HIPAA Compliance

Last updated: October 24, 2025

Akol offers HIPAA-compliant services for healthcare organizations. This page describes our HIPAA compliance program and available features.

Healthcare Compliance Available

HIPAA compliance features are available on our Business and Enterprise plans. Contact our sales team to enable HIPAA mode for your account.

Our HIPAA Program

Business Associate Agreement (BAA)

Required for all healthcare customers

We sign Business Associate Agreements with all healthcare customers. Our BAA covers:

Permitted uses and disclosures of PHI

Required safeguards

Breach notification procedures

Subcontractor requirements

Termination and data return/destruction

Administrative Safeguards

Designated Privacy and Security Officers

Documented policies and procedures

Workforce training on HIPAA requirements

Risk assessments and management

Incident response procedures

Regular policy reviews

Physical Safeguards

Secure data centers with 24/7 monitoring

Biometric and badge access controls

Environmental controls (fire, flood, temperature)

Secure workstation and device policies

Media disposal procedures

Technical Safeguards

End-to-end encryption (AES-256)

Encryption at rest and in transit

Unique user identification

Automatic session timeouts

Audit logging and monitoring

Emergency access procedures

HIPAA Features in Akol

Call Recording & Storage

Encrypted storage of all call recordings
Configurable retention periods
Secure deletion procedures
Access logging for all recording access

Transcription

HIPAA-compliant transcription engine
No human review of transcripts
Encrypted transcript storage
Automatic PHI detection (optional masking)

Access Controls

Role-based access control (RBAC)
Multi-factor authentication required
Session timeout enforcement
IP allowlisting available
Single Sign-On (SSO) support

Audit Logging

Comprehensive audit trails
Login/logout tracking
Recording access logs
Configuration change logging
Exportable audit reports

Shared Responsibility

HIPAA compliance is a shared responsibility. While we provide HIPAA-compliant infrastructure and controls, you are responsible for:

Configuring your account appropriately

Training your staff on HIPAA requirements

Implementing appropriate policies

Managing user access and permissions

Responding to patient requests regarding their PHI

Reporting any suspected breaches

HIPAA Mode Configuration

When HIPAA mode is enabled on your account:

Enhanced encryption

Required

Longer audit log retention

Required

MFA required for all users

Required

Additional access controls

Required

Dedicated infrastructure option

Optional

BAA is required

Required

Incident Response

In the event of a security incident potentially affecting PHI:

1We will notify you within 24 hours of discovery

2We will provide details of the incident and affected data

3We will work with you on breach assessment

4We will assist with regulatory notifications as required

5We will implement remediation measures

Certifications & Audits

SOC 2 Type II

Certified

Annual third-party security assessments

Complete

Regular penetration testing

Ongoing

Vulnerability scanning

Continuous

Getting Started with HIPAA

To enable HIPAA compliance for your account:

1Contact our sales team at [email protected]

2Upgrade to Business or Enterprise plan

3Sign our Business Associate Agreement

4Complete HIPAA configuration checklist

5Enable HIPAA mode on your account

Questions?

For questions about our HIPAA compliance program, please contact:

Security

[email protected]

Sales

[email protected]

Phone

+1 (888) 555-CALL

Legal Documents & Policies

Our HIPAA Program

Business Associate Agreement (BAA)

Administrative Safeguards

Physical Safeguards

Technical Safeguards

HIPAA Features in Akol

Call Recording & Storage

Transcription

Access Controls

Audit Logging

Shared Responsibility

HIPAA Mode Configuration

Incident Response

Certifications & Audits

Getting Started with HIPAA

Questions?