Why Olark isn't HIPAA compliant
HIPAA (the Health Insurance Portability and Accountability Act of 1996) created guidelines for protecting the confidentiality and security of healthcare information and patient records in the US, among other things.
The short answer is that no, Olark is not currently HIPAA compliant.
The slightly longer answer is that it’s not something we’re against providing.
The most complete answer is that while your chats are secure to the fullest degree, Olark does not currently undergo HIPAA-compliance auditing, and thus we are ineligible to say we meet their requirements. HIPAA compliance requires private and regulated network and transmission security. Olark uses cloud servers, and more in depth details about data use and transmission can be found in sections 11 and 12 of our Request for Olark
We believe that your coverage under our Terms of Service provides protection comparable with a reasonable BAA (business associate agreement), but do not have a process in place to sign them on a customer by customer basis at this time.
Does this mean that you’ll never have the opportunity to have Olark in your HIPAA-compliant workplace? No way! Up to this point, our focus has been providing the greatest and most secure tool for as many of our users as possible, to the exclusion of the particular oversight of this particular regulatory body.
Olark features tend to be built around customer requests. We want to make you as happy as possible, so the higher the number of people who ask us for something, the more likely we are to build it. If you’d like to use a HIPAA-compliant Olark at your company, send an email to firstname.lastname@example.org and let us know that you’d like your company to be added to the feature request 798.
It is also worth noting that HIPAA covers PHI communications. PHI is communication between a doctor and a patient. It is a medical record created by a doctor or nurse or healthcare provider, or a medical billing record, created by a healthcare provider. You need to comply with HIPAA if the communication is created by a healthcare provider, or it is a conversation between a healthcare provider and a patient.