Headway holds clients information with the highest security. We treat personal and Protected Healthcare Information (PHI) privacy as a top priority and maintain HIPAA compliance through the following:
- Our proprietary platforms and databases encrypt all client information.
- Any messaging conducted through the Headway portal is end-to-end encrypted and executed through a secure and encrypted email relay.
- Emails from the Headway team are encrypted if your email inbox supports encrypted messages.
- We sign Business Associate Agreements (BAA) with all other platforms we use that may store PHI. This ensures our vendors also follow HIPAA compliance for our use.
In addition, as an extra layer of encryption, we do not include client information in initial requests, and will use SendSafely. With SendSafely:
- Each agent has their own personal URL that they can use to send items securely, even if they don’t have a SendSafely account; and you can reply back using this link, as well.
- Nobody can see the data in the messages other than the people given access.
- Information is encrypted for a second time before being sent.