HIPAA Compliance

Crystal Field Updated by Crystal Field

Many medical, dental, and wellness practices (e.g., chiropractors, masseuses, and therapists) use Smith.ai's Virtual Receptionists for running a more efficient practice or business.

We have had a few people ask us for HIPAA compliance over the years. The short answer is "not yet, but that might not be a dealbreaker for you." The longer answer is that HIPAA compliance is more than just the answering service itself. To be HIPAA compliant, you will no longer be able to get SMS or Email summaries. Retrieving your call summaries will require logging in to a secure portal or custom "app" to see your information, arguably employing a passcode for access every time (not staying logged in to it). It also means that our support team will no longer be able to field your support issues, as exposing call summaries to them would violate HIPAA. 

The only reason a virtual receptionist service needs to be HIPAA-compliant is if they process and store PHI, as a Business Associate of a Covered Entity.

Name and DOB do not constitute PHI, only PII. But, if paired with a proprietary ID, then you risk a HIPAA violation. As we are not HIPAA-compliant, that then becomes the responsibility of the client to determine what information we can take for a client. For many of the firms we represent, that includes:

  • Name & Contact Information
  • Appointment times and type of consultation if relevant
  • DOB if relevant
  • Last 4 of SSN

But it excludes

  • Insurance (which would constitute a unique ID)
  • Payment/Billing for provided medical services (which would constitute a unique ID)
  • Entire SSN

What we have recommended for clients is to have our team proceed with the basic contact info intake, and to either automate (we can do this for an additional fee) or have your team send them a form for the full intake information that they fill out on their computer. For example, we take the call from a new prospective client, and tell the caller to please check their email and fill out a form in which they'll put the more detailed info we can't ask for on the call. The bright side of this is that it keeps call costs down, as well.

We've used these resources to guide our answers in the past:

How did we do?