Important: HIPAApropriateness reviews, including their summaries, are for informational purposes only. They are neither consultation nor legal advice. Be aware that while we do our best to be thorough and complete, information may be missing or possibly even inaccurate. Products also change quickly, and the review may become out of date. By continuing to read, you agree to use the information in HIPAApropriateness reviews and their summaries at your own risk.

Vital Stats

HIPAA compliance with this product appears possible?: Yes.
Recommend for your HIPAA risk management needs?: Yes.
# of Caveats: 0 view caveats→
# of Usage Notes: 9 view notes→

Relevant Product Characteristics

  • This product is designed specifically with mental/behavioral health professionals in mind.
  • The leadership or management behind this product includes at least one mental/behavioral health professional. In addition, at least one technical leader or manager has an extensive background serving the health care industry.

What Is This Product?

iPlum is a second mobile line product for business. iPlum offers dual mode reliability meaning you can use your carrier’s PSTN calling network, Wi-Fi, or data for calls. Users can port their existing number or receive a new number through iPlum. iPlum offers traditional SMS texting as well as secure messaging through the iPlum app for both Apple and Android devices.

iPlum is compatible on both iOS and Android smartphones and tablets.

Updated 2021, messages from iPlum support below in Notes section.



Our Impressions

iPlum contacted us to provide our members with a review of their product. We were immediately impressed with their company culture. iPlum seeks to educate their users on how to best use their product in a HIPAA secure way. We extended software consultation services to iPlum in response to a few tweaks we saw needed fixing before giving iPlum the green light. iPlum not only made all the proper changes to their software they added specific language for their users who work in health care explaining HIPAA security and compliance and did all of this in an extremely timely manner. This company definitely makes us feel warm and fuzzy!


Caveats are criticsms of the company or product that we feel are relevant to your risk management or other important considerations.



Notes cover points where the product can’t ensure compliance or ethical action for you. These help you know what your part of the compliance puzzle looks like when using this product. A high note count usually correlates with a feature-rich product, and not necessarily with a product that has problems.

1) Be sure to request, sign, and submit your BAA

iPlum does not automatically execute a Business Associate Agreement with you. In order to agree to the BAA, you must request one as part of the new account creation process. You will need to sign it and submit it. You can request this from your assigned customer service representative. The BAA does apply to the free trial period, once executed.

2) Caller ID and Contacts

Updated 2021: From iPlum
“iPlum app has a separate address book for business contacts.  The contacts in the business address book are encrypted in the iPlum app and not merged or saved with your personal contacts.  The iPlum apps on Android, iPhones, and iPads will ask to be granted access to your contacts.  iPlum doesn’t save your personal contacts but the access to address book is required for correct caller-id management.”

The iPlum apps on Android, iPhones, and iPads will ask to be granted access to your contacts, but it is not required. There isn’t anything wrong with granting access, but it means that clients who use your iPlum number to contact you will appear as their full name if you have them stored as a contact. This means that you may want to be mindful of who might be able to see your phone or notifications, and what clients’ names are in your phone.

It’s always important to also be sure your phone is hardened. For a how-to checklist for hardening practice devices, take our CE Course, How to Protect Clients and Comply with HIPAA’s Device Security Standards in One Afternoon. Our Device Security Instruction Center has step-by-step tutorials on how to secure smartphones, computers, and tablets for proper use within your practice.

3) Set voicemail notification settings

To assure PHI is not transmitted through non-secure email set your voicemail settings to suppress PHI when receiving an email notification indicating you have a new voicemail OR depending on your preferences, turn off receiving voicemail notifications all together.

To do this login to your iPlum account || Select Voicemail || Select the iPlum number you would like to edit the settings for || Select Settings || Toggle off “receive email alert for new voicemail” OR select “Suppress calling number in email alerts for privacy and security compliance.”

4) Activate Text Log Feature

If you use iPlum for SMS texting, assure you have activated the feature “Texting Archive.” This allows you to comply with keeping client information readily available. Make sure you have completed an informed consent form with each client who wishes to SMS text with you before participating in nonsecure communication.

To do this login to your iPlum account || Select “Usage Log and Text Archive” || Select “Text Archive Settings” || Enable the Text Archive Plan

If you do not wish to use SMS texting check out our review of Signal here and how you can use iPlum in conjuncture with Signal.

5) Get Consent to Record Calls

If for some reason you need or want to record calls with your clients, which iPlum can do, be sure you obtain their consent and are doing so in accordance with your state’s laws. Also, be aware that the recording function plays a beep sound every 10 seconds or so that only the other party can hear.

6) Be aware of data usage

Updated 2021: From iPlum

“iPlum provides both Voice Network mode and Data mode for calling.  Voice network mode uses carrier voice network.  Data mode first uses wi-fi and if wi-fi is not available switches to carrier data.  If you have unlimited calling plan on your mobile phone (which most carriers provide), we advise to use Voice network mode which ensures you get best call quality at all times. It also ensures you are not using data for your calls.”

iPlum, is a second line provider. This means that your iPlum number uses your carrier’s PTSN network, WiFi calling or data. When you are using data to send and receive calls – making or taking a phone call with iPlum outside of your home or office – anywhere you don’t have a WiFi connection – you’ll be using data against your cellphone plan’s data plan limit. This won’t be a lot of data, but it could potentially cost some money if you have a low data plan and weren’t expecting it.

7) Request iPlum turn off SMS texting feature

Update from iPlum, 2021:

SMS texting is a nonsecure method of communication. It is up to you to determine if you would like to accept the risk of using SMS texting with clients. If your practice doesn’t use texting, you can disable it in the iPlum portal under Text options.

Please refer to iPlum’s BAA for more information on how they address their responsibly to you as a user regarding SMS texting.

8) Secure messaging through iPlum

Update from iPlum, 2021:

iPlum has a secure messaging portal through the iPlum app. It is free for your clients. Your clients will have to download the iPlum app in order to use the secure messaging feature with you. Secure messaging works for both Apple and Android devices.

9) Secure Fax

From iPlum, 2021

iPlum provides HIPAA compliant secure fax using online portal.  You will create a sub-account and get a fax number in it.  If you have multiple providers in your practice, you can use the same fax number.  You don’t have to buy multiple fax subscriptions.


Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss