HIPAA Compliant

HIPAA Compliance

DDSBridge is designed from the ground up for HIPAA-regulated healthcare environments. Here's how we protect your patients' data.

End-to-End Encryption

Every DDSBridge session uses NaCl-based end-to-end encryption. Screen data, keyboard input, and file transfers are encrypted between the two endpoints. DDSBridge cannot access your session content — even if compelled.

Private Infrastructure

DDSBridge relay servers run on dedicated infrastructure in US-based data centers. No shared public relays. No third-party cloud services processing your session data. Full data sovereignty.

Business Associate Agreement

We provide a signed BAA to every DDSBridge subscriber at no additional cost. Our BAA covers the relay infrastructure, client software, and all managed support interactions.

Audit Logging

Full session audit trails including connection timestamps, device IDs, session duration, and user identifiers. Audit logs are retained for 12 months and available for export on request.

Key Management

Encryption keys are generated and stored exclusively on your DDSBridge server instance. Keys are never transmitted externally. You maintain full control of your encryption key pair.

Zero-Knowledge Architecture

Our relay infrastructure facilitates encrypted connections but has no ability to decrypt session content. This zero-knowledge design ensures that a breach of our relay servers would not expose patient data.

HIPAA Security Rule Safeguards

DDSBridge implements all three categories of safeguards required by the HIPAA Security Rule.

Administrative Safeguards

  • Designated security officer oversight
  • Workforce training on HIPAA requirements
  • Incident response procedures documented and tested
  • Business Associate Agreements with all subprocessors
  • Regular risk assessments and security reviews

Physical Safeguards

  • Dedicated server instances (no multi-tenancy)
  • US-based data center facilities with SOC 2 compliance
  • Encrypted persistent storage for server configuration
  • Access controls limited to authorized personnel

Technical Safeguards

  • NaCl end-to-end encryption for all sessions
  • Unique encryption key pairs per server deployment
  • TLS 1.3 for all web and API communications
  • Automatic security patching and updates
  • Connection audit logging with tamper detection
  • No plaintext storage of credentials or keys

Request a BAA

Business Associate Agreements are included with every DDSBridge subscription at no additional cost. Contact us to get your BAA signed and on file.

Request BAA