We should be fully HIPAA compliant for medical records very soon. We are working hard on implementing everything needed for it, but it might not be completed until the later this year (2020).
DocHub is encrypted from end-to-end (between you and the server), and files are stored in AWS (Amazon Web Services) using encrypted S3 storage. The details of the SSL encryption can be seen by clicking the green lock icon in your browser when visiting DocHub. We have designed the site to meet all the technical HIPAA requirements, however, being legally HIPAA compliant would also require us to have a BAA (Business Associate Agreement) with AWS which we have not done yet but expect to by the end of the year. We also aren’t signing any BAAs with any end users until that time. You can find out more about DocHub privacy and security at the links below:
As another step towards full HIPAA compliancy, we did recently undergo a 3rd party security assessment as a requirement to keep DocHub connected to Google Drive and Gmail, so we are also policed by Google's strict security and privacy policies.