HIPAA Compliance
DentyBot is designed to be used safely by US dental clinics that are covered entities under HIPAA. We operate as your Business Associate and will sign a BAA upon request.
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) sets national standards for the protection of sensitive patient health information. Dental clinics are "covered entities" under HIPAA and must ensure any vendor handling patient data — including chat tools — complies with the law.
How DentyBot handles PHI
Protected Health Information (PHI) that may pass through Denty includes patient names, contact details, appointment times, and health-related chat messages. We handle this data with the following protections:
All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Patient conversations are never stored in plaintext.
PHI is accessible only to authorised DentyBot personnel for support and maintenance purposes, under strict need-to-know policies.
All access to patient data is logged and auditable. You can request an access log at any time.
In the event of a data breach involving PHI, we will notify you within 72 hours as required by HIPAA's Breach Notification Rule.
Denty only collects the minimum information necessary to fulfil the patient's request. We do not store sensitive clinical data beyond what is required for appointment booking.
Business Associate Agreement
Under HIPAA, dental clinics must have a signed Business Associate Agreement (BAA) with any vendor that handles PHI. DentyBot will sign a BAA with any subscribing clinic upon request.
Request your BAA
Email us with your clinic name and we will send a signed BAA within 3 business days.
Request BAA →Questions
For HIPAA compliance questions or to report a concern: hello@dentybot.com