Is Doximity HIPAA/HITECH Compliant?

Yes, the Doximity platform allows healthcare professionals to securely communicate while maintaining compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health Act (HITECH). All Doximity employees and contractors who work on our systems that facilitate healthcare communications are required to complete ongoing HIPAA and security training.


Our Commitments to Security:

  • Doximity’s team of security professionals ensures that our platforms and data are always protected by being SOC 2 Type 2 and HIPAA/HITECH certified.
  • All Doximity members must be registered and verified, U.S. healthcare professionals. Please see Doximity Terms of Service for more information.
  • Doximity includes a BAA with each member and Enterprise BAAs are available to health system clients. Please reach out to for more information.
  • We employ industry-leading encryption standards to protect all data in transit and at rest.
  • We utilize intrusion detection systems to monitor our applications and infrastructure. Intrusion attempts are blocked immediately.
  • Please see Our Security Page for more information.

The privacy of our members and their work is paramount. Please see the Doximity Privacy Policy for more information.

Need more information? Complete your request here and someone from our team will get back to you.

Have more questions? Submit a request

Don't see what you're looking for?