Kipu CRM’s SMS feature is powered by your own Twilio tenant, and HIPAA compliance depends entirely on how that Twilio account is configured. While Twilio can be HIPAA compliant, you must have a Business Associate Agreement (BAA) with Twilio—and, if you contract with Twilio directly, you must purchase their HIPAA/BAA add-on for SMS if you plan to send PHI. Without this add-on, SMS messages are not considered HIPAA compliant. Kipu provides the secure CRM environment and integration, but each client is responsible for making their Twilio tenant HIPAA compliant.
For more information on Twilio and HIPPA compliance click here.