Security and HIPAA

Q: Is the VerveFax platform secure?

A: The VerveFax platform utilizes multiple layers of security as detailed below.

Encrypted document exchange

We utilize encryption technology whenever documents are transported to/from our network.

At rest encryption

All sensitive data is encrypted at rest. This means it cannot be accessed in any usable form outside of our secure web portal.

Secure socket layer protocol

Our web interface and API access is accessible only through secure HTTPS connections.

Audit trails

All document transmissions and log on/log off events are logged and recorded along with associated IP addresses.

User authentication

All system access points require user authentication to access any secure data. We also implement auto-logoff features for additional protection. The system includes advanced administrative controls with customizable user permissions and roles.

Data center security

All web servers, application servers, and databases are housed in state-of-the-art SSAE16 Type II secured facilities with redundant hardware, power, and internet connectivity.

Email TLS

TLS is enabled for our email gateways, TLS is required on user’s email service for end-to-end encryption. We provide the ability to disable email for security as well.

Q: Is VerveFax HIPAA compliant?

A: The security of VerveFax enables it to be used in a HIPAA compliant fashion within your organization. No software or service can be designated “HIPAA compliant” on its own, as HIPAA compliance is a larger set of business practices. Please contact your HIPAA compliance officer for more details.