We acknowledge the sensitivity and gravity of maintaining the privacy and security of patient healthcare data. Therefore, we have meticulously examined all administrative, physical, and technical safeguard specifications to comply with the HIPAA requirements and ensure the protection of our customers’ data and individuals’ protected health information (PHI) and electronic protected health information (ePHI).
We want to inform our Enterprise users, who are considered as “covered entities” under HIPAA, that we are aware of their HIPAA requirements. We will do our utmost to ensure that their patients’ data remains confidential. Please note that this statement does not replace the need for a Business Associate Agreement (BAA). We have instituted policies and procedures to keep our customer data confidential. These include (not limited to) the following:
Data Transmission Security and Encryption
HIPAA regulations require us to pay close attention to data security when it is in motion and at rest. To ensure this, all faxed files and signed documents are securely stored on our servers. To protect data that is in transit between our WiseFax applications (including mobile, API, or web) and our servers, we use Secure Sockets Layer (SSL)/Transport Layer Security (TLS) for data transfer. This creates a secure tunnel protected by 128-bit or higher Advanced Encryption Standard (AES) encryption.
ePHI data is stored securely in Vanaia’s private cloud environment with restricted access.
WiseFax implements various levels of audit control to ensure the security of all files sent or received through the platform during the lifespan of your account. This includes secure and automatic archiving and software and procedural mechanisms that record and analyze activity in information systems that contain or use ePHI.
To use WiseFax services, users must provide a valid username and password combination which is SSL encrypted. Additionally, each user is assigned an encrypted session ID cookie to ensure a unique identification. All communications between the user and our servers are always encrypted while logged in.
Data Storage and Disposal
Documents that are submitted to WiseFax servers will be automatically deleted after 30 days for users of WiseFax pay-as-you-go services. We do not keep physical copies of reports or documents at our facilities. In case of a subscription, data will be deleted within the 30 days period after the subscription period ends. However, users who want to delete their account with data earlier can always request this through our support team.
Data Centers Security
Our data centers are situated in facilities that strictly adhere to high-security standards. Our facilities comply with several industry-recognized certifications, such as ISO 27001, ISO 27017, ISO 27018, NIST SP 800-53, PCI DSS, AICPA Trust Services Criteria, and others, as members of the Cloud Security Alliance (CSA). Additionally, our facilities are HIPAA compliant, ensuring your sensitive data is always protected.
Our team is committed to ensuring our systems’ safety, security, and integrity. We regularly review and update our security policies and provide our employees with security training. We also perform application and network security testing, including penetration testing, conduct risk assessments, and monitor compliance with our security policies to ensure our systems’ confidentiality, integrity, and availability.
Privacy and Security Rules
- Enforced HTTPS with a secure SSL/TLS certificate and a connection tunnel protected by 128-bit or higher Advanced Encryption Standard (AES) encryption.
- Our data backups are stored in secured, safe, world-class data centers.
- Authentication of the account owner.
- All servers and production workstations have restricted access from outside the organization.
- A highly advanced system for monitoring and escalation.
- Automated data backups.
- Automated virus checking.
- Any non-compliance of which we become aware is reported.
- Notice of data breach.
- Access to production fax systems is restricted with unique SSH key pairs. Security policies and procedures require the protection of SSH keys. An internal system securely manages the public key exchange process, and private keys are stored safely.
- All employees undergo comprehensive background checks and must sign a confidentiality agreement as part of their employment contract.
Business Associate Agreement (BAA)
We are currently not signing a Business Associate Agreement (BAA) with covered entities. However, we follow the guidelines and best practices recommended by HIPAA.