Privacy Policy

1. Information We Collect

MyDentalPMS collects information necessary to provide our dental practice management services to healthcare providers and to support patient care. The types of information we collect include:

Personal Information

• Patient demographics (name, date of birth, address, phone number, email address)
• Insurance information and claim details
• Emergency contact information
• Employment and financial information for account billing

Health Information

• Dental treatment records and clinical notes
• Radiographs, images, and other diagnostic materials
• Medication histories and allergies
• Medical histories relevant to dental treatment
• Treatment plans and procedure codes

Usage Information

• Log data from system access and activities
• IP addresses and device identifiers
• Browser type and operating system information
• Pages visited and features used within the platform

2. How We Use Information

We use collected information for the following purposes:

Primary Uses

• Providing dental practice management and clinical services
• Processing appointments, treatment, and billing
• Communicating with patients and providers regarding care
• Generating clinical reports and treatment outcomes analysis
• Maintaining accurate patient records for continuity of care

Secondary Uses

• System improvement, security, and fraud prevention
• Analytics and aggregate reporting (de-identified data only)
• Compliance with legal and regulatory requirements
• Responding to authorized requests from legal authorities

We do not sell patient data to third parties. All data use complies with applicable healthcare privacy regulations including HIPAA, state privacy laws, and patient consent requirements.

3. HIPAA Compliance

MyDentalPMS is a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). We maintain a Business Associate Agreement (BAA) with all covered entities and business associates that use our platform.

HIPAA Safeguards

• Administrative safeguards including access controls and audit procedures
• Physical safeguards protecting facilities, equipment, and media
• Technical safeguards including encryption, access controls, and intrusion detection
• Regular risk assessments and security updates
• Employee training on privacy and security obligations
• Breach notification procedures and incident response protocols

We maintain comprehensive documentation of our HIPAA compliance efforts and submit to regular audits. Our security measures are designed to protect the confidentiality, integrity, and availability of all health information maintained in our systems.

4. Data Security

MyDentalPMS implements industry-leading security measures to protect all information from unauthorized access, alteration, and destruction:

Technical Security Controls

• 256-bit AES encryption for data at rest
• TLS 1.3 encryption for data in transit
• Multi-factor authentication (MFA) for all user accounts
• Role-based access control (RBAC) limiting data access by job function
• Intrusion detection and prevention systems
• Web application firewalls and DDoS protection
• Regular penetration testing and vulnerability assessments

Organizational Security Measures

• Background checks and security vetting for all employees
• Mandatory security training for all staff members
• Segregation of duties to prevent unauthorized access
• Secure disposal and destruction of data
• Disaster recovery and business continuity planning

Despite these safeguards, no system is completely secure. We encourage users to maintain strong passwords, enable MFA, and report any suspicious activity immediately.

5. Data Retention

We retain patient information for as long as necessary to provide services and comply with legal requirements:

Retention Schedule

• Active Patient Records: Maintained for the duration of the patient-provider relationship plus applicable statute of limitations
• Inactive Patient Records: Retained for minimum 6 years from last encounter (per HIPAA requirements)
• Billing Records: Retained for 7 years minimum for tax and audit purposes
• System Logs: Retained for minimum 1 year for security and audit purposes
• Archived Backups: Maintained in secure offsite location per disaster recovery policy

Upon request and with proper authorization, patients may request deletion of their information, subject to legal retention requirements and the need to maintain records for continuity of care.

6. Third-Party Services

MyDentalPMS may use third-party service providers to assist in providing services. These may include:

• Cloud hosting and infrastructure providers (AWS, Azure)
• Payment processors for billing and insurance claims
• Backup and disaster recovery services
• Security and intrusion detection services
• Customer support and analytics providers

Third-Party Obligations

All third-party service providers are required to:

• Execute written Business Associate Agreements (BAA) for HIPAA compliance
• Maintain security standards equal to or exceeding our own
• Use data only for specified purposes
• Report any security incidents or breaches immediately
• Allow audit and inspection rights
• Delete or return data upon contract termination

We conduct regular audits of third-party compliance and maintain current Business Associate Agreements with all vendors handling PHI.

7. Cookies and Tracking

MyDentalPMS uses cookies and similar tracking technologies for legitimate business purposes:

Types of Cookies

• Session Cookies: Necessary for platform functionality and user authentication
• Security Cookies: Prevent unauthorized access and detect suspicious activity
• Analytics Cookies: Help us understand platform usage and improve features
• Preference Cookies: Remember user settings and preferences

Users may disable non-essential cookies through browser settings, though this may limit platform functionality. We respect "Do Not Track" signals where available and do not use cookies for tracking across unaffiliated websites.

8. Children's Privacy

MyDentalPMS is not directed to children under 13 years of age. We do not knowingly collect personal information from children without parental consent. Parents or guardians who believe their child has provided information to our service should contact us immediately at [email protected].

For pediatric patients, we comply with HIPAA requirements regarding parental rights to access and control health information on behalf of minor children.

9. Your Privacy Rights

Under applicable privacy laws including HIPAA and state regulations, you have the following rights regarding your health information:

Patient Rights

• Right to Access: Request and obtain a copy of your health records
• Right to Amend: Request corrections or amendments to inaccurate information
• Right to Accounting: Request an accounting of disclosures of your health information
• Right to Restrict: Request restrictions on use and disclosure of your information
• Right to Confidential Communication: Request communication through alternate methods or locations
• Right to Breach Notification: Be notified promptly of any unauthorized access to your information

To exercise any of these rights, please contact your healthcare provider or submit a formal request to [email protected] with your patient ID and the specific request.

10. Changes to This Policy

MyDentalPMS may update this Privacy Policy periodically to reflect changes in our practices, technology, regulations, and other factors. Material changes will be communicated to users through email or prominent notification on the platform. Continued use of MyDentalPMS following posted changes constitutes acceptance of the updated policy.

We encourage you to review this policy periodically to stay informed about how we protect your information.

11. Contact Us

If you have questions about this Privacy Policy, our privacy practices, or wish to exercise your privacy rights, please contact:

We are committed to addressing your concerns and will work with you to resolve any privacy issues regarding our services.