How can I use archiving as part of a HIPAA compliant application?

OpenTok Encryption allows the archives to be fully encrypted in memory while they are being built so the archive data is never at rest in an unencrypted state. Here, the archives are encrypted while on servers, while being uploaded to the customer’s storage bucket and when stored at the customer’s storage bucket. This approach provides an extra encryption level for applications, especially those requiring HIPAA compliance.


TokBox offers the ability for recorded sessions to be temporarily stored on TokBox supplied cloud storage for up to 72 hours, however, this is not mandatory. For those healthcare organizations that wish to use archiving and have HIPAA considerations, you may consider disabling TokBox cloud storage fallback. Please note it is not mandatory to disable the fallback in this case, especially if the customer opts for OpenTok Encryption.

Have more questions? Submit a request