For customers who are subject to the requirements of the Health Insurance Portability and Accountability Act (known as HIPAA, as amended, including by the Health Information Technology for Economic and Clinical Health — HITECH — Act), PDF Mail Merger is HIPAA compliant.
We use a third party provider to decrypt password-protected PDF files who is not HIPAA compliant. If you use password-protected PDF files, make sure that you decrypt your file before you upload it to PDF Mail Merger. Non-password protected PDF files are expressly not processed by the third party provider and are fully HIPAA compliant.
In addition our hosting provider undergoes several independent third party audits on a regular basis to provide customers with external verification. This means that an independent auditor has examined the controls present in its data centers, infrastructure and operations. It has annual audits for the following standards:
- SSAE16 / ISAE 3402 Type II
- ISO 27001
- ISO 27017
- ISO 27018
- FedRAMP ATO
- PCI DSS v3.2.1