This site does not meet the criteria necessary to be called HIPAA compliant. It is important that you do not use the site in ways in which HIPAA would be required.
How can you use this product if it's not HIPAA compliant?
HIPAA compliance covers the treatment of PHI (Protected Health Information). Our product helps manage the progress and steps involved in the treatment of complex dental therapies. Our product is not intended as a PHI storage service and therefore you can benefit fully from the product without much hindrance. We have a few recommendation for how to keep the information you store anonymized.
Keep personally identifiable information to a minimum.
An outsider should not be able to link the info you add to the site to an individual.
Do not use a patient's full name.
Do not use a patient's email address.
Do not use a patient's insurance number.
Do not use full face images.
This list is not inclusive and only serves as a guide for best practices.
Security Measures We Take
Data in transit is always encrypted.
All connections are served over HTTPS and never HTTP
Data is siloed.
Each customer's data is stored in a separate database. No two customers share a database. Each customer has separate database credentials that cannot access any other databases.
Your data is only accessible by logging in. It is not exposed publicly to the internet.
The VPS (virtual private server) we use is only shared amongst the other customers of this site and does not host any other websites.