What you need to do
Follow these steps to make your account totally HIPAA compliant:
- Head over to the Fax Settings section of your account and uncheck both boxes in the “Storage” section. This will prevent storage of any of your transmitted documents on Phaxio’s servers.
- Enable Two-Factor Authentication in your user profile.
- Use HTTPS for all webhook URLs you provide to us.
- Let us know that you need to sign a BAA by emailing us at firstname.lastname@example.org with the userID of your account.
- Use the latest version of the API for the most up-to-date security features.
- Rotate your API keys on a regular basis.
What we already do for you
Here are just a few of the steps that we take to ensure that your protected health information (PHI) documents are secure:
- Our secure API URL (https://api.phaxio.com) enforces TLS 1.2.
- Your faxes are not stored (when the boxes in Storage Preference are unchecked). This means that Phaxio cannot view, alter, delete or otherwise tamper with your files.
- Callbacks are logged so that you know whether or not you received confirmation that a fax was sent or received and at what time the transmission occurred.
- Phaxio is hosted on Amazon’s AWS which has achieved ISO 27001 certification and has successfully completed multiple SOC 2 Type II audits. You can read more about their security precautions here.