WhatConverts and HIPAA

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a US federal law that sets national standards for the protection of sensitive patient health information. It requires healthcare providers and their business associates to implement safeguards to ensure the confidentiality, integrity, and availability of PHI.

Our Commitment to HIPAA
WhatConverts enables organizations to leverage our powerful lead tracking and analytics platform while adhering to HIPAA regulations. We have implemented measures to support your compliance efforts, including:

Business Associate Agreements (BAAs): We offer Business Associate Agreements (BAAs) to our customers, establishing our responsibilities as a business associate in protecting PHI. Contact us to execute a Business Associate Agreement (BAA).
Data Security: We maintain robust security measures to protect PHI from unauthorized access, use, or disclosure, including encryption at rest and in transit.
Access Controls: We implement strict access controls to limit PHI access to authorized personnel only.

Who should enable HIPAA compliance?

Any WhatConverts account where PHI (Private Health Information) is disclosed needs to be HIPAA enabled.

How does a HIPAA enabled account differ from a regular account?

We have applied restrictions and controls to the account to ensure that only people authorized can access PHI. In addition, all actions of users that have access to a HIPAA account are logged. Here are some of the controls and restrictions we apply:

All data is encrypted at rest and in transit.
Webhooks to unsecured URLs are disabled to prevent unauthorized distribution of PHI.
When accessing potential PHI in leads or call recordings the user's information is logged along with what data was accessed.
Email notifications have potential PHI removed.
Users are automatically logged out after 15 minutes of inactivity.

How do I enable HIPAA compliance for my account?

There are two things you need to enable for your HIPAA compliance:

Complete our BAA request form
Enable HIPAA on your account’s profile

To enable HIPAA compliance for your WhatConverts account’s profile, please follow these steps:

Ensure you have a Pro plan or higher. HIPAA features are only available on these plans. You can upgrade your plan within your account settings.

Complete our BAA request form. To initiate the process, please contact us to provide us with the following information:

Your Full Company Name
Privacy Officer's First Name
Privacy Officer's Last Name
Privacy Officer's Email Address

Sign the BAA. Once we receive your information, we'll generate a Business Associate Agreement (BAA) and send it to you for electronic signature.

Enable HIPAA in your account. After the BAA is signed, you can enable HIPAA compliance within your WhatConverts account settings.

Attention Agencies:

To comply with HIPAA when handling client data, you must establish individual BAAs with your clients. This is handled directly between you and your clients, not through our services.

To locate the HIPAA settings in your WhatConverts account’s profile:

Log in to your WhatConverts account.
Look at the navigation bar on the left-hand side of your screen.
Click on "Control Center".
In the Control Center, you'll see a section for "Profile".
Click on "HIPAA" to access the HIPAA settings.
Locate the toggle switch. You'll see a slider labeled "Enable HIPAA."
Click the slider. Click on the slider to toggle it to the "On" position. The slider will change color to indicate that the setting is enabled.