Privacy Policy
Dental Prizm ("Company," "we," "us," or "our") operates DentalPrizm, a cloud-based dental practice management platform. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our website, software, and services (collectively, the "Services").
We are committed to protecting your privacy and complying with applicable data protection laws, including the Health Insurance Portability and Accountability Act (HIPAA) for protected health information (PHI).
1. Information We Collect
1.1 Information You Provide Directly
We collect information you provide when you:
- Create an Account: Name, email address, phone number, practice name, and billing information
- Use Our Services: Patient records, appointment data, clinical notes, billing information, and other practice management data you enter into the platform
- Contact Us: Information in your inquiries, support requests, or feedback
- Subscribe to Communications: Email address and communication preferences
1.2 Information Collected Automatically
When you use our Services, we automatically collect:
- Device Information: IP address, browser type, operating system, device identifiers
- Usage Data: Pages viewed, features used, time spent, click patterns
- Log Data: Access times, error logs, and system activity
- Cookies and Similar Technologies: See our Cookie Policy for details
1.3 Protected Health Information (PHI)
As a dental practice management platform, our customers may enter patient health information into our system. This information is considered Protected Health Information (PHI) under HIPAA and is subject to additional protections described in Section 3.
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our Services
- Process transactions and send related information
- Send technical notices, updates, security alerts, and support messages
- Respond to your comments, questions, and customer service requests
- Communicate about products, services, offers, and events
- Monitor and analyze trends, usage, and activities
- Detect, investigate, and prevent fraudulent transactions and other illegal activities
- Personalize and improve your experience
- Comply with legal obligations
3. HIPAA Compliance
3.1 Business Associate Agreement
DentalPrizm acts as a Business Associate under HIPAA when processing PHI on behalf of dental practices (Covered Entities). We enter into a Business Associate Agreement (BAA) with each customer that uses our Services to store or process PHI.
3.2 PHI Protections
For all PHI processed through our platform, we:
- Implement administrative, physical, and technical safeguards as required by the HIPAA Security Rule
- Encrypt all PHI at rest using AES-256 encryption and in transit using TLS 1.3
- Maintain complete audit trails of all PHI access for a minimum of seven (7) years
- Implement role-based access controls and multi-factor authentication
- Conduct regular security assessments and penetration testing
- Train all employees on HIPAA requirements and security best practices
- Maintain policies for breach notification in compliance with the HIPAA Breach Notification Rule
3.3 Patient Rights
Patients whose PHI is stored in DentalPrizm should contact their dental practice directly to exercise their HIPAA rights, including the right to access, amend, or receive an accounting of disclosures of their PHI. We will assist our customers in fulfilling these requests as required by our BAA.
4. Information Sharing and Disclosure
We do not sell your personal information. We may share your information in the following circumstances:
4.1 Service Providers
We share information with third-party vendors who perform services on our behalf, such as:
- Cloud hosting providers (AWS)
- Payment processors
- Email service providers
- Analytics providers
- Customer support tools
All service providers that may access PHI are required to sign a BAA and comply with HIPAA requirements.
4.2 Legal Requirements
We may disclose information if required by law, legal process, or government request, or to protect the rights, property, or safety of DentalPrizm, our users, or others.
4.3 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your personal information.
4.4 With Your Consent
We may share information with your consent or at your direction.
5. Data Security
We implement comprehensive security measures to protect your information:
- Encryption: AES-256 encryption at rest, TLS 1.3 in transit
- Access Controls: Role-based access, multi-factor authentication required
- Infrastructure: SOC 2 Type II certified data centers with 24/7 monitoring
- Network Security: Firewalls, intrusion detection, DDoS protection
- Regular Testing: Penetration testing, vulnerability assessments
- Employee Training: Regular security awareness training
- Incident Response: Documented procedures for security incidents
While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
6. Data Retention
We retain your information for as long as necessary to provide our Services and fulfill the purposes described in this Privacy Policy. Specific retention periods include:
- Account Information: Retained while your account is active and for 90 days after deletion request
- PHI and Practice Data: Retained according to your subscription agreement and applicable law (minimum 7 years for dental records)
- Audit Logs: Retained for a minimum of 7 years as required by HIPAA
- Billing Records: Retained for 7 years for tax and legal purposes
Upon account termination, we will securely delete or anonymize your data in accordance with our data retention policies and applicable law.
7. Your Rights and Choices
7.1 Access and Portability
You may access, download, or export your data through your account dashboard or by contacting us.
7.2 Correction
You may update or correct your account information at any time through your account settings.
7.3 Deletion
You may request deletion of your account and personal information by contacting us. Note that we may retain certain information as required by law or for legitimate business purposes.
7.4 Marketing Communications
You may opt out of marketing emails by clicking the "unsubscribe" link in any marketing email or by contacting us. You will continue to receive transactional and service-related communications.
7.5 California Residents
California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information.
8. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to collect and store information. For detailed information about our use of cookies and your choices, please see our Cookie Policy.
9. Third-Party Services
Our Services may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you use.
10. Children's Privacy
Our Services are not directed to children under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
Note: Dental practices may store pediatric patient records in our system. Such records are PHI and are protected under HIPAA, with the parent or guardian exercising the patient's rights.
11. International Data Transfers
Our Services are hosted in the United States. If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the United States. By using our Services, you consent to such transfer.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.
13. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us:
For HIPAA-related inquiries or to report a potential privacy concern, please email us at [email protected] with "Privacy Inquiry" in the subject line.