Twilio is a popular direct marketing tool that allows users to send text messages and emails, automate phone calls, and build videos. But as a healthcare organization, you must consider a software provider’s HIPAA compliance before using the tool. Is Twilio HIPAA compliant? The answer is discussed below.
Is Twilio HIPAA Compliant: Security Measures
To determine whether or not a software platform is HIPAA compliant, it is important to assess the security features that the platform offers. These features must ensure the confidentiality, integrity, and availability of protected health information (PHI).
Twilio lists the following security measures on their website:
Encrypted Communication. Twilio supports encryption to secure patient information, requiring customers to use HTTPS when building workflows and when making requests to Twilio.
HTTP Authentication. HTTP Basic and Digest Authentication allowing costumes to password protect their TwiML URLs.
Signed Webhook Requests. This authenticates that requests to your web application are coming from Twilio rather than a malicious entity.
Static Proxy. Routes SMS TwiML requests, Voice, and Taskrouter webhooks through a VPN for increased security.
Public Key Client Validation. Is a means of user authentication that verifies that users are who they appear to be.
Is Twilio HIPAA Compliant: Business Associate Agreements
Even if a software platform is secure, it is not considered HIPAA compliant if the software provider is unwilling or unable to sign a business associate agreement (BAA). Up until recently, Twilio was not HIPAA compliant for this reason. They have since changed their stance and are now willing to sign a BAA with their healthcare clients which they refer to as a “Business Associate Addendum.”
For more information on Twilio’s BAA, please click here.
However, not all Twilio products are covered by their BAA. The products currently covered under Twilio’s BAA include Runtime Tools, Programmable Voice and SIP, Programmable Video, Programmable SMS, Programmable Chat, Twilio Conversations, and Identity Services.
To stay updated on which Twilio products are covered under their BAA, please click here.
Is Twilio HIPAA Compliant?
Is Twilio HIPAA compliant? Yes, but only the products covered under their BAA, and when used in a HIPAA compliant manner.
For more information on using Twilio in a HIPAA compliant manner, please click here.
