New and existing customers may opt-into our HIPAA-compliant service. All of our team members complete HIPAA training, and we have additional HIPAA security on site to help protect your information. After you’ve requested our HIPAA-compliant services, we’ll send you a Business Associate Agreement (BAA) to sign and keep for your records.

What are the differences between HIPAA-compliant and non-HIPAA-compliant Posh services?      
 

Receptionist Services

• Receptionist messages: Rather than sending your full messages via email or text, Posh will send you an email notification alerting you when you have a new message or voicemail. You will have access to the full messages and voicemails via our online portal at portal.posh.com and/or via our app (which can also provide push notifications). This allows the sensitive information collected from your callers to remain secure.
• In-app outbound call assist requests: For our HIPAA-compliant customers, instead of making the outbound call assist request through email, we provide you the ability to do so securely through the app. The confirmation messages from our team after the outbound call is complete are available in the call assist logs in the app and on portal.posh.com.
• Noncompliant Features:
  • The texting feature in the Posh mobile app is not encrypted end-to-end. If you use HIPAA-compliant Posh service you should not send Protected Health Information via text. However, you’re welcome to use the texting feature to send messages that don't contain PHI.
  • Our integrations with Clio Manage, Clio Grow, and Rocket Matter are not currently HIPAA compliant, and therefore not available for customers requesting HIPAA compliance.

Chat Services

• Email alerts of new chats: Rather than emailing or texting your full chat transcripts, Posh will send you an email notification alerting you about a new actionable chat (such as Actionable Support, Recruitment & Leads). You will have access to the full chat transcripts and activity via our online portal at portal.posh.com and/or via our app (which can also provide push notifications). This allows the sensitive information collected from your callers to remain secure.

Customer Support Services

• Communicating with Customer Happiness: Your support and success teams will limit the amount of receptionist message information they relay to you via email and text, to protect PHI. When assisting you with messages or transcripts, we will refer to them generally and cannot send over call or chat log reports that contain PHI. Please do not email or text PHI to Customer Happiness.

Are there any differences in what receptionists/chat specialists can gather for HIPAA customers?      

While we still cannot collect social security or credit card numbers, we can now collect personal information for HIPAA customers such as birthdate, driver’s license number, insurance policy number, etc.

What is a Business Associate Agreement (BAA)?      

A Business Associate Agreement is a legal document between and Covered Entity* (or business associate of a Covered Entity) and a Business Associate**, needed if there’s a chance that the Business Associate might receive access to Protected Health Information (PHI). This provides a record for both parties, as either may be asked to provide it. 

*A Covered Entity is a healthcare provider that transmits certain standard transactions in electronic form, a health insurance company, or a healthcare clearinghouse. 

**A Business Associate is a vendor or subcontractor of a Covered Entity who has access to PHI (Protected Health Information). Posh is a Business Associate to both Covered Entities and Business Associates of Covered Entities.

What are the communication requirements for HIPAA compliance?      

HIPAA requires that PHI be protected, both at rest and in transit. Traditional, unencrypted email, texts, and voicemails are not allowed. As part of our HIPAA-compliant program, Posh will only make messages, voicemail, chat transcripts, and other (non-marketing) communications available via the Posh app or via portal.posh.com.

Is there an extra charge to use Posh’s HIPAA-compliant service?      

There are no additional costs for customers who need HIPAA-compliant service. Regular charges apply.

How do I sign up for Posh’s HIPAA-compliant service?      

You’re welcome to opt-in by calling us at 833-400-7674.