We designed and built doxy.me to support the workflow of healthcare providers, and that includes following all necessary rules and regulations associated with HIPAA.

Covered Entities using our platform are compliant with HIPAA, because doxy.me: 

  • does not permanently store Protected Health Information.
  • operates according to the Privacy and Security Rules.
  • conducts risk analysis and management. 
  • has disaster preparation plans in place.
  • partakes in ongoing HIPAA training for all staff and contractors.
  • has a Privacy and Security officer.
  • utilizes an IDS (Intrusion Detection System) to monitor our infrastructure; Intrusion attempts are immediately blocked.
  • actively employs file integrity monitoring, log monitoring, rootchecks and process monitoring across our infrastructure.
  • performs a nightly scan of our infrastructure to check for malware with signatures updated daily.
  • uses for all servers and images the baseline configurations recommended by industry standard CIS Benchmarks and Security Content Automation Protocol (SCAP).
  • automatically encrypts data at rest using full volume encryption and 256-bit AES encryption keys and use Amazon Web Services EBS encryption backed by an FIPS 140-2 key management infrastructure.
  • conducts regular penetration testing using both internal and third-party testers.
  • signs a Business Associates Agreement.

Be sure to check with your legal counsel if you have specific questions regarding your compliance responsibilities with HIPAA. 

For any other non legal-specific questions about doxy.me, reach out to our support team, and we'll be able to help.

Did this answer your question?