New and existing customers may opt-into our HIPAA-compliant service. All of our team members complete HIPAA training, and we have additional HIPAA security on site to help protect your information. After you’ve requested our HIPAA-compliant services, we’ll send you a Business Associate Agreement (BAA) to sign and keep for your records.

Table of Contents:

• What are the differences between HIPAA-compliant and non-HIPAA-compliant Ruby services?
• Are there any differences in what receptionists/chat specialists can gather for HIPAA customers?
• What is a Business Associate Agreement (BAA)?
• What are the communication requirements for HIPAA compliance?
• Is there an extra charge to use Ruby’s HIPAA-compliant service?
• How do I sign up for Ruby’s HIPAA-compliant service?

What are the differences between HIPAA-compliant and non-HIPAA-compliant Ruby services?      
Receptionist Services

• Receptionist messages: Rather than sending your full messages via email or text, Ruby will send you a notification alerting you when you have a new message or voicemail. You will have access to the full messages and voicemails via our online portal at my.call-ruby.com and/or via our app (which can also provide push notifications). This allows the sensitive information collected from your callers to remain secure.
• In-app/portal outbound call assist requests: For our HIPAA-compliant customers, you have the ability to securely request an assist through the app or online portal. The confirmation messages from our team after the outbound call is complete are available in the call assist logs in the app and on my.call-ruby.com.
• Noncompliant Features:
  • The texting feature in the Ruby mobile app is not encrypted end-to-end. If you use HIPAA-compliant Ruby service you should not send Protected Health Information via text. However, you’re welcome to use the texting feature to send messages that don't contain PHI.
  • Our integrations with Clio Manage, Clio Grow, MyCase, and Rocket Matter are not currently HIPAA compliant, and therefore not available for customers requesting HIPAA compliance.

Chat Services

• Email alerts of new chats: Rather than emailing or texting your full chat transcripts, Ruby will send you an email notification alerting you about a new actionable chat (such as Actionable Support, Recruitment & Leads). You will have access to the full chat transcripts and activity via our online portal at my.call-ruby.com and/or via our app (which can also provide push notifications). This allows the sensitive information collected from your callers to remain secure.

Customer Support Services

• Communicating with Customer Happiness: Your support and success teams will limit the amount of receptionist message information they relay to you via email and text, to protect PHI. When assisting you with messages or transcripts, we will refer to them generally and cannot send over call or chat log reports that contain PHI. Please do not email or text PHI to Customer Happiness.

Are there any differences in what receptionists/chat specialists can gather for HIPAA customers?      
While we still cannot collect social security or credit card numbers, we can now collect personal information for HIPAA customers such as birthdate, driver’s license number, insurance policy number, etc.

What is a Business Associate Agreement (BAA)?      
A Business Associate Agreement is a legal document between and Covered Entity* (or business associate of a Covered Entity) and a Business Associate**, needed if there’s a chance that the Business Associate might receive access to Protected Health Information (PHI). This provides a record for both parties, as either may be asked to provide it. 

*A Covered Entity is a healthcare provider that transmits certain standard transactions in electronic form, a health insurance company, or a healthcare clearinghouse. 

**A Business Associate is a vendor or subcontractor of a Covered Entity who has access to PHI (Protected Health Information). Ruby is a Business Associate to both Covered Entities and Business Associates of Covered Entities.

What are the communication requirements for HIPAA compliance?      
HIPAA requires that PHI be protected, both at rest and in transit. Traditional, unencrypted email, texts, and voicemails are not allowed. As part of our HIPAA-compliant program, Ruby will only make messages, voicemail, chat transcripts, and other (non-marketing) communications available via the Ruby app or via my.call-ruby.com.

Is there an extra charge to use Ruby’s HIPAA-compliant service?      
There are no additional costs for customers who need HIPAA-compliant service. Regular charges apply.

How do I sign up for Ruby’s HIPAA-compliant service?      
You’re welcome to opt-in by reaching out to the Customer Happiness team or calling us at 866-611-7829.