HIPAA compliant screen recording & sharing

Surfly Co-browsing is an interactive, no-download, HIPAA compliant content sharing & recording solution for secure meetings, onboarding, support, and sales.


Surfly Co-browsing is an advanced, secure alternative to screen sharing. It is a completely browser-based solution where an agent or a healthcare professional browses a website together with the customer and guides them through their web journey. 

Learn more about co-browsing

The entire interaction occurs in a controlled browser based environment where you get to choose your own custom security settings. We let users hide sensitive information on the page, use audit logs, and don’t require any installations. 

red security icon with lock

Surfly employs TLS 1.3 transport security, 256bit SSL encryption, full audit log features, and masking of sensitive data to ensure you stay secure and compliant in all your interactions. We are HIPAA, GDPR, ISO 27001, AICPA SOC, and PCI DSS compliant.

Data storage and transmission

Security is a core design principle of our technology. The Surfly session has been designed to act as an infrastructure: information passes through but is never stored. And when no data is stored, no data is lost.

  • Surfly’s servers are located in 6 data centers around the world. You can choose to only use our United States server for your sessions.
  • Security has been embedded across the entire Surfly chain, from our technology’s design to our server and middleware configuration. For example, we’ve configured our caching servers in such a way that they will never store any information to disk. This is fully in line with HIPAA and PCI-DSS compliance regulations.
  • All session data is only transmitted via secure SSL connections.

Content masking

By using Surfly’s masking features, you can ensure that Protected Health Information remains private. Specific form fields or entire HTML elements can easily be hidden from agents or healthcare professionals, ensuring complete client privacy and security. What sets Surfly apart is that no code changes are required for masking, and it can be easily implemented via the Surfly dashboard. Masking also works on third-party websites that are part of your online journey.

Secure control switching

If it is required for the customer journey, control of the browser tab can be easily switched from one user to another with just one click. Unlike screen sharing, where you gain remote control of the user’s entire device, co-browsing is extremely secure, as you only gain control of the specific browser tab being shared. 

HIPAA compliant screen recording & video chat

Surfly’s video chat & session recording features enable you to record the user’s screen in a fully HIPAA compliant manner. While recording the session and video, all masked content remains hidden in the video stream. 

Compliant audit logs 

A detailed log of all actions that occurred within a session is available, for compliance purposes. This includes participant metadata, web pages visited, and buttons clicked, all stored in a JSON format. Of course,  any masked data that is configured to be hidden is never stored in Audit logs, enabling you to stay HIPAA compliant while still using Audit logs.  

Signed BAAs

We meet all critical physical, technical, and administrative requirements of HIPAA including having signed BAAs with all key 3rd party providers.

Contact us