Practical safeguards for PHI-sensitive healthcare operations.

Dexzyle handles communication and documents in HIPAA-regulated workflows. Here is how the platform is actually built — stated plainly, without certification claims we haven't published evidence for.

Identity & access

Every user authenticates through AWS Cognito, with multi-factor authentication and idle-session timeout. Access is scoped by organization and facility, and role-based policy areas control who can read or act on each part of the platform — messaging, faxes, documents, provider review, and administration are separately permissioned.

Encryption & document access

Documents and faxes are stored in Amazon S3 with server-side encryption. Access to stored documents uses signed, expiring links rather than public URLs. All connections to the platform use HTTPS, and database connections are encrypted in transit.

Audit-oriented records

Fax activity is written to append-only event records that the application can add to but never modify or delete. User sessions are logged, and AI-assisted features write usage and audit entries to dedicated logs. These records support operational accountability and incident review.

AWS foundation & BAA

Dexzyle runs on AWS with a signed Business Associate Agreement covering the services that process PHI. AI features run on AWS Bedrock restricted to HIPAA-eligible regions, and every credential the platform uses is managed in AWS Secrets Manager — never hard-coded or shared. Dexzyle also executes a BAA with each customer whose PHI it handles — review our BAA template.

Controlled AI assistance

AI features are opt-in per organization and governed by entitlement tiers, token quotas, and usage analytics. AI supports document summaries and document-grounded questions — it does not make clinical decisions, and its activity is logged for review.

Data boundaries

Dexzyle integrates with your EHR, pharmacy, and document systems; it does not replace them or claim ownership of the chart. Integration data is scoped per organization, and what Dexzyle can read is confirmed with you during onboarding.

Questions about our security posture, BAA coverage, or a security review for your organization? Email support@dexzyle.com — we're glad to walk through the details.

Review security with your team

Bring your compliance and IT stakeholders to the demo — integration scope and access controls are part of the walkthrough.