Dexzyle handles communication and documents in HIPAA-regulated workflows. Here is how the platform is actually built — stated plainly, without certification claims we haven't published evidence for.
Every user authenticates through AWS Cognito, with multi-factor authentication and idle-session timeout. Access is scoped by organization and facility, and role-based policy areas control who can read or act on each part of the platform — messaging, faxes, documents, provider review, and administration are separately permissioned.
Documents and faxes are stored in Amazon S3 with server-side encryption. Access to stored documents uses signed, expiring links rather than public URLs. All connections to the platform use HTTPS, and database connections are encrypted in transit.
Fax activity is written to append-only event records that the application can add to but never modify or delete. User sessions are logged, and AI-assisted features write usage and audit entries to dedicated logs. These records support operational accountability and incident review.
Dexzyle runs on AWS with a signed Business Associate Agreement covering the services that process PHI. AI features run on AWS Bedrock restricted to HIPAA-eligible regions, and every credential the platform uses is managed in AWS Secrets Manager — never hard-coded or shared. Dexzyle also executes a BAA with each customer whose PHI it handles — review our BAA template.
AI features are opt-in per organization and governed by entitlement tiers, token quotas, and usage analytics. AI supports document summaries and document-grounded questions — it does not make clinical decisions, and its activity is logged for review.
Dexzyle integrates with your EHR, pharmacy, and document systems; it does not replace them or claim ownership of the chart. Integration data is scoped per organization, and what Dexzyle can read is confirmed with you during onboarding.
Questions about our security posture, BAA coverage, or a security review for your organization? Email support@dexzyle.com — we're glad to walk through the details.
Bring your compliance and IT stakeholders to the demo — integration scope and access controls are part of the walkthrough.