HIPAA Compliance & Data Security

How DocDraft protects patient health information

Our Commitment

DocDraft is built with healthcare privacy as a core principle. We understand that medical professionals handle sensitive patient information every day, and we've designed every aspect of our platform to ensure that protected health information (PHI) is handled with the highest level of care and security.

How We Protect Your Data

🚫 No Data Storage

Documents are generated in real-time and never stored on our servers. The workflow is simple: generate → copy or download → done. There is no document history, no patient records retained, and no database of previously generated content. Once you leave the page, the data is gone.

☁️ HIPAA-Compliant AI Processing

All AI processing is handled through Amazon Web Services (AWS) Bedrock, which is covered under a Business Associate Agreement (BAA). This means the AI infrastructure itself meets HIPAA requirements for handling protected health information.

🔐 Encryption in Transit

All data transmitted between your browser and our servers is encrypted using TLS/SSL (HTTPS). This ensures that patient information cannot be intercepted during transmission.

🧠 No Training on Your Data

Patient information entered into DocDraft is never used to train AI models. Your clinical data is used solely to generate the requested document and is not retained for any other purpose.

⚡ Stateless Architecture

DocDraft uses a stateless architecture — no PHI is persisted in any database, log, cache, or file system. Each document generation request is independent and self-contained.

AWS Bedrock & Business Associate Agreement

AWS Bedrock provides HIPAA-eligible AI services under Amazon's Business Associate Agreement (BAA). AWS maintains comprehensive compliance programs including SOC 1/2/3, ISO 27001, and HIPAA. By routing all AI processing through Bedrock, DocDraft ensures that the AI layer of our infrastructure meets the same rigorous standards required for healthcare data processing.

Best Practices for Users

Use secure networks — Avoid generating documents on public or unsecured Wi-Fi networks
Protect your credentials — Do not share your DocDraft login credentials with others
Review before use — Always review AI-generated documents for accuracy before submitting or sharing with patients
Close sessions — Log out when you're finished, especially on shared workstations
Keep browsers updated — Use the latest version of your browser for the best security

Business Associate Agreement

DocDraft's Terms of Service include a comprehensive Business Associate Agreement (BAA) that takes effect automatically upon use of the Service. Enterprise customers can also view our standalone Business Associate Agreement for reference or record-keeping.

Contact

Questions about our security practices or HIPAA compliance? Contact us at security@docdraft.app.