Doximity signs a BAA and offers secure messaging — but only verified clinicians can use it, and not every feature on the platform is covered.
Get started for freeYes, with conditions. Doximity signs a Business Associate Agreement automatically when a clinician registers, and its designated secure tools — messaging, eFax, Dialer, and Scribe — are covered under that BAA. However, Doximity is limited to verified healthcare professionals. Medical assistants, front desk staff, billing coordinators, and other non-clinician roles cannot create accounts. Doximity's social network features — news feed, public profiles, colleague connections — are not covered by the BAA.
Doximity enters into a Business Associate Agreement with each individual user upon registration. The BAA identifies the "Doximity App, Dialer, and Scribe" as appropriately secure for the communication of protected health information. Institutional BAAs are available as part of Doximity's Enterprise solutions.
Source: Doximity SecurityDoximity requires credential verification and is available only to licensed healthcare professionals — physicians, NPs, PAs, pharmacists, and similar roles. Medical assistants, care coordinators, front desk staff, and billing personnel cannot create Doximity accounts. If your communication needs include non-clinician staff at external organizations, Doximity cannot serve that use case.
Source: Doximity Terms of ServiceDoximity is fundamentally a professional social network for physicians with secure messaging layered on top. Public profiles are viewable by default. The BAA covers only designated secure communication tools — not the news feed, public posts, colleague connections, or profile information. PHI shared through non-secure features would not be protected under the BAA.
Source: Doximity BAADoximity's free and Pro tiers include the individual BAA and access to secure messaging. However, they do not provide the admin controls required for organizational HIPAA compliance programs — SSO, automated user management, call log reporting, and EMR integration are available only on the Enterprise tier.
Source: Doximity SecurityDoximity mentions general log monitoring and external log shipping, but does not document granular per-message audit trails, role-based access controls for message-level permissions, or remote device wipe capabilities in its public security documentation.
Source: Doximity SecurityDoximity's security page states: "Doximity's platform allows healthcare professionals to securely communicate while maintaining compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health Act (HITECH)." Doximity also states that it enters into a BAA with each individual user upon registration.Source: Doximity Security
Required plan: Doximity Enterprise (for organizational HIPAA compliance with admin controls)
Enterprise pricing is not published — contact Doximity sales. Individual clinicians can use Doximity's secure messaging with the automatic BAA, but organizational compliance requires Enterprise for admin controls. The clinician-only restriction means most healthcare organizations will need a second communication tool for non-clinical staff.
Purpose-built HIPAA messaging for everyone in your organization — clinicians and non-clinical staff alike. Signed BAA on every plan, including the free plan. Cross-organization messaging is free.
Enterprise clinical messaging platform used by hospitals and health systems. Includes role-based routing and EHR integrations.
HIPAA-compliant communication platform for medical practices with secure messaging, phone, fax, and telehealth in one system.
For a detailed comparison, see BloomText vs Doximity.
Yes, conditionally. Doximity signs a BAA automatically at registration and its designated secure tools — messaging, eFax, Dialer, and Scribe — are covered. However, Doximity is limited to verified clinicians, its social network features are not covered by the BAA, and organizational admin controls require Enterprise.
Yes. Doximity enters into an individual BAA with each user upon registration. Institutional BAAs are available for Enterprise customers. The BAA covers Doximity's secure communication tools but not its social networking features.
No. Doximity requires credential verification and is available only to licensed healthcare professionals. Medical assistants, front desk staff, billing coordinators, and care coordinators cannot create Doximity accounts. If you need to communicate with non-clinician staff, you will need a different HIPAA-compliant messaging tool.
The BAA covers only Doximity's designated secure communication tools — messaging, eFax, Dialer, and Scribe. The news feed, public profiles, colleague connections, and other social network features are not covered. PHI should never be shared through non-secure features.
Last verified May 29, 2026.
