2 Million Medical Professionals Trust Doximity
More than two million medical professionals trust Doximity to help them manage important aspects of their professional and clinical lives.
To maintain their trust, Doximity’s team of security and privacy professionals, led by our Chief Technology Officer and Chief Compliance Officer, ensures that our platforms and data are always protected.
HIPAA Compliant
The privacy of our members and their work is paramount. Our communications solutions are HIPAA compliant, providing medical professionals with a critical platform for protected communications.
Members are provided with options designed to allow them to control their data, and they can request deletion of their data under applicable privacy laws and procedures.
We also do not share our members’ email or private/back office line with anyone beyond the colleagues that they expressly choose.
HIPAA & Security Training
All Doximity employees, as well as contractors who work on our systems that facilitate healthcare communications, are required to complete annual HIPAA privacy and security training along with data privacy and cyber security training.
Clinician Verification
Since our founding, Doximity has been architected physicians-first, with trust at the core of what we do. We verify the identities and qualifications of our medical professionals through integration with third-party databases.
Privacy & Security
Our approach to
privacy
and
security
aligns with the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure
Cybersecurity.
We continuously monitor our systems to improve and adapt.
Physician information that is posted to profiles is protected with anti-scraping technologies such as a web application firewalls, runtime application self-protection, bot protection, rate-limiting, and our network employs DDoS mitigation technology to protect against attacks.
Personal health information follows our highest encryption and protection standards. Ongoing penetration testing is conducted using internal testers and external firms.
Along with a dedicated in-house security team and contracted security researchers, we maintain a comprehensive bug bounty program that allows us to proactively and continuously battle-harden our security.
