HIPAA Compliance

What we already do for you

Here are just a couple of the steps that we take to ensure that your protected health information (PHI) documents are secure:

  1. Our secure URL (https://api.phaxio.com) has 128 bit encryption.
  2. Your faxes are not stored (when the boxes in Storage Preference are unchecked). This means that Phaxio can never see, alter, delete or otherwise tamper with your files.
  3. Callbacks are logged so that you know whether or not you received confirmation that a fax was sent or received and at what time the transmission occurred.
  4. Phaxio is hosted on Amazon’s AWS which has achieved ISO 27001 certification and has successfully completed multiple SAS70 Type II audits. You can read more about their security precautions here.

What you still need to do

Follow these two steps to make your account totally HIPAA compliant:

  1. Head over to the Fax Settings section of your account and uncheck both boxes in the “Storage” section. This will prevent storage of any of your transmitted documents on Phaxio’s servers.
  2. Make sure that your calls are made to a Hypertext Transfer Protocol Secure (HTTPS) URL.
  3. We also recommend that you use https for all callback URLs you provide to us.