Like HIPAA, GDPR is an important privacy and security policy for those living in or providing care to patients in the European Union. Doxy.me is GDPR compliant on all of our paid plans.
Doxy.me allows you to comply with GDPR because:
- You can enable custom terms of service - GDPR requires specific opt-in for anyone that needs to comply with GDPR. You will need enable custom terms of service for your patients during check in. This requires you to be a Professional or Clinic user.
- Patient data is not stored - Doxy.me does not store personally identified information about your patients, therefor there are no additional requirements for data storage protections.
- We'll sign a Data Protection Addendum - GDPR requires we sign an EU Data Protection Addendum with you. To get the addendum signed, email email@example.com.
- We maintain an EU-U.S. and Swiss-U.S. Privacy Shield certification - We maintain an active certification under the Privacy Shield framework through the International Trade Administration, United States Department of Commerce to satisfy data export requirements.
- You can request to delete or update data - A user has the right to email firstname.lastname@example.org to correct, access, or delete information.
For any other GDPR questions about Doxy.me, contact our support team.