Security and Compliance Overview
At DearDoc, the security of patient information and the integrity of healthcare data are our highest priorities. We utilize enterprise-grade security protocols and maintain rigorous compliance standards to ensure that healthcare providers can focus on patient care with total peace of mind.
Regulatory Compliance and Certifications
DearDoc is built to meet the stringent requirements of the healthcare and financial industries.
HIPAA Compliance
The platform is fully HIPAA compliant, ensuring all Protected Health Information (PHI) is handled according to federal standards.
Business Associate Agreements (BAA)
We provide and sign BAAs with our clients, legally codifying our commitment to safeguarding PHI as a Business Associate.
SOC 2 Type II Certification
Our systems undergo independent third-party audits to verify that our internal controls for security, availability, and confidentiality meet the SOC 2 Type II industry standard.
PCI DSS Level 1 Certified
For financial transactions, DearDoc maintains the highest level of payment security (Level 1), ensuring cardholder data is protected during every transaction.
Data Protection and Encryption
We employ multi-layered technical safeguards to protect data at rest and in transit.
256-bit AES Encryption
All sensitive information, including payment data and patient forms, is encrypted using 256-bit AES, one of the most secure encryption standards available.
End-to-End Encryption
Our digital patient forms utilize end-to-end encryption to prevent unauthorized interception of data as it travels from the patient to the provider.
Secure Infrastructure
DearDoc is hosted on Amazon Web Services (AWS), leveraging their world-class physical and network security infrastructure.
Secure EMR and EHR Integration
Our platform provides "deep connectivity" with over 96 different Electronic Medical Record (EMR) and Electronic Health Record (EHR) systems.
Real-Time Bi-directional Sync
Data is written directly into the health record system, eliminating manual data entry errors and maintaining data integrity.
Encrypted Data Transfers
All synchronization activities between DearDoc and your EMR are performed over secure, encrypted channels.
99.9% Uptime
We maintain high availability to ensure that your integration services and patient data remain accessible when you need them.
Patient Communication Security
We implement industry-standard protocols to protect patient communication channels.
A2P 10DLC Compliance
Our SMS and messaging services are registered and compliant with carrier-level 10-Digit Long Code (10DLC) standards to ensure identity verification and message delivery.
Consent Management
Our system includes automated tools to help practices obtain, document, and manage legally sufficient patient consent for SMS and email communications.
Automated Opt-Outs
Every automated message includes clear instructions for patients to unsubscribe (e.g., "Reply STOP"), ensuring compliance with TCPA regulations.
Privacy and Individual Rights
DearDoc respects the privacy rights of both providers and patients.
CCPA Rights
We support rights under the California Consumer Privacy Act, including the right for users to access, correct, or request the deletion of their personal information.
Data Minimization
We only collect information necessary to provide and improve our services, such as usage details and correspondence records.
Non-Disclosure Policy
We do not sell or share mobile information or text messaging opt-in data with third parties for marketing purposes.
Accessibility and Inclusion
We are committed to digital accessibility for all users.
WCAG 2.1 Level AA
We strive to conform to the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA standards to ensure our products are user-friendly for people with disabilities.
Contact Our Security Team
If you have questions about our security practices or wish to report a concern, please contact our support team.
Ready to grow your practice securely?
See how DearDoc protects your patients while growing your practice.
Get a Free Demo