Yes. All messages are end-to-end encrypted in transit and encrypted at rest, audit-logged, and access-controlled to the practice’s user roster. PHI mentioned in messages is contained within the same secure boundary as the chart itself, and MD Synergy signs a BAA with every practice.