HIPAA Compliant?

My organization is wanting to use OpenFire as part of interactions with customers, including protected health information. Our HIPAA compliance comes from the processes and protections around the chat server mostly, but I just need to know if OpenFire ever sends any data to third parties. Anyone know if any metrics, ad stuff, etc. are gathered and sent to anything outside by an OpenFire installation?

I think the only thing that Openfire sends outside is when it checks for new version of it or plugins. It sends its versions to our website. It also checks for news if RSS widget is not disabled on the home screen (though i’m not sure if it doesn’t pull them still on the background when they are disabled). I might be missing something. Maybe someone else will add.