We are currently working on implementing everything needed for HIPAA compliance for medical records and are undergoing a 3rd party assessment. It should happen in the Spring or by Summer 2021.
DocHub is encrypted from end-to-end (between you and the server), and files are stored in AWS (Amazon Web Services) using encrypted S3 storage. The details of the SSL encryption can be seen by clicking the green lock icon in your browser when visiting DocHub. We have designed the site to meet all the technical HIPAA requirements, however, being legally HIPAA compliant would also require us to have a BAA (Business Associate Agreement) with AWS which we have not done yet but expect to by the end of the year. We also aren’t signing any BAAs with any end users until that time. You can find out more about DocHub privacy and security at the links below:
As another step towards full HIPAA compliancy, we did recently undergo a 3rd party security assessment by Bishop Fox as a requirement to keep DocHub connected to Google Drive and Gmail, so we are also policed by Google's strict security and privacy policies.