HIPAA Compliance
Last updated: March 25, 2026
Our Commitment
Conversably is committed to maintaining compliance with the Health Insurance Portability and Accountability Act (HIPAA). We understand the sensitivity of protected health information (PHI) and implement rigorous safeguards to ensure its security and confidentiality.
Business Associate Agreements
We enter into Business Associate Agreements (BAAs) with covered entities and business associates as required by HIPAA. If you are a covered entity and require a BAA, please contact our compliance team.
Technical Safeguards
Conversably employs industry-standard technical safeguards including end-to-end encryption in transit and at rest, access controls, audit logging, and automatic session timeouts to protect PHI from unauthorized access.
Administrative Safeguards
Our team undergoes regular HIPAA training. We maintain comprehensive policies and procedures governing the use and disclosure of PHI, and conduct periodic risk assessments to identify and mitigate potential vulnerabilities.
Physical Safeguards
Our infrastructure is hosted in HIPAA-eligible data centers with strict physical access controls, environmental protections, and redundant systems to ensure availability and integrity of PHI.
Breach Notification
In the event of a breach involving PHI, Conversably will notify affected parties in accordance with HIPAA Breach Notification Rule requirements, including timely notification to covered entities and, where required, to the U.S. Department of Health and Human Services.
Contact Our Compliance Team
For questions about our HIPAA compliance program or to request a BAA, please reach out to compliance@conversably.ai.