HIPAA Compliance
Protecting patient data is at the core of everything we build. DearDoc is fully HIPAA compliant, ensuring your practice and your patients' information are always secure.
Our commitment to security
As a healthcare technology company, we understand the critical importance of protecting Protected Health Information (PHI). DearDoc maintains comprehensive administrative, physical, and technical safeguards in compliance with the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and its subsequent amendments.
Our security program is designed to meet or exceed the requirements set forth by HIPAA, HITECH, and applicable state privacy laws, ensuring that your patients' data is handled with the highest level of care and protection.
How we protect your data
End-to-end encryption
All patient data is encrypted in transit and at rest using AES-256 encryption, the same standard used by major financial institutions.
Secure infrastructure
Our platform is hosted on SOC 2 Type II certified infrastructure with 99.99% uptime, regular security audits, and automated threat detection.
Access controls
Role-based access controls ensure that only authorized personnel can access patient information, with comprehensive audit logging.
Business Associate Agreements
We execute BAAs with all covered entities and maintain strict compliance with HIPAA's Privacy, Security, and Breach Notification Rules.
Employee training
All DearDoc employees complete annual HIPAA training and are bound by strict confidentiality agreements.
Incident response
We maintain a comprehensive incident response plan with defined procedures for identifying, containing, and reporting any potential breaches.
Questions about compliance?
Our security team is happy to answer any questions about our HIPAA compliance program or provide documentation for your records.
Contact security team