Security and HIPAA

Q: Is the VerveFax platform secure?

A: The VerveFax platform utilizes multiple layers of security as detailed below.

Encrypted document exchange

Data in transit utilizes TLS 1.2 encryption whenever documents are transported to/from our network.

At rest encryption

All sensitive data is encrypted at rest with AES 256-bit encryption, and stored in SSAE16 Type II secured facilities.

Secure socket layer protocol

Our web interface and API access is accessible only through secure HTTPS connections.

Audit trails

All transmissions and activity is recorded along with associated IP addresses for easy auditing

User authentication

All system access points require user authentication to access any secure data. We also implement auto-logoff features for additional protection. The system includes advanced administrative controls with customizable user permissions and roles.

Data center security

All web servers, application servers, and databases are housed in state-of-the-art SSAE16 Type II secured facilities with redundant hardware, power, and internet connectivity.

Email TLS

TLS is enabled for our email gateways, TLS is required on user’s email service for end-to-end encryption. We provide the ability to disable email for security as well.

Q: Is VerveFax HIPAA compliant?

A: The security of VerveFax enables it to be used in a HIPAA compliant fashion within your organization. No software or service can be designated “HIPAA compliant” on its own, as HIPAA compliance is a larger set of business practices. Please contact your HIPAA compliance officer for more details.