Leadferno provides a cloud service, securely handling and storing customer information that individual user account controls and permissions. As such, we follow security best practices including:

  • Secure platforms provide cloud computing and storage via Amazon Web Services (AWS) and Bandwidth for carrier connectivity. We monitor and update platforms once assessed for security and safety.
  • Penetration testing and threat modeling to ensure we're protected against external threat. We regularly scan our application using third parties to ensure Leadferno is protected against threats.
  • Network security and process controls are instituted to ensure only authorized software and persons can access the app and its data, with multiple layers of authentication including user accounts and VPNs.

Data transmission

The Leadferno app stores and transmits information securely. The Leadferno web and mobile apps are secure in nature, requiring authentication to sign in. Additionally, the data transmitted to and from the app is encrypted over HTTPS, preventing third parties from intercepting data appearing in our app over internet connections.

Data storage & access

All Leadferno data are stored securely, including message and account information. Access to the data is controlled at the customer and profile level through the Team settings in Leadferno. As a company, Leadferno controls access to data via encrypted, authenticated connections. Data are only accessed by Leadferno employees when necessary to provide support or services for customers.

To ensure data permanency, data are backed up daily.

No 3rd party sharing

We don't share or sell personal or message information from your Leadferno account. Since we use cloud services, for example, AWS, to provide customers with the Leadferno product, there are third party services involved in providing the product; however, we never sell or distribute your account information to others. 

HIPAA compliant 

Our services are hosted on a HIPAA compliant platform with internal processes and policies in compliance. As necessary, we may sign a business associate agreement (BAA) with a customer.

HIPAA compliant texting app features in Leadferno

Any organization that handles protected health information must remain HIPAA compliant throughout all aspects of their communication, including text messaging. Leadferno offers features and tools that ensure you’re texting compliantly.

1. Encryption - stores and transmits information securely.

2. SMS consent compliance - by requiring clear opt-in consent language, optional two-layered consent, a SMS privacy policy, and mandatory HELP and STOP keyword functionality to uphold customer control and privacy rights for SMS communication.

3. Roles and permissions - grant and deny access of user credentials instantly, including management of role and permissions of who can access what data.

4. Message archiving - of all text message conversations, stored, timestamped, and accessible. Messages can not be deleted or removed from the application and can be reviewed/audited for compliance.

HIPAA compliance recommendations for your business

That said, unlike other data requirements in HIPAA, text messages are not and cannot be encrypted. So, if you intend to share personal health information (PHI) over text, you should get explicit permission from your patients. This goes one step beyond the permission received via the Leadbox and Leadform. You'll want to advise your patients of the risks of text messaging, which can happen over text message or in your office, and get their consent.

Here is an example HIPAA permission message you could send for capturing consent (and saved as a template in our Shortcuts or Auto reply features):

We want to send messages regarding your healthcare. Since texts are not encrypted, they could be accessed by third parties just like phone calls. May we have your permission to text you information regarding your healthcare?

Any additional technical safeguards should be implemented for employee devices using Leadferno by the practice to ensure best HIPAA compliance. 

Additional security information, including our Leadferno Application Security Overview can be provided upon request.