Security and Compliance

For regulated industries

HIPAA Compliance

Our network architecture and datacenter infrastructure is designed to meet or exceed industry mandated requirements to ensure that every element of your communication remains confidential and secure. Because we built our network around fax security and compliance requirements, some of the world’s most security-conscious organizations like Western Union and Johns Hopkins trust Concord with their most sensitive communications.

Concord Fax and HIPAA

Our secure fax service meets (or exceeds) all requirements for both HIPAA privacy and security. FaxRX enforces fax practices and settings that are compliant with HIPAA regulations for use in the Healthcare market.

Our solution for automating and securing fax transmissions supports HITECH and seamlessly integrates with existing EHR systems and EMR software. Cover sheets ensure that PHI is protected and that appropriate disclosure and HIPAA compliance statements are delivered with your communications.

Once the documents are delivered, the fax image can be completely removed from the Concord platform.

Concord Compliance White Paper

Everything you need to know about managing fax within HIPAA and PCI-DSS regulated environments.


PCI DSS Compliance

Concord Fax Online supports your PCI DSS compliance needs. Communications are fully encrypted over TLS or via Secure HTTP.

A unique feature of the Concord platform is the ability to set your image retention policy to automatically remove all images if you are PCI faxing, and thus simplify your security and vendor audit requirements,

SSAE-16 Type 2 Audit

SSAE-16 security standards not only take into consideration the security of the network, but also reviews the full business process to ensure that information is handled with the highest level of privacy and security available. While a number of other large vendors in this space claim SSAE-16 audits due to the fact that they collocate servers with a certified vendor, Concord has made a decision to actively pursue the audit to ensure that every element of our organizational procedures, structure and technical infrastructure are optimized to ensure the security of our customer data.


  • SSAE-16 SOC-2 Type 2*
  • HIPAA Compliant
  • PCI DSS Certified
  • US – EU Safe Harbor framework Compliant

Network Security

  • Encryption (in-transit & at-rest)
  • SSL/TLS encryption for web traffic
  • TLS for email
  • Available zero image retention policy
  • AES 256-bit encryption
  • Active intrusion protection

Physical Security

  • Private datacenter suites in secured and guarded buildings.
  • Highly restricted, controlled badge access for all datacenters.
  • Closed Circuit Video security and monitoring.

Logical and Application Security

  • All logins and access is logged and recorded.
  • Complex password requirements.
  • Enforced anti-virus policy across the network.

Build Your Cloud Fax Estimate

Create your own Concord Cloud Fax plan and get detailed costs based on your page volume, users and inbound numbers.