Helping You Communicate Securely and Confidently
At Synfone, we understand that healthcare providers and their partners have unique responsibilities when it comes to protecting patient information. If your organization is subject to HIPAA, you’re likely wondering: Is Synfone HIPAA compliant?
The short answer is: Yes — Synfone can be used in a HIPAA-compliant way when configured and used appropriately. This page explains how we support your compliance efforts and what you should know when using our service in a healthcare setting.
Security First: How Synfone Protects Your Data
We’ve built our system with privacy and security at the core. Here’s how we help keep your data protected:
- Encrypted Communication
Calls, voicemails, and messages are encrypted during transmission and at rest using industry-standard protocols. - Individual User Access
Each user has their own unique credentials to log in and access data. No shared logins — ever. - Remote Access Management
Need to remove access for a former employee? Admins can immediately revoke user credentials to prevent unauthorized access. - Audit Logging
We keep detailed logs of user activity within the system, so you can review who accessed what and when — an important part of HIPAA’s audit control requirement.
Messaging and Voicemail: What’s HIPAA-Safe
Secure Internal Messaging
Synfone supports secure messaging between users on the same system — ideal for inter-office communication. This is not standard SMS and should not be confused with text messaging over cell networks.
Voicemail Delivery Options
By default, voicemail messages are stored securely within your Synfone system. Upon opting in for HIPAA compliance, voicemail-to-email delivery is disabled to prevent potential PHI exposure. Clients will access voicemails securely through the app or web portal.
Call Recording (Optional)
Synfone does not record calls by default, but call recording can be enabled upon request. If you choose to enable this feature, we’ll help ensure those recordings are securely stored and only accessible to authorized users.
Data Retention and Deletion
On accounts configured for HIPAA compliance, we retain voicemails, call logs, and text messages for 180 days. If your compliance policy requires a shorter retention window, we’re happy to work with you — just let us know.
Need something deleted for compliance reasons? Simply submit a request, and we’ll take care of it promptly.
Business Associate Agreements (BAAs)
If your organization handles Protected Health Information (PHI), HIPAA requires that you have a Business Associate Agreement in place with vendors like us.
Synfone provides a signed BAA upon request. Just contact our support team, and we’ll walk you through it.
Final Note
HIPAA compliance isn’t just about the technology — it’s also about how it’s used. Synfone gives you the tools you need to support secure communication, but it’s important that your team follows best practices and configures the system correctly.
Using Synfone with a system configured for HIPAA compliance is opt-in only. Synfone systems are not deployed in a HIPAA compliant manner unless specifically requested by submitting the form below. Do not assume your system is configured for HIPAA compliance unless you have received a confirmation from Synfone Support that the necessary changes have been made.
If you’re unsure whether your current setup meets HIPAA requirements, please contact Synfone Support.
If you would like to opt-in to have your system configured in a HIPAA compliant fashion, please submit the form below.
