Security
DeskMD Security and HIPAA Compliance: BAAs, Encryption, Audit Logs
The technical detail behind DeskMD’s HIPAA claim: BAAs, encryption, audit logs, tenant isolation, PHI deletion, and honest launch gates.
Subprocessors
Every PHI processor needs a signed agreement.
DeskMD uses subprocessors across the categories of cloud hosting, telephony, database, payment processing, and voice AI. Some subprocessor BAAs are negotiated through a vendor questionnaire process; the complete current subprocessor list with BAA status is provided as part of the BAA package upon contract signing.
Controls
What the site can say honestly.
Customer BAA
DeskMD signs a BAA with customers before PHI production workflows.
Encryption
AES-256 at rest and TLS 1.2+ in transit are the design targets.
Tenant isolation
Accounts and users are scoped so one practice cannot see another practice’s calls.
Deletion workflow
Patient-deletion and PHI-redaction workflows exist for privacy operations.
SOC 2 plan
SOC 2 should be described as planned, not certified, unless the audit is complete.
FAQ
Security questions.
What subprocessors does DeskMD use?
DeskMD uses subprocessors for cloud hosting, telephony, database, payment processing, voice AI, and email delivery. The complete current list with BAA status is provided as part of the BAA package upon contract signing.
Is DeskMD SOC 2 certified?
Do not claim SOC 2 certification unless an audit has been completed.
How does breach notification work?
The breach notification SLA and workflow should be defined in the customer BAA and incident-response policy.
Compare further
Related comparisons + alternatives.
HIPAA compliant answering service · After-hours coverage · Virtual receptionist · Pricing
Stop missing calls. Start sleeping at night.
Give patients a real answer after hours and give your team a clean record in the morning.