Enterprise-Grade Security

Security & HIPAA Compliance

DOKit is engineered from the ground up for healthcare and other regulated industries. We implement rigorous security controls and maintain full HIPAA compliance to protect your most sensitive data.

HIPAA

Fully Compliant

BAA

Available

GDPR

Ready

256

AES-256

Encryption

HIPAA COMPLIANCE

Complete HIPAA Compliance Program

DOKit maintains a comprehensive HIPAA compliance program covering all administrative, physical, and technical safeguards required for handling Protected Health Information (PHI).

Administrative Safeguards

  • Designated Security Officer
  • Comprehensive security policies
  • Regular workforce training
  • Annual risk assessments
  • Incident response procedures

Physical Safeguards

  • Secure US-based data centers
  • 24/7 facility monitoring
  • Biometric access controls
  • Redundant power & cooling
  • Secure media disposal

Technical Safeguards

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Unique user identification
  • Automatic session timeout
  • Complete audit logging

SECURITY FEATURES

Enterprise Security Architecture

DOKit employs defense-in-depth security with multiple layers of protection for your sensitive data.

Military-Grade Encryption

All PHI and sensitive data is protected with AES-256 encryption at rest — the same standard used by government agencies. Data in transit is secured with TLS 1.3, the latest encryption protocol available.

  • AES-256 encryption at rest
  • TLS 1.3 for all connections
  • Automatic key rotation

Strict Access Controls

Role-based access control (RBAC) ensures users only access the minimum data necessary for their role. All access is logged and auditable, with multi-factor authentication enforced.

  • Role-based permissions (RBAC)
  • Multi-factor authentication
  • SSO/SAML integration

Comprehensive Audit Logging

Every access to PHI is logged with timestamp, user identity, and action taken. Audit logs are tamper-proof, retained for 7 years, and available for compliance reporting.

  • Complete audit trail
  • 7-year log retention
  • Exportable compliance reports

Network Security

Our infrastructure is deployed in private network segments with no direct internet exposure. Multiple layers of firewalls, intrusion detection, and DDoS protection secure all traffic.

  • Private VPC deployment
  • Web Application Firewall (WAF)
  • 24/7 intrusion detection

DATA PROTECTION

PHI Handling & Data Retention

Your data is handled with the utmost care. We implement strict controls on how PHI is processed, stored, and retained.

Secure Document Processing

  • Documents processed in isolated, encrypted containers
  • AI processing uses HIPAA-compliant endpoints with BAAs
  • No document data used for AI model training — ever
  • Complete tenant isolation — your data never mixes with others

Data Retention Controls

  • Configurable retention periods (7-365 days)
  • On-demand data deletion with certificate of destruction
  • Zero-retention mode for highly sensitive workflows
  • Secure cryptographic erasure

24-Hour Breach Notification Commitment

In the unlikely event of a security incident involving PHI, we commit to notifying affected customers within 24 hours of discovery — exceeding the HIPAA requirement of 60 days. Our incident response team is available 24/7 and conducts regular breach response drills.

Business Associate Agreement

We provide signed Business Associate Agreements (BAAs) to all customers handling Protected Health Information. Our BAA covers all DOKit services and establishes our commitments to safeguard your PHI.

Request BAA View BAA Details

Questions about security?

Our security team is happy to discuss your compliance requirements.

Contact Security Team

Or email us at security@dokit.ai