Doxy.me was designed and built to support the workflow of healthcare providers and that includes following necessary rules and regulations associated with HIPAA. Doxy.me complies with all these regulations.  

Doxy.me enables Covered Entities to be compliant with HIPAA in several ways: 

  • Does not permanently store Protected Health Information
  • Operates according to the Privacy and Security Rules
  • Conducts risk analysis and management 
  • Has disaster preparation plans in place 
  • Partakes in ongoing HIPAA training for all staff and contractors
  • Has a Privacy and Security officer
  • Utilizes a IDS (Intrusion Detection System) to monitor our infrastructure; Intrusion attempts are immediately blocked.
  • Actively employs file integrity monitoring, log monitoring, rootchecks, and process monitoring across our infrastructure
  • Performs a nightly scan of our infrastructure to check for malware with signatures updated daily
  • Uses industry-standard CIS Benchmarks and Security Content Automation Protocol (SCAP) recommended baseline configurations for all servers and images
  • Automatically encrypts data at rest using full volume encryption and 256-bit AES encryption keys and use Amazon Web Services EBS encryption backed by a FIPS 140-2 key management infrastructure
  • Conducts regular penetration testing using both internal and third-party testers
  • Signs a Business Associates Agreement 

Be sure to check with your legal counsel if you have specific questions regarding your compliance responsibilities with HIPAA. 

For any other non legal-specific questions about Doxy.me, reach out to our support team, and we'll be able to help.

Did this answer your question?