Intercom is a customer messaging platform built for B2B SaaS companies. It handles chat, email, and in-app messaging at scale — with strong automation, routing, and analytics features. Some healthcare organizations use Intercom for patient-facing communication: chat widgets on clinic websites, pre-visit intake messaging, and patient support queues. The compliance requirements for that use case are specific and must be met before patient information enters any Intercom conversation.
The BAA Problem
Intercom offers HIPAA compliance coverage for Business plan customers with an executed BAA. This coverage is not available on Starter or other lower-tier plans.
A clinic that deploys Intercom’s chat widget on its website, handles appointment inquiries through the Intercom inbox, or sends any message that includes a patient’s name alongside health information must be on the Business plan with a BAA in place before those conversations begin.
Per HHS, a business associate agreement must precede PHI handling. An Intercom conversation that begins with “Hi, I have a question about my prescription refill” potentially contains PHI the moment the patient identifies themselves. Without a BAA covering that conversation, the clinic is out of compliance regardless of how careful the staff member is in responding.
This is a plan-tier problem for clinics on Intercom Starter. It is not a fundamental problem with Intercom as a platform — at the Business plan with a BAA, patient-facing messaging through Intercom is a defensible architecture for covered entities that have evaluated the system carefully.
The deeper question is whether Intercom — a platform designed for B2B SaaS customer support at scale — is the right architecture for a small clinic’s patient communication needs. Per-seat pricing, complex automation features, and a feature set built for software companies with thousands of end users may be more than a 10-provider practice needs.
What PHIGuard Covers That Intercom Does Not
PHIGuard is not a patient communication platform. It is an internal clinical compliance operations platform. These tools do not compete — they serve different parts of the clinic’s operational picture.
What PHIGuard handles:
- Internal compliance task management — the operational work behind the front desk, not patient-facing communication
- Incident response workflows — what happens when something goes wrong with patient data handling, including what to document, who to notify, and what the timeline requirements are
- Policy management and acknowledgment cycles — tracking that staff have reviewed HIPAA policies on the required schedule
- Workforce training records — documentation that training occurred, when, and who completed it
- BAA vendor tracking — a register of all business associate agreements, including Intercom’s if the clinic uses it
- A signed BAA at every pricing tier, covering PHIGuard’s own platform
A clinic can run Intercom for patient-facing messaging and PHIGuard for internal compliance operations simultaneously. These are complementary tools, not competitors.
Pricing Comparison
| Intercom | PHIGuard | |
|---|---|---|
| BAA included | Business plan only | Yes, at every tier |
| HIPAA on entry plans | No | Yes |
| Pricing model | Per seat/month | Per clinic/month |
| Patient-facing messaging | Yes | No |
| Internal compliance operations | No | Yes |
| HIPAA audit trail | No | Yes, built-in |
Intercom Business plan pricing is per seat per month — contact Intercom for current rates. PHIGuard’s Essentials plan is $99/month per clinic. PHIGuard covers the internal compliance program; Intercom (at the right tier) covers patient communication.
Who Should Use PHIGuard Instead of Intercom
PHIGuard is not a replacement for Intercom’s patient-facing messaging function. If your clinic needs chat and messaging for patient communication, Intercom at the Business plan with a BAA is one viable option — evaluate it carefully with legal or compliance counsel before deployment.
PHIGuard replaces the tools clinics use by default for internal compliance operations: the shared spreadsheet for risk analysis, the email thread for incident response, the manual training log, and the folder of unsigned BAA templates. Those records belong in one covered compliance platform.
If your clinic has evaluated Intercom and adopted it for patient communication, PHIGuard handles the operational compliance layer on the practice side. Together, they cover the two distinct compliance surfaces a clinic needs to manage: patient-facing communication and internal compliance program management.
What PHIGuard replaces specifically is the improvised compliance infrastructure — the tools that were never built for this work, pressed into service because no better option was in budget. PHIGuard is in budget. Essentials at $99/month covers the full practice.