Compliance
- A2P: Verify Your Business
  - Register for A2P
  - A Complete Guide to A2P 10DLC
  - Vetting Score FAQs
  - Use Case Actions
  - Use Case Changes
- Policies & Best Practices
  - Avochato Messaging Policies
  - Compliance Requirements
  - Is Avochato HIPAA Compliant?
  - TCPA and CTIA Compliance
  - Best Practices for Texting
  - Carrier Filtering
  - Double Opt-in
  - Forbidden SMS and MMS Categories in US and Canada
Using Avochato
- Team Management
  - Adding Team Members and Managers
  - Do all users share a login and password?
  - Office Hours Based On Agent Availability
  - Skill Routing via Tags
- Inbox Management
  - Inbox Management
  - Auto-Assignment
  - Filters & Sort
  - Auto-Close Conversations
  - Unaddressed Conversations
  - Office Hours
  - Embedding Custom Variables
  - Configure Notifications
  - Avochato Mobile App
  - MMS Supported File Types
- Contacts
  - How to Add Contacts?
  - Why are my Contacts not Uploading?
  - Contact Actions
  - Search Contacts
  - Export Contacts from Avochato
  - Custom Fields
  - Tags
  - Pre-Assigning Users to Contacts
- Broadcasting
  - Learn More About Broadcasts
  - Understanding Broadcasts
  - Creating Broadcasts
  - Draft A Broadcast Message
  - Select A Broadcast Audience
  - Review A Broadcast
- Automation
  - How to setup AvoAI
  - How to use AvoAI Agent Assist
  - How to edit AvoAI User Permissions
  - How to Use Surveys
  - Campaigns
  - Templates
  - How to use Keyword Auto-Responses
  - Send Image in Auto-Responses
  - Overview of Automated Responses
  - Auto-responses
  - Rekindling
  - AvoLinks (Avochato Link Manager)
  - Send Two Factor Authentication Codes (2FA) with Avochato
- Calls
  - Phone Calls
  - Voicemail
  - Call Forwarding
  - Improve Call Quality
  - Can my number only receive texts, not calls?
- Chat Widget
  - What is AvoChat?
  - Website Widget
  - Website Widget - Advanced Settings
  - Live Chat Dashboard and Reporting
- Analytics
  - Analytics Overview
  - Logs
  - Error Codes
  - Collecting Ticket Dispositions: Post-Conversation Surveys
  - Email Transcript
Administrative
- Organization Management
  - Manage Organization
  - Adding a New Account and Inbox
  - Seats and Users
  - Bulk Actions
  - Microsoft Entra ID/ Azure Active Directory SSO
- Phone Numbers
  - Types of Phone Numbers
  - Hosting vs Porting Phone Numbers
  - Toll Free Number Verification
  - Short Codes
  - Can I use international numbers in Avochato?
  - Messaging Service
- Billing
  - Billing Portal
  - Account Balance and Segments
  - Adding More Segments & Billing Management
API & Integrations
- Integrations
  - API and Webhooks
  - Does Avochato Integrate with other Software?
  - Zapier Integration
  - Slack Integration
  - Hubspot Integration
  - Google Sheet Integration
  - Shopify Integration
  - WhatsApp Integration
  - ChatGPT Integration
  - Lasso Integration
Avochato for Salesforce
- Introduction and Overview
  - Hello to Avochato for Salesforce
  - Avochato for Salesforce - Overview
  - Avochato for Salesforce - Quickstart Guide
- Getting Started & Onboarding
  - Avochato for Salesforce - Installation & Onboarding
  - Avochato for Salesforce - Avochato Setup Tab
  - Importing Salesforce Contacts in Avochato
  - Avochato for Marketing Cloud - Quickstart Guide
- Data Sync
  - Setup Avochato Data Sync and Avochato API Credentials for Salesforce
  - Avochato for Salesforce - Data Syncing & Custom Object Support
  - List View Syncing to Avochato Contacts
  - Avochato for Salesforce – Field Syncing
  - Text-to-Case: Avochato’s Service Cloud Integration
  - Creating Case Dispositions in Salesforce
  - Syncing Pre-Chat Data to Salesforce Cases
  - Connect Multiple Inboxes to the Salesforce Data Sync
  - Avochato Activity Data Syncing to Salesforce
- Automation & Pro Code Options
  - Avochato API Callouts via Apex Code
  - Contact Data Sync to Avochato via Process Builder
  - Salesforce to Avochato Contact Sync using Flow builder
  - Using Add and Remove Tag Flow actions
- Power Features
  - List View Broadcasting
  - Avo4SF MCO - Messages Custom Object Package
  - Avochato Broadcasts from Salesforce Campaigns
  - AI Conversation Summaries Salesforce Sync
- Tips & Tricks
  - Using Salesforce Merge Field data within Avochato messages
  - Hiding the Avo4SF component for non-Avochato Users
  - Setup List View Broadcasting from Any Salesforce Object
- FAQs & Troubleshooting
  - Avochato for Salesforce - Main FAQs
  - Login issues on the AppExchange
  - Purchasing additional Avochato for Salesforce seats
  - Salesforce Data Synchronization
  - Avochato API Credentials Data Table
  - Grant Login Access to Avochato for Salesforce
More

Is Avochato HIPAA Compliant?

Yes! Click here to learn more about HIPAA and PHI.

Last updated on October 17, 2023

The short answer is, YES! Read on to learn about all of the specifics.

What is HIPAA?

If you are reading this, you likely are familiar with HIPAA. HIPAA stands for Health Insurance Portability and Accountability Act, and is a federal law that sets national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.

Is SMS a HIPAA-compliant channel?

SMS is not inherently secure as a channel, because messages can be unencrypted and exchanged on personal devices.

However, there are ways to use SMS in a HIPAA-compliant manner. To do so, healthcare providers need to a) make sure patients give consent to use SMS as a communication channel and b) use a business solution that has the right security guardrails in place to protect PHI (Personal Health Information).

How do we protect PHI?

Avochato stores all PHI in a secure HIPAA-compliant cloud environment and we follow standard encryption protocol to protect your data every step of the way.

How to get started?

Have a conversation with an Avochato representative to go over our platform and your business requirements

Pick the best plan for your business needs

Review and complete our Business Associate Agreement (BAA)

Set up user permissions, auto-responses, and patient consent opt-in

Go live!

What are the costs?

The cost for HIPAA Compliant messaging depends on many factors. Please reach out to your Avochato representative or contact sales at 415-214-8977 to discuss further.

Is MMS (pictures, media, etc.) messages covered?

Yes! MMS or multimedia messaging is HIPAA eligible. Outbound MMS sent by customers who sign a BAA with Avochato for HIPAA compliant use cases will be covered.

Is Live Chat HIPAA compliant?

Yes, you can use our website widget to have SMS or Live Chat conversations with your patients.

Is WhatsApp HIPAA compliant?

No, WhatsApp, a subsidiary of Facebook, does not sign BAAs and the Avochato for WhatsApp integration cannot be used with a HIPAA compliant use-case at this time.

Is the Avochato API HIPAA compliant?

Yes. The Avochato API allows your team to programmatically send Avochato messages, as well as manage contact information including ePHI securely.

In order to securely use the Avochato API, you must make API requests using HTTPS to https://www.avochato.com, and you must protect the security of the responses and any logs or copies of responses of privileged data you receive via the Avochato API.

However, optionally integrating the Avochato API into third party services (such as Zapier) or using our webhook features to securely send information to third-party services will require a BAA with any vendors involved, and will require diligence to limit the ePHI transmitted to any third-parties using the principle of least privilege.

Note: the above is not official legal advice from Avochato. We recommend consulting with legal counsel when setting up SMS communications at your practice.

Our 2023 HIPAA report is available upon request. Please contact help@avochato.com or text us at (415) 214-8977 for a copy.

Did this answer your question?

😞

😐

🤩

Compliance Requirements TCPA and CTIA Compliance