Skip to main content

HIPAA Compliance

Learn more about Envoy and HIPAA compliance.

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a US law that governs how protected health information (PHI), including electronic medical information, is used, stored, and shared. It applies to HIPAA-covered entities, such as healthcare providers and health plans, and to the Business Associates that handle PHI on their behalf. Read our terms and conditions for more details.

Envoy and HIPAA

Under HIPAA, a provider that handles PHI on a customer's behalf acts as that customer's Business Associate, and a signed Business Associate Agreement (BAA) is what establishes each party's responsibilities for protecting that information. HIPAA compliance therefore depends on having a BAA in place.

If your organization is a HIPAA-covered entity or Business Associate and you're evaluating Envoy for use cases that may involve PHI, contact your Envoy account team to discuss your requirements.

Employee health information

Health information collected from employees at organizations that are not HIPAA-covered entities or Business Associates generally isn't regulated by HIPAA.

How does Envoy store data?

Your data is yours. All of your visitor data is stored indefinitely while you’re an Envoy customer. We only delete or purge data upon explicit request.

If you choose to end your subscription, Envoy will maintain your data for 30 days after cancellation and will thereafter delete or destroy your data. For more information on this part of our policy, see our Terms of Service.

Responses to Health and Safety employee screening questions will be transmitted over secure channels to Envoy’s servers for processing and removed no more than 24 hours later—we do not retain employee responses to the screening questions unless the Global admin uses our Managing response options feature to specifically retain certain answers. See more here.


Did this answer your question?