Important: HIPAApropriateness reviews, including their summaries, are for informational purposes only. They are neither consultation nor legal advice. Be aware that while we do our best to be thorough and complete, information may be missing or possibly even inaccurate. Products also change quickly, and the review may become out of date. By continuing to read, you agree to use the information in HIPAApropriateness reviews and their summaries at your own risk.

Vital Stats

HIPAA compliance with this product appears possible?: No.
Recommend for your HIPAA risk management needs?: No.

What Is This Product?

Grasshopper is a second-line phone service that allows you to separate your business and personal texts and calls while carrying just one phone.

Like GoDaddy’s SmartLine and Sideline, Grasshopper is unlike GoogleVoice and does not use VoIP (Voice over Internet Protocol) and instead uses the cellular network. Just as with SmartLine and Sideline, those of you who have seen our article on VoIP might be thinking Grasshopper could be an option for your second line needs, one that does not require a BAA, since Grasshopper uses the cellular network. Unfortunately, Grasshopper is not a HIPAA secure option; even though they do not use VoIP and use the cellular network for call and SMS transmission, it is a cloud service (operative word being cloud) and Grasshopper is handling and storing data — including PHI — which means there is a business associate relationship in place; but Grasshopper does not offer, and will not execute, a BAA. They also do not qualify for the conduit exception (which is extremely rare.) For more details on HIPAA business associates (and how this applies to all cloud services) please see Roy’s article,  “What is a HIPAA Business Associate?” For an explanation of HIPAA-security and ethics considerations pertaining to second-line phone service, please check out our “CE for OH” session, “How to Make Ethical & HIPAA Compliant Decisions for Internet Phone & Secure Email in Your Practice” (access to this course, and all CE for OH courses, is included in membership.)

Fortunately, Grasshopper is explicit about the fact that they are not HIPAA-secure: “At this time, Grasshopper is not HIPAA compliant.

In order to assist our customers with any technical issues they are experiencing, our support team must have access to the account settings and information. This includes messages that may pass through the Grasshopper system, like text messages, faxes, and voicemails.

By having access to such content, we are able to help when troubleshooting is required. Conclusively, we cannot sign a Business Associate Agreements (BAA).”

We appreciate that Grasshopper is upfront and accurate about what they can and cannot provide.

To view some HIPAA-secure VoIP/second-line options that can meet your second line needs, please check out our HIPAApropriateness reviews by clicking here and look for the “HIPAA Compliance Possible: YES” listings.