Table of contents

If you're looking to do screen sharing in a HIPAA compliant way, you might want to consider Surfly's co-browsing solution. It comes with a bunch of nifty features and is compliant with HIPAA, GDPR and AICPA SOC, amongst other frameworks.
Co-browsing as a secure alternative to screen sharing
Surfly co-browsing is an advanced, secure alternative to screen sharing. It is a completely browser-based solution where an agent or a healthcare professional browses a website together with the customer and guides them through their web journey.
The entire interaction occurs in a controlled browser based environment where you get to choose your own custom security settings. We let users hide sensitive information on the page, use audit logs, and don’t require any installations.
Surfly employs TLS 1.3 transport security, 256bit SSL encryption, full audit log features, and masking of sensitive data to ensure you stay secure and compliant in all your interactions. We are HIPAA, GDPR, ISO 27001, AICPA SOC, and PCI DSS compliant.
Data storage and transmission
Security is a core design principle of our technology. The Surfly session has been designed to act as an infrastructure: information passes through but is never stored. And when no data is stored, no data is lost.
- Surfly’s servers are located in 6 data centers around the world. You can choose to only use our United States server for your sessions.
- Security has been embedded across the entire Surfly chain, from our technology’s design to our server and middleware configuration. For example, we’ve configured our caching servers in such a way that they will never store any information to disk. This is fully in line with HIPAA and PCI-DSS compliance regulations.
- All session data is only transmitted via secure SSL connections.
Content masking
By using Surfly’s masking features, you can ensure that Protected Health Information remains private. Specific form fields or entire HTML elements can easily be hidden from agents or healthcare professionals, ensuring complete client privacy and security. What sets Surfly apart is that no code changes are required for masking, and it can be easily implemented via the Surfly dashboard. Masking also works on third-party websites that are part of your online journey.
Secure control switching
If it is required for the customer journey, control of the browser tab can be easily switched from one user to another with just one click. Unlike screen sharing, where you gain remote control of the user’s entire device, co-browsing is extremely secure, as you only gain control of the specific browser tab being shared.
HIPAA compliant screen recording & video chat
Surfly’s video chat & session recording features enable you to record the user’s screen in a fully HIPAA compliant manner. While recording the session and video, all masked content remains hidden in the video stream.
Compliant audit logs
A detailed log of all actions that occurred within a session is available, for compliance purposes. This includes participant metadata, web pages visited, and buttons clicked, all stored in a JSON format. Of course, any masked data that is configured to be hidden is never stored in Audit logs, enabling you to stay HIPAA compliant while still using Audit logs.
Signed BAAs
We meet all critical physical, technical, and administrative requirements of HIPAA including having signed BAAs with all key 3rd party providers.