Compliance
HIPAA Compliance
Dentlo is fully HIPAA-compliant. We treat the security and privacy of patient health information as our highest priority.
Our Commitment to HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient data. As an AI receptionist that handles patient calls and integrates with practice management systems, Dentlo is classified as a Business Associate under HIPAA.
We take this responsibility seriously. Our platform is designed from the ground up with HIPAA compliance at its core — not as an afterthought. Every feature, every integration, and every process is built to safeguard Protected Health Information (PHI).
What We Protect
Protected Health Information (PHI) includes any individually identifiable health information transmitted or maintained by Dentlo. This includes:
- Patient names, addresses, and contact information
- Appointment details and scheduling data
- Insurance and billing information
- Treatment history and dental records
- Call recordings and transcripts containing health information
- Any data exchanged with practice management systems
Security Measures
How we safeguard your data
Our multi-layered approach to security ensures PHI is protected through administrative, physical, and technical safeguards.
256-bit AES Encryption
All patient data is encrypted at rest using AES-256 and in transit using TLS 1.3, ensuring data remains protected at every stage.
SOC 2 Type II Certified
Our infrastructure undergoes rigorous annual audits to verify that security controls meet the highest industry standards.
Business Associate Agreements
We execute BAAs with every covered entity and ensure all sub-processors meet HIPAA requirements before handling PHI.
Access Controls
Role-based access control, multi-factor authentication, and least-privilege policies ensure only authorized personnel access PHI.
Regular Risk Assessments
We conduct comprehensive risk assessments at least annually, identifying and mitigating potential vulnerabilities proactively.
Breach Notification
In the unlikely event of a breach, we follow strict notification procedures compliant with HIPAA Breach Notification Rule timelines.
Administrative Safeguards
- Security Officer: A designated HIPAA Security Officer oversees all compliance activities
- Employee Training: All team members complete HIPAA training upon hire and annually thereafter
- Policies & Procedures: Comprehensive written policies govern how PHI is handled across every department
- Incident Response: A documented incident response plan ensures rapid investigation and resolution of any security events
- Vendor Management: All sub-processors and vendors with access to PHI are vetted and bound by BAAs
Physical Safeguards
- Data Center Security: Our infrastructure is hosted in SOC 2 Type II and ISO 27001 certified data centers with 24/7 physical security, biometric access, and surveillance
- Workstation Security: All employee devices are encrypted, managed, and protected with endpoint detection and response (EDR)
- Media Disposal: Secure destruction procedures for any physical or digital media containing PHI
Technical Safeguards
- Encryption: AES-256 at rest, TLS 1.3 in transit for all PHI
- Access Control: Role-based access with multi-factor authentication and session management
- Audit Logging: Comprehensive audit trails for all access to and modifications of PHI, retained for a minimum of 6 years
- Network Security: Firewalls, intrusion detection, and network segmentation isolate PHI from other systems
- Automatic Logoff: Sessions time out after periods of inactivity to prevent unauthorized access
Business Associate Agreements
Dentlo executes a Business Associate Agreement (BAA) with every covered entity before processing any PHI. Our BAA outlines:
- Permitted and required uses of PHI
- Safeguards we implement to prevent unauthorized use or disclosure
- Breach notification obligations and timelines
- Requirements for sub-contractor compliance
- Procedures for returning or destroying PHI upon termination
To request a BAA or discuss compliance requirements, contact our compliance team at compliance@dentlo.ai.
Questions About Compliance?
Our compliance team is available to answer any questions about our HIPAA practices, execute BAAs, or provide documentation for your records.