We are currently working on implementing everything needed for HIPAA compliance for medical records.
DocHub is encrypted from end-to-end (between you and the server), and files are stored in AWS (Amazon Web Services) using encrypted S3 storage. The details of the SSL encryption can be seen by clicking the green lock icon in your browser when visiting DocHub.
We have designed the site to meet all the technical HIPAA requirements, however, being legally HIPAA compliant would also require us to have a BAA (Business Associate Agreement) with AWS which we have not done yet but expect to very soon. We also aren’t signing any BAAs with any end users until that time. You can find out more about DocHub privacy and security at the links below:
3rd Party Security Assessments
DocHub frequently undergoes security assessments, required by Google, in order for us to use Google API Services for Sign in with Google and to be able to connect a user's Google Drive and Gmail to DocHub via their restricted scopes. These are conducted by Bishop Fox, an authorized Google-empaneled third-party party assessor. We must pass and meet all security requirements on a regular basis.