Maintaining a secure platform involves several factors, processes, and responsibilities.
Our responsibility to maintain security
Doxy.me complies with the security and privacy requirements of the healthcare industry. Here are the following ways we maintain security:
- Patient data is not stored, as a result there is no protected health information (PHI) for someone to steal.
- Point-to-point NIST-approved AES 128 bit encryption is used for all video & audio communication
- Full volume encryption and 256-bit AES encrypted keys used on data stored at rest
- Only HIPAA and HITECH compliant servers are used
- Constant OSSEC intrusion detection, file integrity monitoring, log monitoring, rootcheck, and process monitoring are used
- Signed Business Associates Agreement provided
- Annual HIPAA risk assessments conducted
- Auditing, logging, backup and disaster recovery policies and procedures in place
Your responsibility to maintain security
To comply with HIPAA you also have some responsibilities while using Doxy.me:
- Sign the Business Associates Agreement
- Do not share your login email and password
- Keep your browser, operating system and software up to date
- Install and utilize antivirus and firewall programs
For any other privacy and security questions, contact our support team.