Patient FormsPatient MessagingFaxingTelehealth
PracticeFusionAdvancedMDEClinicalWorks
Pricing
About
PlatformLegacy Forms
Book a demo

HIPAA Compliance

Last Updated: March 10, 2026

Data Protection & Infrastructure

DashQuill protects patient health information (PHI) using industry-standard encryption at every layer. All patient data is encrypted at rest using AES-256 encryption, and all connections are secured with TLS encryption over HTTPS. Our infrastructure is hosted exclusively in U.S. regions on AWS and Microsoft Azure (us-east, us-west), ensuring data residency within the United States.

PHI is retained for a minimum of six years in accordance with HIPAA requirements. Clients may request deletion of their data at any time after exporting it from the platform, at which point DashQuill will remove all associated PHI from its systems. DashQuill integrates with major EHR and practice management systems — including Practice Fusion, AdvancedMD, eClinicalWorks, athenaHealth, and DrChrono — to securely transfer patient data.

Security Controls & Monitoring

DashQuill enforces strict access controls to ensure only authorized personnel can access PHI. Users are assigned roles with defined permissions through role-based access control (RBAC), and multi-factor authentication (MFA) is available for all accounts. DashQuill personnel access PHI only in defined support scenarios, in accordance with internal policies.

We maintain comprehensive audit logs that track all access, modifications, and deletions of PHI, including timestamps and user identifiers. These logs support compliance reviews, incident investigations, and ongoing security monitoring. In addition to technical controls, DashQuill maintains administrative and physical safeguards including workforce policies, device management, and secure access procedures.

Compliance & Incident Response

All HIPAA-covered entities are required to execute a Business Associate Agreement (BAA) during onboarding. DashQuill maintains a documented incident response and breach notification plan — in the event of a security incident involving PHI, affected parties and relevant authorities will be notified in accordance with HIPAA breach notification requirements. All staff who handle or have access to PHI receive HIPAA compliance training, and we conduct security risk assessments to identify and address potential vulnerabilities on an ongoing basis.

DashQuill is currently pursuing SOC 2 Type II certification. We are also actively working toward WCAG 2.1 AA accessibility standards and evaluating accessibility certification options. To request a BAA or ask questions about our compliance practices, contact us at contact@dashquill.com.

Contact Us

For questions about HIPAA compliance, security practices, or to request a Business Associate Agreement: