The Health Insurance Portability and Accountability Act (HIPAA) is a United States law governing data security and privacy for entities handling protected health information (PHI).
Twilio SMS is a HIPAA-eligible product, and Twilio can sign a Business Associate Addendum (BAA) with covered entities and business associates for SMS.
Please note, however, that MMS media messaging is not HIPAA eligible. Customers who sign a BAA with Twilio for HIPAA compliant messaging use cases should refrain from sending outbound MMS. If you have signed a BAA with Twilio for a HIPAA-compliant SMS use case, Twilio will disable inbound MMS on your Twilio account to help ensure compliance.
If you observe that inbound MMS from users in the US/Canada are not reaching your Twilio account, and your use case involves health and human services, please first verify whether you have previously signed a BAA with Twilio for HIPAA compliance.
If you have not yet signed a BAA with Twilio, and you believe your use case is governed by the Health Insurance Portability and Accountability Act (HIPAA), please reach out to our Sales team to get more information and inquire about signing a BAA.