When setting up your local network to work with doxy.me, we ask you to ensure that eight domains are whitelisted. In this article, we explain further what services those domains are for and how they assist doxy.me in maintaining our service.

tokbox and OpenTok (tokbox.com)

Doxy.me is built on top of the open-source real-time communication standard WebRTC. Real-time communication creates many challenges, including signaling and routing, adaptive quality adjustments, cross-platform support, scalability, and uptime, as well as error handling. By utilizing tokbox's OpenTok platform, doxy.me can focus less on the infrastructure required to deliver HIPAA-compliant real-time video and audio communications between a provider and patient, and instead focus on adding features needed for day-to-day telemedicine.

Doxy.me uses tokbox's OpenTok platform to implement screen sharing and group calling, proactively adapt to changes in network quality and ensure the service works in corporate environments without the need to change the network configuration and risk compromising user safety. Additionally, OpenTok ensures any call that takes place on doxy.me's service is end-to-end encrypted using AES-128, any errors are logged and archived using encryption for further investigation, and that all potentially sensitive or personally identifying data is made anonymous or completely removed from logs. 

Whitelisted domains: *.tokbox.com, *.opentok.com

Pubnub (pubnub.com)

Pubnub allows Doxy.me to detect in real-time when providers are online and in their waiting rooms, as well as when patients have arrived in the waiting room and are ready to be seen by their provider. This detection helps notify a provider that a patient is ready for care and prepares the service to start a video or audio call.

Doxy.me also utilizes Pubnub's robust infrastructure built to provide HIPAA-compliant real-time text-based chat. Pubnub's chat infrastructure is reliable, fast, end-to-end encrypted using AES-256, GDPR compliant and Privacy Shield certified, and protected from any unauthorized access or manipulation. 

Both of these features utilized by doxy.me allow providers to manage expectations and prioritize care while allowing patients to sit back and relax during what otherwise might be a very stressful and challenging time.

Whitelisted domains: pdnsn.com, *.pubnub.com

Xirsys (xirsys.com)

Xirsys provides global TURN, or relay, servers for doxy.me to use when connecting providers and patients. This relay network of servers assists in making the necessary connections across diverse and complex systems where network address translators and firewalls may complicate matters and even reject legitimate peer-to-peer connections between a provider and a patient seeking care. Most of the time, a call will just work. Sometimes, however, these TURN servers will be used to relay the connection to ensure a clear, consistent, and secure call.

Whitelisted domains: xirsys.com, *.xirsys.com

For mail services and password resets, please make sure to allow mandrillapp.com.

We maintain BAAs with all vendors as required under HIPAA

If you have any questions, please contact our support team.

Did this answer your question?