We talked about HIPAA compliance in our last blog post - we would also like to address security, since that’s an important part of a telehealth visit.
The reason it’s so important is more than a fear of zoombombing; you put a lot of trust into your doctor any time you visit. There is an inherent trust in a doctor/patient relationship.(That’s part of why HIPAA compliance rules exist.) You want your visit to feel secure and private, whether you’re walking into a doctor’s office or calling into a doctor’s online waiting room.
Three things to remember about Doxy.me calls:
- All data is encrypted
- Your sessions are anonymous
- No information is ever stored
What happens on doxy.me stays...nowhere. No data is ever kept or stored anywhere, which means we have no record of who calls who.
Where other solutions utilize proprietary technology, Doxy.me uses a vetted open-source technology called WebRTC to facilitate telemedicine calls. This technology has a number of security controls in place by default. This includes requiring calls to be end-to-end encrypted for both audio and video streams as well as any data stream, requiring the signaling (connection negotiation) process to utilize encryption by default with no way to turn that off, and required browser-level camera and microphone permission granted by the device user.
Doxy.me only supports the most recent versions of the big four browsers (Google, Apple, Mozilla and Microsoft) which providers update about every 6-8 weeks in response to any vulnerabilities or security concerns. Relying on the browser means end-users are in trusted hands already and Doxy.me merely stands on the shoulders of those giants.
If you’re getting in touch with a doctor, there’s something on your mind. At Doxy.me, we want to eliminate any privacy worries so that you can focus on your health and the excellent service that your doctor provides.