Overview

HIPAA compliance on Twilio is a shared responsibility — Twilio provides eligible services and configuration tools, but your application must architect correctly. Getting this wrong means PHI exposure and compliance violations.

Sequence: Execute BAA → Designate HIPAA Project(s) → Use only eligible services → Follow per-product requirements

Step 1: Execute a BAA

Contact your Twilio Account Representative to execute a Business Associate Addendum
Purchase a Twilio Editions package that includes HIPAA Accounts
BAA is required before any PHI touches Twilio infrastructure

Step 2: Designate HIPAA Project(s)

Self-Service (BAA initiated after June 6, 2024)

Installs

Repository

twilio/ai

GitHub Stars

First Seen

May 8, 2026

Security Audits

Gen Agent Trust HubPass

SocketPass

SnykPass