Every Intake.Dental account ships with an executed BAA, field-level AES-256-GCM encryption, SOC 2 infrastructure, and 9 HIPAA safeguards — all exceeded, not merely met.
HIPAA's Security Rule lays out specific technical and administrative safeguards covered entities and their business associates must implement. Here is how Intake.Dental meets each one — and where we exceed.
Field-level encryption with per-record Data Encryption Keys for forward secrecy. Envelope encryption via a central Key API with tenant isolation via Additional Authenticated Data. HMAC integrity verification and 128-bit IV / auth tags per record.
Practices on our Extra Security add-on get a second polyglottal cipher applied on top of AES. The resulting glyph strings resist frequency analysis and are engineered to remain safe against future quantum attacks.
Every practice that registers on Intake.Dental automatically receives an executed BAA at no additional cost. It covers digital forms, PDF storage, teledentistry, PMS integration, insurance verification, and patient communications. The platform is operated by Dental Education, Inc., and parallel BAAs are maintained with every sub-processor.
If a confirmed security incident affects your practice, you will receive a detailed incident report and immediate remediation plan within 72 hours — not 60 days, not "when we finish our investigation."
Yes — every practice that registers on Intake.Dental automatically receives an executed BAA at no additional cost. The BAA covers digital forms, PDF storage, teledentistry, PMS integration, insurance verification, and patient communications. We also maintain parallel BAAs with every sub-processor we use.
All Protected Health Information is encrypted at the field level using AES-256-GCM with per-record Data Encryption Keys (DEKs) for forward secrecy. Keys are wrapped using envelope encryption and tenant-isolated derivation. Practices on our Extra Security add-on get an additional polyglottal Glyph Cipher layer that is resistant to future quantum attacks.
We notify affected practices within 72 hours of a confirmed security incident with a detailed report and remediation plan. Records that were encrypted under our Glyph Cipher add-on may qualify for the HIPAA Breach Notification Rule's encryption safe harbor exception under 45 CFR § 164.402, but we notify regardless — transparency over loopholes.
We run on AWS infrastructure that is SOC 2 Type II certified. Our database layer (Supabase) is also SOC 2 Type II. Our own application code is designed around HIPAA's Security Rule and audited on an ongoing basis.
Yes — HIPAA consent documents and Notices of Privacy Practices are available in 29+ languages automatically, so every patient can acknowledge in the language they actually read.
Reach out to our compliance team and we'll walk you through the specifics for your practice.
© 2026 Intake Dental. Todos os direitos reservados.
Feito com cuidado para consultórios odontológicos.
