DentSignal
Back to Home

Security

HIPAA, encryption, access control, and rollout boundaries

This page is for practice owners and compliance reviewers validating DentSignal before live patient traffic. It keeps the current controls and the clinic responsibilities in one place.

Send any compliance questions before go-live. We respond within one business day.

HIPAA Compliant

All PHI processed on BAA-covered infrastructure

256-bit Encryption

TLS in transit, AES-256 at rest

BAA Available

Download template

Current controls

What reviewers should look at before go-live

HIPAA and BAA review

DentSignal supports HIPAA-sensitive workflows, and BAAs are available before live patient traffic starts.

  • BAAs available - email compliance@dentsignal.com or download our template.
  • Call recordings kept 90 days by default. Configurable in Settings.

Encryption boundaries

Traffic is encrypted in transit, and sensitive data is protected at rest in the current architecture.

  • All patient data is processed on Microsoft's HIPAA-certified servers.
  • Direct OpenAI is not used for those patient-data workflows.

Access controls

Dashboard access is authenticated, session-scoped, and checked against the clinic that owns the call data.

  • Protected routes revalidate access with the backend
  • Recording access is limited to authenticated users

Audit, retention, and deletion

The compliance layer includes audit logging, per-clinic retention settings, and deletion workflow support.

  • Review current retention defaults before go-live
  • Confirm deletion handling with your clinic policy

Implementation checklist

Review these items before production traffic

Security review is strongest when the workflow, escalation path, and retention defaults are all checked together.

  1. 1Use the live demo and test both a routine booking path and an escalation path.
  2. 2Confirm who receives urgent or uncertain calls and how those handoffs work after hours.
  3. 3Review BAAs, retention settings, and recording defaults with your compliance lead.
  4. 4Pilot with limited traffic first and keep a human fallback path during rollout.

Data boundary

Where data goes in the current architecture

PHI-touching workflows

All patient data is processed on Microsoft's HIPAA-certified servers. This is the path to review during compliance and BAA checks.

Authenticated review

Clinic staff review calls, recordings, and analytics through authenticated routes with clinic-scoped access checks.