HIPAA compliance with Nextiva products and services

The Health Insurance Portability and Accountability Act (HIPAA) protects patients’ medical records and other health information provided to health care providers. Nextiva offers in-depth security to all customers, and this healthcare package complies with the additional monitoring required by HIPAA.

It is important to note that HIPAA–compliant accounts do not provide additional security but instead comply with the additional monitoring required by HIPAA, which disables certain functionality (such as voicemail transcription, fax to email, etc.).

Texting (SMS/MMS) is not HIPAA compliant, however we do allow the use of SMS on HIPAA accounts as long as the guidelines are followed, and PHI (Protected Health Information) is not sent or received via text. 

At Nextiva, we highly value the security and privacy of every user. The Nextiva core platform, NextOS, resides in data centers across North America with the highest security protocols and is connected with dual OC48 (2.5 Gbps) rings to create a redundant call network path. 

We also deploy best-of-breed equipment that protects our network from security breaches. The data centers are SSAE 16 certified, SOC II audited, and offer PCI-DSS certification. Each data center has a dedicated power grid with sophisticated energy consumption to guarantee 100% up-time.

We require a comprehensive Business Associate Agreement (BAA) that addresses our covered services and states the Privacy, Security, and Breach Notification Rules needed for Business Associates under HIPAA.

Most NextOS services are covered by the HIPAA-compliant offering, including voice calls, call recording, Nextiva Analytics, fax, and more. To maintain HIPAA compliance, the following features have limited functionality, or have been disabled completely:

  • Voicemail cannot be played through the Nextiva Voice portal.
  • Emailing of voicemail as an attachment is disabled.
  • Voicemail transcription services are not available.
  • Faxes cannot be sent or received via email.
  • Downloading faxes and forwarding faxes via email from the vFAX portal is disabled.

Nextiva HIPAA business communication plans

  Pro Pro Plus Enterprise
Unlimited calling within the USA and CA** Y Y Y
Free local & toll-free number Y Y Y
Toll-free minutes 1500 3000 12500
High-definition (HD) voice Y Y Y
Auto attendant Y Y Y
Multi-level auto attendant N Y Y
Unlimited internet fax Y Y Y
Free number porting Y Y Y
Call history Y Y Y
Call log reports Y Y Y
Threaded conversations Y Y Y
Create notes on contacts and calls Y Y Y
Contact management Y (up to 500 shared contacts) Y (up to 500 shared contacts) Y (up to 500 shared contacts)
Contact integrations (Google & Outlook)  Y Y Y
Voicemail to email notifications Y (no attachment or transcription) Y (no attachment or transcription) Y (no attachment or transcription)
Voicemail to SMS notifications Y (no attachment or transcription) Y (no attachment or transcription) Y (no attachment or transcription)
Voicemail transcription Y (Desktop app only) Y (Desktop app only) Y (Desktop app only)
Team presence and status Y Y Y
Shared line appearance Y (up to 5 SCA profiles) Y (up to 5 SCA profiles) Y (up to 35 SCA profiles)
Busy lamp field Y Y Y
Single sign-on N N Y (requires set up fee) 
Hold music Y Y Y
Call group Y Y Y
NextivaONE Y Y Y
Calendar and meeting scheduling Y Y Y
Calendar integrations (Google & Outlook)  Y Y Y
Unlimited conference calls N Y (40 participants)  Y (unlimited participants) 
Video meetings Y (up to 45 mins per meeting)  Y (up to 45 mins per meeting)  Y (up to 45 mins per meeting) 
Team collaboration chat messaging Y Y Y
Team collaboration Rooms Y (up to 3 active rooms)  Y (up to 3 active rooms)  Y (up to 3 active rooms) 
Admin portal Y Y Y
User portal Y Y Y
Dashboard Y Y Y
Real-time system status alerts Y Y Y
Advanced IVR Y** Y** Y**
Five9 VCC Y*** Y*** Y***
Unity Contact Center Y**** Y**** Y****
Akixi 1000, 2000 Y Y Y
Go Integrator (Salesforce, Zendesk, HubSpot, etc.) Y Y Y
Call2Teams Y Y Y
Email Support 24/7 24/7 24/7
Chat Support 24/7 24/7 24/7
Phone Support 24/7 24/7 24/7
Real-time system status alerts Y Y Y
Multi-site support Y Y Y

*Must not contain PHI. Excluded from BAA.

**SMS is not HIPAA compliant. Chatbots and messaging channels may not contain PHI. SIP Trunks must be configured for HIPAA. Verbatim audio capture cannot be used. Q for Me premium waiters may not be configured to store data.

***SMS is not HIPAA compliant. PHI may not be put into text fields within VCC. Email displayed within Five9 is compliant and is encrypted at rest. Five9 does not send/receive emails on behalf of the customer, so the customer is fully responsible for email security. SIP Trunks are required to be secure using a VPN (or SRTP must be used over a non-secure trunk). For use of Five9 classic CCaaS, if you are using Internet VOIP between your agents and Five9 or if you are setting up a SIP trunk to your PBX (e.g. not using MPLS connect between Five9 and the agents), an SRTP must be provisioned. 

****Excluded from BAA. Requires special contract language.


Visit the Nextiva Blog for more information about Nextiva’s HIPAA compliance.

Need additional help? Click here.

Was this article helpful?