Comprehensive security measures and HIPAA compliance framework designed to protect patient data and dental practices.
SideScribe implements a comprehensive security program aligned with HIPAA Security Rule requirements, combining administrative, technical, and physical safeguards to ensure the confidentiality, integrity, and availability of protected health information.
Policies and procedures that govern workforce operations and data handling.
Code-level protections and access controls for data security.
Procedures for handling, processing, and destruction of patient data.
Internal policies that govern how the workforce operates.
Annual audit process for Azure/OpenAI infrastructure, including vulnerability assessments, penetration testing, and security control effectiveness reviews.
Disciplinary guidelines for HIPAA violations, including progressive discipline procedures, mandatory reporting requirements, and corrective action plans.
Record of founder's HIPAA certification and annual security awareness training, including completion dates, training topics, and assessment results.
Schedule for weekly audit log checks, including automated monitoring alerts, manual review procedures, and escalation protocols for suspicious activities.
Descriptions of the code-level protections built into the system.
Unique User IDs with role-based access controls, automatic log-off after 15 minutes of inactivity, and forced multi-factor authentication for all user sessions.
Description of immutable audit logs capturing Who, What, When, and Where for all system activities, with tamper-proof storage and automated retention policies.
API rate-limiting and payload validation procedures to prevent data corruption, including input sanitization, schema validation, and checksum verification.
TLS 1.3 encryption standards for all data-in-transit, with perfect forward secrecy, certificate pinning, and automated certificate renewal procedures.
Procedures for the handling and destruction of patient data.
Formal declaration of immediate data purging after clinical note generation, ensuring no audio recordings or raw data persist beyond the active session.
Scripted deletion of metadata after 7 days, with automated cleanup procedures and manual verification processes to ensure complete data removal.
Procedures for secure wiping of local devices if retired, including cryptographic erasure methods and certificate of destruction documentation.
Contracts with patients, partners, and vendors.
Signed agreements with Microsoft (Azure) and OpenAI, establishing their obligations as business associates under HIPAA and ensuring chain of trust compliance.
The standard BAA template provided to all dental practices, outlining mutual responsibilities and liability for protected health information.
Robust consent form for Illinois dental offices, explaining recording procedures, data handling practices, and patient rights under HIPAA.
Public-facing website documentation outlining data practices, user rights, and service terms for all customers and users.
What happens when things go wrong.
5-step checklist for breach containment: (1) Detection and Assessment, (2) Containment, (3) Eradication, (4) Recovery, and (5) Post-Incident Review.
Procedures for service restoration via Azure geo-redundant backups, including recovery time objectives, backup verification, and failover testing.
Pre-written notification letter for alerting affected dental practices of security events, including required HIPAA elements and communication timelines.
Our security measures are designed to protect both patient data and your practice. For specific security inquiries, please contact our compliance team.
Contact Compliance Team