# HIPAA Compliance

Ensuring that your faxes meet HIPAA compliance standards is important, and we can help you with these easy steps:

## What you need to do

Follow these steps to make your account HIPAA compliant:

1. Head over to the [Build dashboard](https://dashboard.sinch.com/fax/services) and configure the settings of your service and uncheck both boxes in the "HIPAA" section.
This will prevent storage of any of your transmitted documents on our servers.
From the **HIPAA** section of your dashboard, you can also sign a BAA Agreement via DocuSign.
The BAA Agreement is free to sign in the [Build dashboard](https://dashboard.sinch.com/fax/services).
2. Enable Two-Factor Authentication in your [User Profile](https://dashboard.sinch.com/user/edit).
3. Use `HTTPS` for all webhook URLs you provide to us.


Tips:
- Use the latest version of the API for the most up-to-date security features.
- Rotate your API keys on a regular basis.


## What we already do for you

Here's what we do to ensure that your protected health information (PHI) documents are secure:

- Our secure API URL (`https://fax.api.sinch.com`) enforces TLS 1.2.
- Your faxes are not stored (when the boxes in `Fax` > `Services` > `HIPAA` are unchecked). This means that no one can view, alter, delete, or otherwise tamper with your files.
- Callbacks are logged so that you receive confirmation containing the date and time a fax was sent or received.