๐Ÿ‡บ๐Ÿ‡ธUS Launch: HIPAA Compliant AI Notes
Dentistry Dashboard
Free Trial
๐Ÿ‡บ๐Ÿ‡ธUS DENTISTS

HIPAA Compliance & Data Security

Last updated: December 10, 2025

At a glance

  • โœ“Fully HIPAA compliant infrastructure and processes
  • โœ“Business Associate Agreement (BAA) available for all US customers
  • โœ“US-only hosting on AWS (us-east-1, N. Virginia)
  • โœ“Complete data isolation from UK/EU systems
  • โœ“AES-256 encryption at rest, TLS 1.2+ in transit
  • โœ“6+ year audit log retention via AWS CloudTrail Lake
  • โœ“No raw audio stored: real-time transcription only
  • โœ“US-based AI processing: Azure & Google resources in US data centers
  • โœ“Threat detection via AWS GuardDuty & Macie
Your patient data never leaves US borders. Complete isolation. Complete protection.

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a US federal law that establishes national standards for protecting sensitive patient health information, known as Protected Health Information (PHI).

Any software that processes, stores, or transmits PHI must implement specific administrative, physical, and technical safeguards. This includes dental practice software that handles patient records, clinical notes, and appointment data.

HIPAA violations can result in significant penaltiesโ€”from $100 to $50,000 per violation, with annual maximums reaching $1.5 million. Criminal penalties can apply for willful neglect.

Our Approach: Isolated US Infrastructure

We didn't simply add HIPAA features to our existing system. Instead, we built a completely separate US environment using a "shared-nothing" architecture. Your data is physically and logically isolated from our UK/EU infrastructure.

What "Shared-Nothing" Means:

  • Separate database: US data is stored in a dedicated MySQL instance, not the same database as UK/EU users
  • Separate storage: Files are stored in a US-only S3 bucket with no connection to EU storage
  • Separate AI services: Dedicated Azure Speech and Google AI resources in US data centers
  • Separate credentials: No shared API keys or access between regions

Where Your Data Lives

Database

AWS RDS (MySQL) in us-east-1 (N. Virginia). AES-256 encryption at rest. Private subnet with no public internet access.

File Storage

AWS S3 in us-east-1. Server-side encryption. All public access blocked.

Speech-to-Text

Azure AI Speech in East US. Real-time transcription. No audio retention.

AI Processing

Google Vertex AI (Gemini) in US Central. Note formatting and structuring.

Security Measures

Encryption at Rest

AES-256 encryption for all stored data using AWS-managed keys.

Encryption in Transit

TLS 1.2+ for all data transmission between your browser and our servers.

Access Controls

Role-based permissions with least-privilege access principles.

Audit Logging

AWS CloudTrail Lake with 6+ year retention for complete audit trails.

Threat Detection

AWS GuardDuty for continuous threat monitoring and alerting.

PHI Scanning

AWS Macie for automated detection of sensitive health information.

Private Network

Database resides in a private subnet with no direct public internet access. All connections go through secure internal networking.

Business Associate Agreement (BAA)

Under HIPAA, any vendor that handles PHI on behalf of a covered entity must sign a Business Associate Agreement (BAA). This legally binds us to HIPAA compliance standards.

Our BAA Coverage:

  • AWS: We have an active BAA with Amazon Web Services covering all US infrastructure
  • Azure: BAA in place for Azure AI Speech services
  • Google Cloud: BAA in place for Vertex AI services
  • Your Practice: We provide BAAs for all US customers upon request

To request a BAA, contact us at info@dentistrydashboard.com

Your Rights Under HIPAA

  • Access: Request access to your practice's stored data at any time.
  • Amendment: Request corrections to any inaccurate information.
  • Accounting: Request an accounting of disclosures of PHI.
  • Restriction: Request restrictions on certain uses of PHI.
  • Deletion: Delete saved notes, chats, and patient data from our system.
  • Breach Notification: We will notify you promptly of any security incident affecting your data.

What Dentistry Dashboard Does NOT Do

  • โŒWe don't store raw audio recordings from transcription sessions.
  • โŒWe don't share, sell, or use patient data for marketing or training AI models.
  • โŒWe don't make clinical decisions. AI Notes is for documentation support only.
  • โŒWe don't transfer US patient data to UK/EU systems.
  • โŒWe don't log PHI in application logs or error reports.

Frequently Asked Questions

Is my data really separate from UK/EU users?

Yes. We use a "shared-nothing" architecture. Your database, file storage, and AI processing are all on dedicated US infrastructure with no connection to our EU systems.

Can I get a BAA?

Yes. We provide Business Associate Agreements for all US customers. Contact us at info@dentistrydashboard.com to request one.

Where exactly is my data stored?

All data is stored in AWS us-east-1 (N. Virginia) data centers, which are HIPAA-eligible and covered by our BAA with Amazon.

What about the AI processing?

Our AI services (speech-to-text and language processing) run on dedicated Azure and Google resources in US data centers. Your audio and text never leave US jurisdiction.

How long do you retain audit logs?

We retain all audit logs for a minimum of 6 years using AWS CloudTrail Lake, meeting HIPAA's documentation requirements.

What happens if there's a data breach?

We have incident response procedures in place. In the unlikely event of a breach, we will notify affected customers promptly as required by HIPAA's Breach Notification Rule.

Ready to Get Started?

Join US dentists who trust Dentistry Dashboard for HIPAA-compliant AI clinical notes.

Start Your Free Trial

Questions? Talk to Us

Email: info@dentistrydashboard.com

Privacy Policy: View Privacy Policy

Terms: Terms & Conditions

UK/EU Compliance: GDPR Compliance Page