This document outlines a few of the recommended ways to configure various features within Trillian to help organizations with HIPAA compliance. Following all of the steps in this guide will not make your organization HIPAA compliant! HIPAA compliance is a serious undertaking requiring participation across your entire organization; these guidelines are specific to your use of Trillian only and are not all-encompassing. Please consult with your company's in-house HIPAA experts to make sure you're doing the right things from a HIPAA perspective, and feel free to contact us with any questions. We will continue to update this document with information as new features are added to Trillian that require attention from a HIPAA perspective.

For additional clarity, we repeat: following all of the steps in this guide will not make your organization HIPAA compliant!

Encryption in transit

All connections to Trillian Servers use TLS. There is no way to disable TLS, so your communications will be encrypted in transit by default. Whenever possible, our clients and servers favor the use of key exchange mechanisms that provide the forward secrecy property, meaning that an attacker who compromises a long-term key will not be able to compromise past TLS sessions. Our clients and servers always prefer the use of the latest recommended secure cipher suites and protocols to encrypt all traffic in transit.

Encryption at rest

Cloud-hosted environments utilize our secure infrastructure, and all data is encrypted at rest. To learn more, visit our Security Practices document.

On-premises Trillian Server deployments put you in control of encryption at rest. We recommend that you utilize both disk-level encryption (via Bitlocker, for example) and also enable Trillian Server's encryption at rest feature. Doing so will require you to provide a secure passphrase to Trillian Server any time it needs to start.

Chat history and media storage

Desktop clients. By default, most versions of Trillian will store chat history and user-shared media in two places: centrally on the server and cached locally on individual desktop clients. We store history and media on clients to speed up access to the same and to provide the ability for clients to access data without an internet connection. However, we recommend you disable local history storage in HIPAA-regulated environments! The risk of an employee losing a laptop is reduced to nil from a Trillian perspective if Trillian isn't storing anything on disk. Turning off local chat history covers both chat history and media and forces Trillian to operate in a "server-only" mode.

Mobile clients. Mobile clients never store chat history on disk in a permanent way, but they can store a few lines of history for open chat windows to improve the user experience. Mobile clients do store shared media (pictures) to speed up user experience and provide some resiliency on weak connections. As such, the same recommendation applies here: disable local history storage by policy to prevent clients from saving anything to disk.


Federation is the server-to-server ability for your users to connect to other users outside of your organization. Unless you have a signed BAA in place with these other organizations, you can either instruct your users to not share PHI to federated contacts or disable federation by default, only enabling it for specific, whitelisted domains.

PIN codes

We recommend the use of additional PIN codes if you'll be allowing employees' personally-owned devices to connect to Trillian and process PHI. When enabled, a Trillian-specific PIN code (on mobile devices) or the user's password (on desktop devices) will be required to unlock Trillian after a period of inactivity. Consider a physician who shares her iPad with her young children and adds their fingerprints to the unlock screen; an additional Trillian-specific PIN code will protect her from accidental PHI exposure (because her child can unlock the device and load Trillian) at the cost of an additional code to remember.

Retention periods

Retention periods can be set for chat history and media (images and files). You should evaluate your organization's business need to retain these categories of data and apply the correct retention periods to the same.

User access

Every user has their own unique username in order to identify them within the Trillian network. As employees leave the organization, you should disable their Trillian accounts administratively: doing so will kick them off actively-connected devices but perserve their data until you are ready to permanently delete it.