HIPAA Compliance
HIPAA-compliant messaging and voice is part of Surge's Custom plan. It is currently in development.
What's included
HIPAA compliance on the Custom plan covers:
- Secure messaging — end-to-end encrypted messaging via Surge's secure chat interface, suitable for protected health information (PHI)
- HIPAA-compliant voice — call recording and voicemail handling with PHI safeguards
- Business Associate Agreement (BAA) — Surge enters into a BAA with your organization, establishing the legal framework for handling PHI under HIPAA
Current status
HIPAA features are in active development. The expected timeline and specific feature scope will be communicated via the changelog when closer to general availability.
If your organization has an upcoming HIPAA compliance deadline or wants to discuss early access, contact Surge support at support@surge.app.
How to get started
HIPAA compliance is not available on self-serve plans. To start the process:
- Contact Surge at
support@surge.appor through the dashboard - Discuss your HIPAA requirements and timeline
- Surge will provide information on the Custom plan pricing and the BAA process
In the meantime
Surge's standard messaging is not HIPAA-compliant. Do not send protected health information (patient names, diagnoses, medication details, insurance information) through standard Surge messaging while HIPAA compliance is in development.
If you're building a healthcare application today, consider using Surge only for non-PHI communications (appointment reminders with no clinical content, general notifications) while HIPAA-compliant features are finalized.