2 Million Medical Professionals Trust Doximity
More than two million medical professionals trust Doximity to help them manage important aspects of their professional and clinical lives.
To maintain their trust, Doximity’s team of security and privacy professionals, led by our Chief Technology Officer and Chief Compliance Officer, helps ensure that our platforms and data are always protected.
HIPAA Compliant
We do all of this in a manner consistent with current industry standards for data security, with HIPAA compliant communications tools. The privacy of our members and their work is paramount.
Members are provided with options designed to allow them to control their data, and they can request deletion of their data under applicable privacy laws and procedures.
We also do not share our members’ email or private/back office line with anyone beyond the colleagues that they expressly choose.
HIPAA & Security Training
All Doximity employees, as well as contractors who work on our systems that facilitate healthcare communications, are required to complete annual HIPAA privacy and security training along with data privacy and cyber security training.
Member Verification
Since our founding, Doximity has been architected physicians-first, with trust at the core of what we do. We verify the identities and qualifications of our medical professionals through integration with third-party databases.
Privacy & Security
Privacy and Security are both core to our ethos at Doximity. We respect the right to privacy and require all users of our services to only use the data their provided for the associated services being provided. We do not sell patient information. We take security seriously. Our platform is secure and facilitates encrypted HIPAA-compliant communications with patients. For additional information, please see the
Privacy
and
Data Security Policies.
Our approach to privacy and security aligns with the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure
Cybersecurity.
We continuously monitor our systems to improve and adapt.
Physician information that is posted to profiles is protected with anti-scraping technologies such as web application firewalls, runtime application self-protection, bot protection, and rate-limiting. Our network employs DDoS mitigation technology to protect against attacks.
Personal health information follows our highest encryption and protection standards. Ongoing penetration testing is conducted using internal testers and external firms.
Along with a dedicated in-house security team and contracted security researchers, we maintain a comprehensive bug bounty program that allows us to proactively and continuously battle-harden our security.