Spiro and HIPAA

Spiro in the Healthcare Industry

Many companies use Spiro to effectively manage relationships in the healthcare industry. We have many customers in the healthcare industry, such as insurers, pharmaceutical companies, or medical device manufacturers.

Often when we talk to healthcare companies, they ask about Spiro and HIPAA compliance.
HIPAA, the Health Insurance Portability and Accountability Act, was enacted by the US Congress in 1996 to protect health information in the healthcare industry.

Spiro is ideal for managing sales information about healthcare companies and organizations. But Spiro users should also be mindful of HIPAA regulations. These rules cover the use of health data of a specific individual, for example a patient. In HIPAA terms, such information is Protected Health Information, or PHI. PHI may include specific names, social security numbers, addresses, as well as health data such as diagnoses, vitals signs, prescriptions, reimbursement codes, or care plans. Use of this type of specific data, or PHI, is not supported by Spiro. Under HIPAA, Spiro Technologies, Inc. is not an official Business Associate.

How to Maintain HIPAA Compliance with Spiro

Our healthcare customers can preserve their HIPAA compliance simply by ensuring that no PHI is entered into Spiro.

Since the intended use of Spiro is maintaining sales information about healthcare organizations, not patients, this should not be an issue. Non-PHI data in Spiro includes leads and opportunities, contacts, appointments, emails, financial data, product info, forecasting, etc. Normally, this kind of information does not contain health data on specific individuals, so does not invoke HIPAA rules.

While Spiro uses artificial intelligence to understand email communications between a healthcare organization and its prospects and customers, all PHI should be sent via encrypted email for a company to maintain HIPAA compliance. Spiro does not access encrypted emails and will not store, nor recognize PHI in encrypted emails.

If you have questions about the sensitivity of your sales data, please contact Spiro’s Customer Success Team.

Spiro’s Security Approach

Spiro is committed to providing exceptional security for ALL sales information. Our products rely on accepted, industry-standard technologies for managing risks. This includes encryption, network redundancy, malware protection, backup/restore procedures, etc. Core services are provided by world-class tech vendors such as Amazon Web Services (AWS). These protections cover the operation of our encrypted algorithms, as well as data structures created by you that reside in our secure hosting services.

Throughout our Spiro environment, we proactively monitor for disruptions, intrusions, and other security risks. You may easily manage access to your data with our authentication features that require unique IDs/ passwords. And finally, Spiro staff do not have routine access to your information, unless requested.

With these safeguards in place, you can be sure your information, and your customers’ information, is safe and secure.
Finally, please note that security is a shared responsibility. Our customers are responsible for ensuring proper use of security procedures recommended by Spiro. This includes password management so that provisioned accounts are responsibly assigned and maintained. Data saved by Clients on their own, local computer systems and devices remains a Client responsibility, as does the management of any printed material.


Many healthcare companies can benefit from Spiro's Proactive Relationship Management platform that helps their sales team reach more customers and helps sales leaders forecast their business more effectively.

Since Spiro was designed to help sell to businesses and organizations, it is not intended to host protected health information. Spiro’s healthcare customers should have no concerns about using our software and being compliant under HIPAA.