HIPAA compliance with Nextiva products and services

The Health Insurance Portability and Accountability Act (HIPAA) protects patients’ medical records and other health information provided to health care providers. Nextiva offers in-depth security to all customers, and this healthcare package complies with the additional monitoring required by HIPAA.

It is important to note that HIPAA–compliant accounts do not provide additional security but instead comply with the additional monitoring required by HIPAA, which disables certain functionality (such as voicemail transcription, fax to email, etc.).

Texting (SMS/MMS) is not HIPAA compliant, however we do allow the use of SMS on HIPAA accounts as long as the guidelines are followed, and PHI (Protected Health Information) is not sent or received via text. 

At Nextiva, we highly value the security and privacy of every user. The Nextiva core platform, NextOS, resides in data centers across North America with the highest security protocols and is connected with dual OC48 (2.5 Gbps) rings to create a redundant call network path. 

We also deploy best-of-breed equipment that protects our network from security breaches. The data centers are SSAE 16 certified, SOC II audited, and offer PCI-DSS certification. Each data center has a dedicated power grid with sophisticated energy consumption to guarantee 100% up-time.

We require a comprehensive Business Associate Agreement (BAA) that addresses our covered services and states the Privacy, Security, and Breach Notification Rules needed for Business Associates under HIPAA.

Most NextOS services are covered by the HIPAA-compliant offering, including voice calls, call recording, Nextiva Analytics, fax, and more. To maintain HIPAA compliance, the following features have limited functionality, or have been disabled completely:

  • Voicemail cannot be played through the Nextiva Voice portal.
  • Emailing of voicemail as an attachment is disabled.
  • Voicemail transcription services are not available.
  • Faxes cannot be sent or received via email.
  • Downloading faxes and forwarding faxes via email from the vFAX portal is disabled.


The following products and services are not HIPAA compliant:

  • Nextiva CRM
  • Nextiva Chat
  • Nextiva Surveys
  • Cospace
  • Advanced Call Recording
  • Nextiva App SMS
  • Skype and Zendesk integrations

Visit the Nextiva Blog for more information about Nextiva’s HIPAA compliance.

Need additional help? Click here.

Was this article helpful?