Last Updated: April 25, 2025
We understand that protecting patient information is essential. DashQuill follows HIPAA-eligible best practices and maintains safeguards that meet or exceed industry standards. All patient data submitted through our platform is encrypted in transit (via HTTPS) and at rest. Our infrastructure is hosted on Amazon Web Services (AWS) in U.S.-based regions, and we implement strict access controls to ensure that only authorized personnel may access sensitive data. You can read more about AWS's HIPAA compliance here.
Patient data stored on DashQuill is used solely to provide services to your office and facilitate the transfer of this information into your EHR (electronic health record). DashQuill employees do not access or manipulate patient data outside of strictly defined support circumstances. DashQuill retains submitted patient data unless otherwise requested by the client in writing, in accordance with applicable regulations and our data retention policies.
Because DashQuill's services may involve the handling of protected health information (PHI), a signed Business Associate Agreement (BAA) is required as part of the onboarding process for all HIPAA-covered entities. Please email contact@dashquill.com with any questions regarding your BAA.
DashQuill maintains robust internal security measures including access logging, monitoring, and permission-based controls to protect sensitive information. While we primarily serve small and medium-sized private practices, we also support enterprise environments that require advanced infrastructure such as custom DNS, SSO integration, and detailed compliance documentation—subject to scope and pricing discussions.
Accessibility is an important priority for DashQuill. We are actively working to align our platform with WCAG 2.1 AA standards and are evaluating certification options as part of our development roadmap.