Twilio and HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) was signed into law in 1996 as part of a larger healthcare reform in the US. Part of the legislation is aimed at providing security and data privacy protections around access, use, and disclosure of protected health information (PHI). HIPAA covers any organizations that meet the definition of “covered entities” or “business associates.”

Twilio’s Commitment to Data Privacy and Security

HIPAA is another milestone for Twilio in elevating our data privacy and security to meet the needs of our HIPAA compliant customers. Twilio is committed to providing a platform trusted by customers and patients.

Twilio as a Business Associate

Under HIPAA, companies that use a service provider to process PHI on their behalf must put in place a business associate agreement with that service provider. Accordingly, customers that are subject to HIPAA and intend to utilize Twilio’s products and services to develop communication workflows containing PHI must execute a Business Associate Addendum (BAA) to Twilio’s Terms of Service. Twilio’s BAA has been developed taking into account the specific products and services that Twilio offers and considers HIPAA compliance as a shared responsibility between the customer and Twilio. To learn more about how to build a HIPAA compliant workflow using Twilio’s offerings, please refer to Architecting for HIPAA on Twilio.

Frequently Asked Questions