Dawin

Schedule a Demo
Start Free Trial
Menu
Schedule a Demo
Start Free Trial

HIPAA Compliance

Dawin is fully compliant with the Health Insurance Portability and Accountability Act (HIPAA) to protect patient health information

Our HIPAA Commitment

As a healthcare technology provider handling Protected Health Information (PHI), Dawin takes HIPAA compliance seriously. We have implemented comprehensive administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of all PHI processed through our platform.

HIPAA Security Rule Compliance

Administrative Safeguards

  • Security management processes
  • Assigned security responsibility
  • Workforce training and management
  • Information access management
  • Security awareness training
  • Security incident procedures
  • Contingency planning
  • Business associate agreements

Physical Safeguards

  • Facility access controls
  • Workstation security policies
  • Device and media controls
  • Secure data centers (SOC 2 certified)
  • Environmental controls
  • Visitor logs and monitoring
  • Secure disposal procedures

Technical Safeguards

  • Access controls and unique user IDs
  • Multi-factor authentication
  • Automatic logoff procedures
  • End-to-end encryption (AES-256)
  • Audit controls and logging
  • Integrity controls
  • Transmission security (TLS 1.3)

Encryption at Rest and in Transit

All Protected Health Information is encrypted using AES-256 encryption when stored and TLS 1.3 during transmission. This ensures that patient data remains secure both in our databases and while being transferred between systems.

Role-Based Access Control

Access to PHI is strictly controlled through role-based permissions. Only authorized personnel with a legitimate need can access patient information, and all access is logged and monitored.

Comprehensive Audit Trails

Every access to PHI is logged with detailed audit trails including user ID, timestamp, and action performed. These logs are regularly reviewed and retained for compliance purposes.

Disaster Recovery and Backup

We maintain automated backups with geographically distributed redundancy. Our disaster recovery plan ensures business continuity and data availability even in the event of system failures.

Regular Compliance Activities

Annual Risk Assessments

Comprehensive security risk analyses conducted annually to identify and address potential vulnerabilities

Third-Party Audits

Independent security audits and penetration testing by certified professionals

Staff Training

Regular HIPAA compliance training for all employees with access to PHI

Policy Updates

Continuous review and updates to security policies and procedures

Questions About HIPAA Compliance?

Our compliance team is ready to answer your questions

Contact Us
Start Secure Trial