HIPAA Compliant

Online HIPAA Compliant Dental Software

CareStack is committed to keeping all Protected Health Information (PHI) secure & compliant. We keep systems and procedures up-to-date and in compliance with all related regulations, and we understand that keeping client information safe is of the utmost importance.

Under HIPAA privacy rules, CareStack is a Business Associate. As such, we comply with all applicable rules and regulations of the Health Insurance Portability and Accountability Act (HIPAA) of 1996, and we have instituted policies and procedures to ensure this is done.

All employees are required to re-take HIPAA training every two years, and we have Information Security procedures in place to ensure that our policies and procedures related to information and physical security are up-to-date and follow any new or revised regulations. These policies and procedures are frequently reviewed to maintain compliance with HIPAA rules and regulations.

For the ultimate dental software, choose the solution that’s scalable for growing dental start-ups or large DSOs and still affordable for small mobile providers and single-office dental practices. Choose CareStack!

Trusted by over 2,000 US providers and growing!

Discover the difference that CareStack can make in transforming your practice efficiency while reducing your subscriptions and monthly expenses.

1400+ global reviews

Advanced HIPAA Compliance Details


  • Covered Entities

    CareStack clients are considered Covered Entities because they hold first-hand Patient information, including treatment info, appointments, addresses, and contact details, and electronically transmit health information in connection with transactions.

  • Business Associate

    CareStack itself is considered a "business associate," since we perform functions or activities on behalf of a covered entity and can access patient data.


  • Privacy Rule

    The HIPAA Privacy Rule protects individuals' medical records and sets limits on the use and disclosure of personal health information without patient authorization. Patients may also examine and obtain copies of their health records, and request corrections.

  • Security Rule

    The HIPAA Security Rule sets standards to protect electronic health info by requiring safeguards to ensure its confidentiality and security.

HIPAA Compliance Rules in CareStack

  • Restricted Access

    Only necessary CareStack personnel can access relevant databases, web portal data, backups, and data extracts of any form.

  • Logs & Recording

    CareStack team's activities are recorded automatically by built-in software on their workstation machines. Privacy of the team members will be protected; logs are available in case of an incident.

  • Security Officer

    If practices encounter discrepancies, report to the Security Officer by sending an email to (Please note: it is the practice’s duty to report any discrepancy.)

  • Background Updates

    CareStack team will update the HIPAA compliance rules as and when needed, based on new laws enacted/technological advancements.

HIPAA Compliance Actions at Your Practice

  • Discrepancies

    Report to the Security Officer if you see any discrepancies. Send an email to describing the issue and context.

  • Encrypted e-PHI

    If you want to send the e-PHI data, then always encrypt and send.

  • Passwords

    The password should be shared in a separate email.

  • Redacting

    If you are sending/uploading images, then blur the PHI information.

  • Personal Steps

    Always secure your laptop/desktop, especially if it contains e-PHI data.

  • Offline Use

    If you need to print information that contains PHI data, make sure to keep it secure or shred it after use.

  • DataStores

    Always remember to keep PHI data on your desktop/laptop to an absolute minimum. Use the secure DataStores which are held in CareStack Office/Azure VM/Azure SQL.

Benefits of CareStack’s HIPAA Compliance

Frequently Asked Questions

For queries contact

Where can providers conduct teledentistry?

HIPAA best practices require healthcare providers to conduct telehealth in private settings, such as a doctor in a clinic or office connecting to a patient who is at home or at another clinic.

Does HIPAA require software updates?

The HIPAA Security Rule requires that all Covered Entities must perform “periodic security updates” and have “procedures for guarding against, detecting and reporting malicious software”

How secure are online payments?

All transactions are processed through a secure website and all transactions are encrypted. Any personal information entered, such as credit card information, will be used only for the one-time transaction and will not be saved on our system or shared for any other purpose.

Why the Smartest Dentists are Switching to CareStack

CareStack's software is cost-effective and efficient, helping organizations of all sizes streamline operations and reduce costs while also helping to provide outstanding care.