Doctor with Galaxy

OnPage is HIPAA Compliant


OnPage follows the Security Rule which require HIPAA covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI.


Specifically, covered entities must:

1. Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit:

Confidentiality – With OnPage messages are SSL encrypted in Transit and 256AES encrypted at rest {in our database}.
Integrity –  With OnPage the full message can be viewed only by the receiver and the sender and cannot be altered. For Enterprises – additional to Sender and Receiver, Only authorized personnel (super Admin) can view message content.
Availability – With OnPage messages are retained in our servers for 6 years.
2. Identify and protect against reasonably anticipated threats to the security or integrity of the information – Database is located in a secure SAS70 certified, SSAE 16 compliant hosted location

3. Protect against reasonably anticipated, impermissible uses or disclosures – With OnPage, message content cannot be compromised by OnPage’s general employees as it is encrypted. Enterprises can remote-wipe the OnPage messages on the device in case it got lost or stolen

4. Ensure compliance by their workforce  – Every new employee get Trained regarding HIPAA rules upon joining the company

Summary of the HIPAA Rule