Subscribe to the Nextiva blog newsletter for the latest content on Customer Service, Productivity, Marketing and VoIP.

Is Nextiva HIPAA Compliant?

Most Nextiva VoIP phone system features fall under the HIPAA-compliant offering. This includes voice calls, call recording, Nextiva Analytics, and more. (Please scroll to the end to see the services that are HIPAA-compliant)

Nextiva respects the HIPAA standards set to protect patient information. Besides, we also outline how our services comply.

What is HIPAA?

HIPAA stands for Health Insurance Portability and Accountability Act. It provides security and privacy requirements to safeguard protected health information.

HIPAA regulations have these goals:

  1. Safeguard or maintain health insurance for workers if they change jobs (Portability)
  2. Protect health-related data, confidentiality, and availability (Accountability)
  3. Simplify healthcare claims, paperwork, and health records

HIPAA, thus, lets the US healthcare system provide better services at lower costs.

What Does it Mean to be HIPAA-Compliant?

All healthcare service providers must be HIPAA-compliant. You must protect all medical records and health-related information. This is why the phone service you use is so important, especially if you're a small business.

The collection and protection of information apply to any form of communication. This could be over a phone line, mobile app, or online faxing.

Hence, when patients share their data, they assume you will safely store it. They also expect you only to use it for health-related reasons. When your system is HIPAA-compliant, you can fulfill these expectations.

To store medical records online, you must, therefore, use a HIPAA-compliant VoIP system.

What Falls Under Protected Health Information According to HIPAA?

  • A patient's name, address, birth date, and social security number
  • An individual's physical or mental health condition
  • Any care provided to an individual
  • Finally, information about the payment for the care given

Is VoIP HIPAA-compliant?

VoIP, short for Voice over Internet Protocol, offers more than a voice calling service. The advancements in VoIP provides customers with more communication features. These include call recording or voicemail.

Many businesses use VoIP as their complete communication system. But, not all need to be HIPAA-compliant like the healthcare industry.

Patients call your business to set up appointments or to leave voice messages. When they do, they will most likely reveal health information, which you must protect.

Thus, VoIP automatically becomes subject to being HIPAA-compliant. As Nextiva is a complete VoIP communication system, it makes us compliant too.

Why Nextiva is HIPAA-compliant

At Nextiva, we value the security and privacy of every user. Our team recognizes how these two factors are crucial to caregivers, as well.

Above all, we can provide your patients with a secure web portal to store medical records.

How is the Nextiva System Secure?

  • The Nextiva healthcare package complies with the extra monitoring HIPAA needs
  • Our core platform, NextOS, resides in data centers across North America. Each abides by the highest security protocols.
  • Nextiva uses the best equipment to protect our network from data breaches.
  • We ask for a comprehensive Business Associate Agreement (BAA) that addresses our covered services.
  • Nextiva also displays Privacy, Security, and Breach Notification Rules. Doing this is a must for Business Associates under HIPAA.

Are All Nextiva Products and Services HIPAA-Compliant?

Nextiva works with various businesses in different industries. As it's the healthcare industry that must be HIPAA-compliant, not all our products need to be.

But, it’s crucial that you are aware of this to understand what products to use.

The HIPAA-compliance act covers most of the Nextiva services. This includes voice calls, call recording, analytics, and more. Some Nextiva features are not compliant (see below).



Unlimited Calling
Auto Attendant
Call Recording
Advanced Call Recording
Voicemail Transcript
Visual Voicemail
Advanced IVR ✓*
Go Integrator (Skype for Business, CTI, and CRM integrations)
SSAE 16 Certified Data Centers
Redundant Call Network Path
8 Points of Presence Throughout the USA
Additional HIPAA Security Controls
Business Associate Agreement (BAA)**

*Except for SMS

**Nextiva can execute a comprehensive Business Associate Agreement (BAA) that addresses our covered services and states the privacy, security, and breach notification rules required for business associates under HIPAA

How Does Nextiva Maintain HIPAA Compliance?

Here are a few ways Nextiva products and services are HIPAA-Compliant. At Nextiva, we limit or disable the following:

  • Visual voicemail
  • The ability to play voicemail through NextOS or the Nextiva Unity App
  • Emailing of voicemail as an attachment
  • Voicemail transcription services are not available
  • Nextiva vFAX is not available as part of the healthcare offering

In conclusion, Nextiva works to provide healthcare providers with secure products. So, let us take care of safely storing your medical data.

Please feel free to get in touch with your account manager should you have any questions.

About the author

Gaetano DiNardi is the Director of Demand Generation at Nextiva and has a track record of success working with brands like Major League Baseball, Pipedrive, Sales Hacker and Outside of marketing, Gaetano is an accomplished music producer and songwriter - he’s worked with major artists like Fat Joe, Shaggy and loves making music to stay turbocharged. To get in touch, follow him on LinkedIn.