Doxy.me
Doxy.me is a popular HIPAA compliant telemedicine platform used by doctors and therapists. It only works through web browsers – like Firefox, Chrome, or Safari – rather than as an app you download to your smartphone or computer. This means keeping your browser updated is crucial to protecting your privacy while online with your doctor. The telemedicine app is free for patients. Health providers and clinics must pay for the service. Doxy.me saw huge growth in 2020 because of the pandemic -- going from 80,000 users to over 750,000 in around six months. We’ll give them plenty of props for a clever April Fools joke they pulled announcing the release of their telemedicine app for dogs, Dogsee.me. Cute, and a fundraiser for a local animal rescue. Winning!
What could happen if something goes wrong?
When we reviewed Doxy.me in 2020, we found a number of worrying privacy and security concerns. In our conversations with the company, a lot of these seemed to come from the growing pains of adding so many users so quickly during the pandemic. We’re really happy to see Doxy.me appears to have cleaned up many of the concerns we had last year. They now require a strong password to login by healthcare providers, which they didn’t last year. Because patients don’t need to set up an account with Doxy.me to use the service (only healthcare providers do) they do not collect patient data, which is nice. There a still a couple of things users should be mindful of. Because Doxy.me runs only a web browser, it is crucial users keep their browsers up-to-date to ensure the best possible security. And a couple tips to help keep your telehealth session secure: Ask you healthcare professional if they've secured the session on their end, don't use public WiFi, be aware of any personally identifiable information in your background or on your screen, and turn of any nearby device that could record your conversation.
Can it snoop on me?
Camera
Device: N/A
App: Yes
Microphone
Device: N/A
App: Yes
Tracks location
Device: N/A
App: No
What can be used to sign up?
No
Phone
No
Third-party account
No
Users do not have to sign up for an account
What data does the company collect?
Personal
Doxy.me does not collect patient data, as they do not need to set up an account to make calls. For providers: Email address, First name and last name. Optional for providers: Specialty, Position or title, National Provider Identifier (NPI), States licensed to practice, Mobile number, Country phone number.
Body related
Social
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
No track record of data leaks so far. When we reviewed Doxy.me in 2020, we found a number of worrying privacy and security concerns. Now, it seems like these have been cleaned up.
Can this product be used offline?
User-friendly privacy information?
Privacy information is short and holistic. More Q&A format would be appreciated though.
Links to privacy information
Does this product meet our Minimum Security Standards?
Encryption
End-to-end encryption of the calls.
Strong password
For a sign up, a strong password is required (an update since 2020).
Security updates
According to Doxy.me, web platform is continually updated to respond to the latest security vulnerabilities and trends.
Manages vulnerabilities
Has a bug bounty program.
Comments
Got a comment? Let us hear it.