Give Your Business a Voice That Never Misses a CallTry it for free and get launch perks.
Click here to register
HIPAA Compliance
Chatley AI supports HIPAA-compliant deployments for healthcare customers, enabling secure handling of Protected Health Information (PHI) through our certified infrastructure and configuration controls.
HIPAA Compliance Overview
The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient data. Chatley AI supports HIPAA-compliant deployments for healthcare organizations by providing the appropriate infrastructure, configuration controls, and contractual protections required under HIPAA.
Our voice infrastructure runs on a SOC 2 Type II and HIPAA-certified platform. Healthcare customers who enable HIPAA mode and execute a Business Associate Agreement (BAA) with Chatley AI can deploy AI voice agents for patient-facing interactions in a HIPAA-compliant configuration.
Compliance Status
| Topic | Status | Notes |
|---|---|---|
| HIPAA mode | Required for PHI | Enable at the agent configuration level before processing PHI. |
| Business Associate Agreement (BAA) | Required | Execute with Chatley AI before any PHI is processed. |
| Voice infrastructure | HIPAA-eligible | Underlying provider maintains HIPAA-aligned controls; your configuration must remain compliant. |
How HIPAA Compliance Works at Chatley AI
Chatley AI's HIPAA compliance is achieved through a combination of certified infrastructure and correct configuration. There are two requirements before any PHI is processed:
1. HIPAA Mode Enabled The HIPAA compliance flag must be enabled at the agent configuration level. This activates HIPAA-compliant handling in our underlying voice infrastructure. HIPAA mode is available on all plans.
2. Business Associate Agreement (BAA) Signed A BAA must be executed between Chatley AI and your organization before any PHI is processed. Chatley AI also maintains a BAA with our voice infrastructure provider, covering the underlying processing layer. Contact security@chatley.ai to request a BAA.
Security Safeguards
Administrative Safeguards
- Security management processes, workforce training, and access management aligned to HIPAA expectations
- Vendor oversight for infrastructure and subprocessors material to PHI handling
- Incident response and breach notification procedures
Physical Safeguards
- Data center and hosting controls operated by certified infrastructure providers
- Physical access restrictions and environmental protections at provider facilities
Technical Safeguards
- Encryption in transit and access controls for systems processing PHI, as configured
- Audit logging, monitoring, and secure configuration options for HIPAA mode
- Integrity and availability measures appropriate to the Services
PHI Data Protection
| Control area | Description |
|---|---|
| Minimum necessary | PHI is processed only as needed to deliver the features you enable and configure. |
| Access & transmission | Technical controls and secure channels are used in line with HIPAA mode and provider requirements. |
Business Associate Agreement (BAA)
What the BAA covers:
- Permitted and required uses and disclosures of PHI by Chatley AI as a business associate
- Safeguards Chatley AI applies to PHI and subprocessors relevant to the Services
- Reporting, access, amendment, and accounting obligations where applicable
- Return or destruction of PHI at termination, subject to legal retention needs
To request a BAA: Contact security@chatley.ai with your organization name and the name of your authorized signatory. We will route you to our legal team.
Breach Notification
In the event of a potential PHI breach:
| Step | Summary |
|---|---|
| Assessment | We investigate to determine whether a breach of unsecured PHI occurred and the scope of impact. |
| Notification | Where required, affected individuals and regulators are notified in accordance with HIPAA timelines and your BAA. |
Ongoing Compliance
- Periodic risk assessments and updates to administrative, physical, and technical safeguards
- Vendor and subprocessor review as our posture or integrations evolve
- Documentation and training for personnel with access to systems supporting the Services
Contact
For questions about our HIPAA compliance posture or to request a Business Associate Agreement:
Email: security@chatley.ai
Chatley AI, Inc. 252 NW 29th St Miami, FL 33127
Important: HIPAA compliance for your Chatley AI deployment requires both enabling HIPAA mode at the agent configuration level and executing a BAA with Chatley AI. Deploying agents that may handle PHI without both of these steps in place is not a HIPAA-compliant configuration. If you are unsure whether your deployment requires HIPAA compliance, consult your legal counsel.