What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) is a set of industry-wide standards to safeguard protected health information (PHI) and electronic protected health information (ePHI). Customers must be able to trust that their health data is being handled securely and their digital privacy respected.
Intercom has successfully completed a HIPAA attestation examination, which means we help our customers fulfill their ePHI obligations by storing and processing data in a manner consistent with HIPAA standards. This examination was performed by an independent Certified Public Accountant firm, who reviewed our HIPAA policies, procedures, and controls against the HIPAA Security Rule and HITECH Breach Notification Rule requirements.
Note: Intercom is not itself seeking to become HIPAA compliant β rather, we help our customers remain HIPAA compliant when using our software. Intercom becomes a Business Associate of eligible customers via a BAA.
What is a BAA?
A Business Associate Agreement (BAA) is a written arrangement that specifies both Intercom's and our customers' responsibilities when it comes to ePHI. All customers with HIPAA obligations (typically those in the healthcare industry) are required to execute a BAA with Intercom if they wish to send ePHI data to Intercom.
Important: Without a signed BAA, transmitting ePHI through Intercom is strictly prohibited, as outlined in Intercom's terms of service.
Who is eligible for a BAA?
To access a BAA, customers must meet both of the following criteria:
They are a Covered Entity or a Business Associate
They are subscribed to an eligible pricing plan
All Fin workspaces are eligible for a BAA.
How to sign a BAA
To enter into a BAA, reach out to our support team via the Messenger or email us at team@fin.ai.
FAQs
Is Intercom HIPAA compliant?
Is Intercom HIPAA compliant?
Intercom has completed a HIPAA attestation examination and stores and processes data in a manner consistent with HIPAA standards. We help eligible customers fulfill their HIPAA obligations through a signed BAA β we do not claim HIPAA compliance as an end state for Intercom itself.
What other certifications does Intercom hold?
What other certifications does Intercom hold?
Our HIPAA attestation is one of four frameworks in Intercom's security assurance program. We are also ISO 27001, ISO 27701, and ISO 27018 certified, and SOC 2 Type II compliant.
Can I use my own BAA template?
Can I use my own BAA template?
Intercom has its own BAA template. If you'd prefer to use your own paper, this requires review by Intercom's Legal team before signing. Edits to Intercom's BAA template are only considered for customers meeting a minimum spend threshold.
Need more help? Get support from our Community Forum
Find answers and get help from Intercom Support and Community Experts