Healthcare Privacy at Its Core
DoseDone is built with the principles of HIPAA in mind, applying strong security safeguards, responsible data practices, and transparent privacy policies to protect every user.
Our Commitment to Healthcare Privacy
DoseDone provides automated medication reminder calls and adherence monitoring tools. While our platform collects only minimal health-related information — medication schedules and reminder preferences — we recognize that this information is sensitive and must be handled with the highest level of care.
We have designed DoseDone to align with the core principles of the Health Insurance Portability and Accountability Act (HIPAA), applying technical, administrative, and physical safeguards that reflect healthcare-grade data protection standards.
Important Disclaimer: DoseDone is a reminder and adherence monitoring platform — not a Covered Entity or Business Associate under HIPAA by default. Whether HIPAA applies to your use of DoseDone depends on your organization's specific circumstances. Healthcare organizations subject to HIPAA should consult their legal or compliance teams when evaluating DoseDone's suitability for their environment.
That said, we proactively implement safeguards aligned with HIPAA principles because we believe it's the right standard for any platform that handles health-adjacent information.
HIPAA-Aligned Safeguards
DoseDone implements all three categories of HIPAA-required safeguards.
Administrative Safeguards
- Minimum necessary data collection policy
- Internal access control policies
- Workforce security training
- Business associate agreement framework
- Regular security risk assessments
Technical Safeguards
- 256-bit TLS encryption in transit
- Encrypted data at rest
- User authentication and session management
- Role-based access controls
- Audit logging of system access
Physical Safeguards
- Hosted on SOC 2-compliant cloud infrastructure
- Physical access restriction to server environments
- Geographically redundant data centers
- Continuous infrastructure monitoring
- Disaster recovery and business continuity plans
Minimum Necessary Data Principle
We collect what's needed to deliver the service — nothing more.
What We Collect
Only the minimum information necessary to deliver the service.
- Patient/beneficiary phone number
- Medication name and reminder schedule
- Caregiver contact details (if authorized)
- Call logs and adherence records
- Account credentials (hashed and salted)
What We Don't Collect
We do not require — and actively avoid — collecting sensitive clinical data.
- Medical diagnoses or conditions
- Full medical records or EHR data
- Insurance or billing information
- Social Security Numbers
- Financial account information
Trusted infrastructure partners
DoseDone relies on carefully selected infrastructure providers — including cloud hosting services and telecommunications providers responsible for delivering automated reminder calls. Each provider is selected with privacy and security requirements in mind.
These providers process information solely for the purpose of delivering DoseDone's service. They are contractually bound to maintain appropriate security standards and are prohibited from using data for any purpose other than service delivery.
User Responsibilities
Users are responsible for ensuring that phone numbers and contact details entered into DoseDone belong to individuals who have consented to receive automated reminder calls. Users should also ensure that information entered into the platform is accurate and appropriate for the reminder service.
Healthcare organizations using DoseDone as part of their care workflows should consult their compliance team to verify that the platform's data handling aligns with their specific regulatory requirements.
Questions About Data Protection?
Our team is happy to answer questions about security, privacy, and HIPAA alignment.