HIPAA compliance and PHI

Have more questions? Submit a request

Headway holds clients information with the highest security. We treat personal and Protected Healthcare Information (PHI) privacy as a top priority and maintain HIPAA compliance through the following:

  • Our proprietary platforms and databases encrypt all client information
  • Any messaging conducted through the Headway portal is end-to-end encrypted and executed through a secure and encrypted email relay
  • Emails from the Headway team are encrypted if your email inbox supports encrypted messages
  • We sign Business Associate Agreements (BAA) with all other platforms we use that may store PHI. This ensures our vendors also follow HIPAA compliance for our use


In addition, as an extra layer of encryption, we do not include client information in initial requests, and will use SendSafely. With SendSafely:

  • Each agent has their own personal URL that they can use to send items to you securely, even if you don't have a SendSafely account; you can reply back using this link, as well
  • Nobody can see the data in the messages other than the people given access
  • Information is encrypted for a second time before being sent


We also have our privacy policy listed on our website.

Articles in this section