What is Included in our HIPAA Compliance Add-On

Overview #

The HIPAA Compliance Add-On is designed for healthcare providers that want to use Xtreme Automator® for workflows where PHI may be stored or communicated (intake, client messaging, notes, emails, attachments, etc.).

This add-on is used when Xtreme Automator® is acting beyond simple PHI-free marketing and may contain protected information.

What data types are included #

When the HIPAA Compliance Add-On is enabled, it covers all objects that can store PHI, including:

• Contacts
• Notes
• Custom Fields
• SMS/MMS
• Voice recordings
• Email bodies & attachments
• Form/survey submissions
• Calendars
• Invoices

In short: everything the account has (anything inside the platform that could store PHI).

What the add-on provides: #

While each account setup can vary, HIPAA-ready use generally includes:

• HIPAA safeguards for ePHI (electronic PHI)

• BAA execution (Business Associate Agreement)

• Audit-ready controls (accountability and traceability)

• MFA/secure access policy support (to reduce unauthorized access)

• Operational configuration for PHI workflows (so sensitive info stays protected within the platform)

Important: HIPAA compliance is not a “badge” or a one-time switch. It depends on correct configuration and ongoing operational discipline (who has access, what gets stored, and how staff use the system).

What this add-on does NOT mean #

It does NOT automatically replace an EHR/patient portal #

Most practices keep their EHR/portal for:

• Clinical documentation and charting

• Treatment records and specialized workflows

• Long-term medical record retention features

Xtreme Automator® can support secure workflows (messaging, intake routing, scheduling, billing communications), but replacing an EHR requires a feature-by-feature evaluation.

It does NOT eliminate the need for practice policies #

The provider still needs internal HIPAA procedures, such as:

• Staff access rules

• Minimum-necessary data handling

• A process for handling sensitive messages

• Secure device and password hygiene

When you should enable the HIPAA add-on #

Enable it if the practice wants to do any of the following inside Xtreme Automator®:

• Two-way texting with patients/clients

• Intake forms that collect health details

• Notes about client needs

• Emails that may include PHI or attachments

• Scheduling/reminders tied to treatment context

• Storing invoices tied to care services where PHI could be inferred

If the practice only wants PHI-free lead gen, the add-on may not be needed (see the “2 Ways to Handle HIPAA” article).

What's your Reaction?

You have reacted on"What is Included in our HIPAA Compliance Add-On"


A few seconds ago