General

At Zocdoc, keeping your information secure is a top priority for us, and we are committed to the security and privacy of our users. This means we’re always working hard to safeguard your data and continually earn your trust. If you have questions regarding security, we are happy to answer them. Please write to Privacy@zocdoc.com and we will respond as quickly as we can.

Keeping Data Confidential

We place strict controls over our employees’ access to user data, and have technical controls and audit policies in place to ensure the confidentiality, integrity, and availability of user data. Our employees and contracted personnel working with any user data are bound to our policies, and we treat these issues as matters of the highest importance.

Privacy and Security Training

Everyone at Zocdoc receives regular training to ensure that we remain focused on privacy and security. This includes privacy training that covers the Health Insurance Portability and Accountability Act (“HIPAA”), which establishes national standards for protecting the identifiable health information of health plan beneficiaries and patients, and other relevant state and federal laws. We also ensure that our employees receive annual data security training, regardless of their role in the company.

Certifications and Audits

Zocdoc works with outside experts to maintain high standards and rigorous security practices. We hire third parties to test our services and processes as part of our recurring penetration testing program. In addition, we conduct HITRUST and SOC 2 Type II audits annually. Zocdoc has obtained Certified status (CSF) for information security by HITRUST.

Data Encryption

We employ industry standard technology to safeguard data. Our platform uses full volume encryption on all data stored at rest, with secure backups and robust backup policies. We also use Transport Layer Security (TLS) connections to transmit data over HTTPS.

Secure Storage

Zocdoc leverages secure cloud computing, including Amazon Web Services (AWS), to store data in physically and electronically secure facilities. For a list of all current AWS security accreditations, see the AWS Compliance Programs page.

Network Protection

In addition to sophisticated system monitoring and logging, we utilize robust administrative identity, authorization, accountability, and authentication controls (including multi-factor authentication), as well as intrusion prevention and detection controls to protect our platform.

Vulnerability Management

We have a vulnerability management policy that covers internal and external testing, including annual third-party penetration testing, to find and remediate vulnerabilities that may present a risk to our platform or data.

Logging and Monitoring

Zocdoc operates an extensive security information and events management system. Zocdoc maintains a centralized logging environment, which contains events pertaining to security, monitoring, availability, access, and other metrics about the platform. We review our logging and monitoring systems regularly, and respond promptly to automatic alerts.

Incident Management & Response

Zocdoc has incident management policies and procedures in place in the event of a security breach. This includes notifying users of any unauthorized access to their data in the event of a breach as defined under relevant state laws.

Product Security Practices

New features, functionality, and design changes go through a security review process facilitated by the Zocdoc development team. We utilize automated static analysis software, and our teams manually peer-review code prior to being deployed to production. The Information Security team works closely with development teams to resolve any security concerns that may arise during development.

Vendor Management

Zocdoc operates a vendor management program, which requires our Legal and Information Security Teams to evaluate all third party vendors, service providers and partners. We review each potential service provider to ensure that our vendors continue to meet Zocdoc’s strict security and legal standards.

Disaster Recovery

We maintain a disaster recovery plan that supports a robust business continuity strategy. This plan has been developed to meet industry standard methodologies and principles of high-availability engineering.

Still have questions or comments? Please reach out to Privacy@zocdoc.com or give us a call at (855) 962-3621.

Where can I learn more?

Privacy Policy: Our agreement with you that outlines how we collect, use, and share your data.

Terms of Use: Your rights, responsibilities, and relationship with Zocdoc and our providers.

Acceptable Use Policy: Guidelines for your appropriate use of our basic services.