email Suite requires no change in your email behavior. Leave the patient portals and logins behind.