DentSignal

Security and HIPAA review

Review the BAA path, encrypted call path, and go-live gates without reading a wall of text.

This page is the short version: what you can verify now, what still needs clinic sign-off, and where to pull the BAA template before live traffic.

Email the compliance packDownload BAA template

BAA template ready

Download the template now or request a countersigned copy before live patient traffic.

Sandbox first

You can review the workflow in a no-PHI pilot before any live forwarding begins.

Encrypted path

PHI-touching routes stay inside TLS, field encryption, and BAA-covered vendors.

Go-live gated

No live patient calls until BAA, routing review, and clinic approval are complete.

What you can review now

Four things that actually matter before go-live.

01

Business Associate Agreement

DentSignal supports BAA review before live patient traffic. The download includes a real template for counsel and compliance review.

  • Template download available
  • Countersigned copy available on request
  • No live PHI routing before signature

02

Encryption and vendors

Traffic is encrypted in transit. Stored PHI fields use encryption at rest. The service chain stays limited to approved vendors for PHI workflows.

  • TLS 1.2+
  • Field-level encryption for PHI storage
  • Azure, ACS, Azure OpenAI, and Deepgram reviewed before go-live

03

Access controls

Patient-data routes are scoped to clinic identity and protected routes re-check access server-side.

  • Clinic-scoped auth checks
  • CSRF protection for session-changing routes
  • Cross-tenant regressions covered by tests

04

Audit and retention

Audit evidence and retention settings are part of the go-live review, not assumed by default.

  • Retention defaults reviewed with the clinic
  • Deletion paths keep audit tombstones
  • Launch evidence still requires dated sign-off
Before live patient traffic
  1. 01Review the BAA and retention defaults with your compliance lead.
  2. 02Confirm who receives urgent, billing, and uncertain handoffs.
  3. 03Run a dry-run call through the real handoff path.
  4. 04Approve live traffic only after the clinic signs off.
Clinic decisions
  • Recording disclosure or consent language required by your jurisdiction.
  • Which phone numbers forward to DentSignal and when staff take over.
  • Emergency policy, escalation owners, and final operational approval.
  • Retention preferences and user permissions for live traffic.

Related documents

Business Associate Agreement

Full HIPAA BAA text and acceptance record.

Open document

Privacy Notice

How DentSignal collects, uses, and protects data.

Open document

Terms of Service

Commercial terms governing DentSignal accounts.

Open document