How to get a BAA with Quo:
Not using Quo yet? contact our team to learn how Quo can support your healthcare business and help you stay HIPAA compliant.
If youāre an existing Quo customer and need to request a Business Associate Agreement (BAA), reach out to us at [email protected]Ā
š„ Using Quo in a HIPAA-compliant way
This article provides general guidance on how to use Quo in a way that supports HIPAA compliance. It explains how HIPAA applies to calls, voicemails, transcripts, and SMS communication, as well as how Quo helps your organization meet security best practices like session timeouts and access control. Note: This article is for general guidance only and does **not constitute legal advice. **Quo provides HIPAA-supporting features once your Business Associate Agreement (BAA) is signed. How you use these features must comply with HIPAA requirements and your organizationās internal policies. Always follow your organizationās policies and consult your compliance team or legal counsel for guidance on consent procedures and message content to ensure you remain HIPAA compliant.
āļø Messaging Compliance: HIPAA + Carrier Rules
To use SMS with patients, they must provide consent to receive non-secure messages and can withdraw that consent at any time. We recommend consulting your organizationās compliance team or legal counsel to determine how to obtain and document patient consent in accordance with HIPAA guidelines. Even with a signed BAA, SMS messages must also comply with A2P 10DLC carrier regulations in the US and Canada. These rules are designed to prevent spam and protect patients.Be aware that A2P carrier regulations prohibit messages related to prescription drugs or offers for medications that cannot be sold over the counter in the US or Canada ā even if sent by licensed professionals.
- Avoid promotional or prescription-drug content. Carriers block messages that advertise or mention controlled substances.
- Prescription refill alerts are allowed for existing patients who have opted in to SMS communication. Keep messages general and avoid mentioning sensitive details.
- Keep messages focused on coordination and care. Do not use SMS for advertising or solicitation.
š§ Call recording, voicemail, and transcripts/summaries
Quo supports use of HIPAA-compliant call recordings, voicemails, and transcripts once your BAA is signed. These features can be used to record, store, or review patient communications in accordance with your organizationās HIPAA policies. To remain compliant, ensure that:- Recordings, voicemails, and transcripts are only accessible to authorized team members within your workspace.
- Patients are notified when a call is being recorded, as required by local, state, or federal law.
- You follow your organizationās internal retention and disclosure policies for any stored PHI, in addition to your local laws on call recording disclosures.
- As always, consult your compliance team or legal counsel to confirm how your organization should handle call recordings and transcripts to meet HIPAA and local notice requirements.