Release Notes Dec 18, 2020: New Guide Bot Email, Phone and Free Text Capture Options, Design Studio Logo Link

Hello SnapEngagers,

here are the last release notes of the year! The development team wishes everyone happy holidays and new year.

New Guide Bot Info Capture Options

We have added new data capture capabilities to the Guide Bot.

It now is also able to capture the following formatted and free-form information:

Email address

Using the Email prompt step type will prompt a text field to appear where the visitor can enter an email address. This will attach the email address to the chat or a label.

Phone number

Using the Phone prompt step type will display a text field to the visitor so they can enter a phone number. This is captured and associated with the chat. The number will be validated as long as the visitor enters a number between 4 and 20 integers.

Free-text responses

Using the Free text prompt step type allows website visitors to enter free text. This allows the visitor to respond freely to a prompt from the Guide Bot and supports all kinds of sales and customer service scenarios (such as leaving an offline message, inputting a question, etc).

New Guide Bot Templates

We have also added 2 new templates to help you get started with these new data collection types.

You can find additional information in this help document.


Other improvements

* Guide Bot & Answer Bot: Improved the UX for the offline message for the visitor. The input area is now hidden if the selected option is not available, so the visitor will not re-start the chat by mistake.

* Design Studio: It is now possible to add a link to your custom logo image.

This option can be found under Global Box Settings > Footer, and is available on Enterprise plans.

* We have added an agent mapping option to the Bot API. If you are using an integration that supports agent mapping, you can now map bot chats to a specific account in your integration.

* We have added the Analytics Bots and Labels section to the Permissions, so so a sub-admins access can be added or revoked

* Hub: Improved the recovery mechanism if the agent is on a flaky network, to avoid missed messages or chats.

* HIPAA Accounts: We have removed the “JavaScript Variables” section from the emails sent with the email integration for HIPAA clients, to avoid potentially exposing PHI in an unsecure channel. The information will still be available on the case behind the login.

Resolved Issues

* Design Studio: Resolved an issue where the high contrast pallets had some white on white text. Also resolved an issue where the Design Studio failed to save a setting to un-hide the online/offline chat button.

* Resolved an issue where the reactive prompt message was logged in the transcript for proactive chats.

* Resolved an issue where labels could be logged in the wrong widget, if an agent had two chats from two different widgets in their Hub at the same time.

Is SMS Texting HIPAA Compliant?

SMS texting makes it easy and convenient for physicians and healthcare staff to communicate. It also drives patient engagement and improves operational and administrative efficiencies. But how safe is it? Is SMS texting HIPAA compliant? 

HIPAA rules don’t explicitly mention SMS text messaging. But HIPAA Covered Entities (CE) and Business Associates (BA) must command technical control over any form of communication, such as email and messaging, involving electronic Protected Health Information (ePHI)  — and that includes SMS texting. 

For example, SMS texts are always in violation of HIPAA Rules if they contain any ePHI without the patient’s permission. Beyond that, SMS texting is not HIPAA compliant because it isn’t encrypted.


Healthcare organizations must maintain technical control 


ePHI that is transmitted outside of technical control, such as a firewall, has to be protected by encryption to NIST standards. Technical control must not only allow patients to access their ePHI, but must also ensure the confidentiality and integrity of the ePHI at all times.  

Device control can also be a problem. If a sender or receiver of an SMS text message containing ePHI loses their device, they lose technical control. And, of course, SMS texts can be accidentally sent to the wrong person.

HIPAA penalties are steep — $50k per violation per day, up to $1.5M per year. The only way for Covered Entities and Business Associates to take advantage of the benefits of SMS texting and avoid violating HIPAA rules is to adopt a secure text messaging solution.


Secure SMS text messaging solutions for HIPAA compliance


Secure text messaging solutions exist for healthcare organizations to facilitate HIPAA compliant SMS texting for physicians, nurses, staff, and patients. 

Secure text messaging solutions incorporate the technical controls necessary to ensure that ePHI remains safe from interception by unauthorized individuals during and after transmission.

Technical controls must include access, audit, integrity, and security controls to ensure HIPAA compliance.

  • Access controls monitor who can access what within an enclosed network by governing login credentials, role-based permissions, and messaging procedures. 
  • Audit controls record when ePHI is created, accessed, transmitted, changed, or deleted. 
  • Integrity controls protect ePHI from being corrupted or tampered with.
  • Security controls — such as end-to-end encryption — ensure that data is protected while in transit and data audit trails are recorded. If an employee loses their phone, data can be remotely erased.


The added benefits of HIPAA compliant messaging tools


HIPAA compliant SMS provides a variety of benefits to healthcare organizations — from more efficient patient care and new patient acquisition to flexibility in administrative and marketing. 

A HIPAA compliant SMS texting platform incorporated with other HIPAA compliant tools such as live chat with omnichannel integration opens up even broader channel communicative abilities such as SMS-to-chat and social media messaging access.

CRM and database integration options give healthcare organizations analytical and organizational insights into business processes for data-driven improvements across the board. 

Finally, today’s consumers prefer to communicate with their mobile phones — and patients aren’t any different. With a business SMS line, healthcare organizations can advertise an SMS number on websites, brochures, and new patient literature to reach broader markets, streamline patient scheduling, and increase patient convenience. 

Learn more about Snapengage’s Healthengage suite of HIPAA compliant tools that provide secure, HIPAA compliant live chat, SMS messaging, and chatbots for optimal patient engagement and stay ahead of industry standards. 

  • HIPAA-compliant website chat with third-party certification of compliance
  • HIPAA-compliant SMS messaging
  • Contract requirements (including BAA and Downstream BAA options)
  • Data security, encryption, audit logs, and more.

Download Now  

Recent Posts

Blog Categories

Sign up to receive our latest research, updates and success stories.
Live Chat Newsletter

Introduction to our New Security Settings

Nothing can bring a real sense of security except true love. We do love you, for sure, but in a world of complex threats we want to, tangibly, offer you a secure service as well.

That is why we’re proudly introducing our new Security Settings!

Our conscious developers’ team has been working during the past few weeks on a series of configurable settings that will protect you more effectively against any malicious hacking and mischiefs. As the account owner, you – and only you- will now have actual control on the security of your SnapEngage account.

*The new security settings are available on premier, unlimited and enterprise accounts.

Password Rules

The security of your team’s passwords is by all means imperative for the overall security of your account. You are, now, able to choose among and combine a series of password requirements that will add up to the password complexity and increase the difficulty of password cracking.

Being safe is good but being paranoid with safety could drive your team crazy since every time you increase the requirements of your passwords all your users passwords will be expired. For your users’ sake, keep this to a minimum!


Password Complexity

Your password complexity can be based on four different elements; namely  length, mIxed caSE LetTers, special characters! and user information. 


Each added character in your password increases exponentially the time it would theoretically take for it to be cracked. ‘alongerpassword’ would be harder to crack than ‘password’. Thus, you can require your users to set their password using a certain number of characters.

Require letters in mix case

By requiring your users to combine both upper case and lower case characters also improves the password strength. In such a case ‘notsafepassword’ would not be accepted but a ‘safePassword’ would have to be used instead.

Require at least one special character

Can question marks strengthen your password? Yes they can!!! Exactly as exclamation marks can also do. So, require your users to include at least one special character (non-alphabetic and non-numeric) in their passwords and instead of having a ‘notsafepassword’ to create a ‘safepassword!’ or a ‘safe+password’. With so many special characters one can be quite creative 😉 .

Password cannot contain user information

If someone tries to guess your password, it is more likely than not that they will also try to get information from your users login. This is common practice for hackers because it is also a common for users to include elements from their login in their passwords in order to, more easily, remember them. That is why you should make sure that your users are not using parts of their login information in their password. Thus, if you log in your SnapEngage account with the email: [email protected], you  would not be allowed to use neither ‘name’ nor ‘surname’ in your password.

Password Handling

Besides the password complexity per se, there are more tools at your disposal which can increase your account’s safety, the first one of them being the password originality.

Require password originality and forbid password reuse

Why prohibit password reuse? -Because of risk mitigation and human psychology.

Imagine that you become aware of a password leak in your administration. The first and easiest thing to do, would be to ask your account owner to reset all user passwords. Nevertheless, we, humans, tend to be wary of changing our passwords. Many of us would actually decide to just  set our old password as our new one again; this however, would render the safety action of resetting all passwords useless. To make sure this does not happen, you can disallow password reuse when a user renews their password.

You have the option to either not allow any password that has been used during the last 1, 6 or 12 months or any of the 5-8 most recently used passwords.


*If the two password settings get compared, we would consider the ‘x last passwords’ option more secure than ‘passwords in the last x months’.

Password expires automatically

By using this option you obligate your users to renew their password on a recurring basis (every 1,3,6 or 12 months).

Lock account after a number of failed login attempts

We are no robots and same applies for you and your colleagues. As humans, we all make mistakes and we are entitled to forgetting one of the many passwords that we are required to use in our everyday life. Many of us use multiple email accounts – personal and professional – Facebook, twitter and other social media, credit cards etc.These are many passwords and pins that we need to remember.

Nevertheless, many failed attempts to log in an account could also mean that somebody is trying to hack it. Thus, after a certain amount of failed attempts you can have an account locked which will then be unlocked again after a certain amount of time (except if specifically required to be locked permanently) or manually from the admin dashboard.

Access Rules

To, even further, protect your account, you can allow restricted access to SnapEngage based on IP addresses. You can either give specific IP addresses or use wildcards.


For more details on the Access rules please click here.

Deactivate an agent’s account due to inactivity

Automatically deactivating an agent’s account if they haven’t logged in for a set amount of time is another additional safety measure that you can decide to use.


Whatever the settings that you decide to use are, please remember that the basic rule is to always play it safe. It might get a bit uncomfortable at some point but it can save you from a lot of trouble later.