Dexzyle Docs

Appearance

Security & Compliance

Dexzyle is designed with healthcare security and HIPAA compliance as core principles.

Overview

Healthcare data requires the highest level of protection. Dexzyle implements multiple layers of security to protect PHI and ensure regulatory compliance.

Key Security Features

  • Invite-Only Access: Only verified, invited users can access the platform
  • Role-Based Permissions: Users see only information relevant to their role
  • End-to-End Encryption: All data encrypted in transit and at rest
  • Complete Audit Trails: Every action is logged for compliance and accountability
  • Data Residency Controls: Customer data stays in isolated, geographically-specific environments

HIPAA Compliance HIPAA

Dexzyle is designed to support HIPAA compliance for covered entities and business associates.

Technical Safeguards

  • Encryption of PHI in transit (TLS 1.3) and at rest (AES-256)
  • Unique user identification and authentication
  • Automatic logoff after inactivity
  • Audit controls and monitoring

Administrative Safeguards

  • Security training for all team members
  • Incident response procedures
  • Business associate agreements
  • Regular security assessments

Physical Safeguards

  • SOC 2 Type II certified data centers
  • Facility access controls
  • Workstation security policies
  • Device and media controls

Access Controls

Invite-Only Model

  • Users must be explicitly invited by authorized administrators
  • No self-service registration
  • Prevents phishing, spoofing, and unauthorized access

Role-Based Access Control (RBAC)

Common roles and their permissions:

RoleMessagingRx VisibilityDocumentsAdmin
Nurse✅ Full✅ Full✅ Full
Med Tech✅ Limited✅ Full✅ Full
Administrator✅ Full✅ Full✅ Full
Pharmacy✅ Limited✅ Updates✅ Send

Multi-Factor Authentication (MFA)

  • Optional or required MFA for all users
  • Support for authenticator apps (TOTP)
  • SMS backup codes
  • Remember trusted devices

Audit Trails

Every action in Dexzyle is logged for compliance and security:

What's Logged

  • User login/logout events
  • Message sending and viewing
  • Document uploads and accesses
  • Rx status checks
  • Administrative actions

Audit Log Details

  • Who: User ID, name, role
  • What: Action performed
  • When: Timestamp (UTC)
  • Where: IP address, device type
  • Context: Resident, order, or document affected

Retention

  • Audit logs retained for 7 years (configurable)
  • Immutable once written
  • Searchable and exportable for compliance reviews

Data Protection

Encryption

  • In Transit: TLS 1.3 for all connections
  • At Rest: AES-256 encryption for all stored data
  • Key Management: AWS KMS or Azure Key Vault

Data Residency

  • Customer data stored in isolated environments
  • Geographic controls (e.g., US-only, EU-only)
  • No cross-customer data sharing

Backups

  • Automated daily backups
  • 30-day retention (configurable)
  • Encrypted backups in separate regions
  • Regular restore testing

Compliance Certifications

Current

  • HIPAA Compliant: Technical, administrative, and physical safeguards
  • SOC 2 Type II: Annual audits
  • HITECH Compliant: Breach notification procedures

In Progress

  • HITRUST: Certification in progress
  • ISO 27001: Security management system

Incident Response

Breach Notification

If a security incident occurs:

  1. Detection: Automated monitoring and alerting
  2. Assessment: Determine scope and impact within 24 hours
  3. Containment: Immediate action to prevent further exposure
  4. Notification: Affected customers notified within 72 hours (HIPAA requirement)
  5. Resolution: Root cause analysis and remediation

Reporting

Best Practices

For Administrators

  • Enable MFA for all users
  • Review audit logs monthly
  • Remove access immediately when staff leave
  • Use strong password policies

For End Users

  • Never share login credentials
  • Log out when finished
  • Use strong, unique passwords
  • Report suspicious activity immediately

Additional Resources

Questions?

Contact our security team:

Healthcare Communication Platform

Copyright © 2025 Dexzyle