HIPAA Compliant
Online HIPAA Compliant Dental Software
CareStack is committed to keeping all Protected Health Information (PHI) secure & compliant. We keep systems and procedures up-to-date and in compliance with all related regulations, and we understand that keeping client information safe is of the utmost importance.
Under HIPAA privacy rules, CareStack is a Business Associate. As such, we comply with all applicable rules and regulations of the Health Insurance Portability and Accountability Act (HIPAA) of 1996, and we have instituted policies and procedures to ensure this is done.
All employees are required to re-take HIPAA training every two years, and we have Information Security procedures in place to ensure that our policies and procedures related to information and physical security are up-to-date and follow any new or revised regulations. These policies and procedures are frequently reviewed to maintain compliance with HIPAA rules and regulations.
For the ultimate dental software, choose the solution that’s scalable for growing dental start-ups or large DSOs and still affordable for small mobile providers and single-office dental practices. Choose CareStack!
Advanced HIPAA Compliance Details
Entities
Covered Entities
CareStack clients are considered Covered Entities because they hold first-hand Patient information, including treatment info, appointments, addresses, and contact details, and electronically transmit health information in connection with transactions.
Business Associate
CareStack itself is considered a "business associate," since we perform functions or activities on behalf of a covered entity and can access patient data.
Rules
Privacy Rule
The HIPAA Privacy Rule protects individuals' medical records and sets limits on the use and disclosure of personal health information without patient authorization. Patients may also examine and obtain copies of their health records, and request corrections.
Security Rule
The HIPAA Security Rule sets standards to protect electronic health info by requiring safeguards to ensure its confidentiality and security.
HIPAA Compliance Rules in CareStack
Restricted Access
Only necessary CareStack personnel can access relevant databases, web portal data, backups, and data extracts of any form.
Logs & Recording
CareStack team's activities are recorded automatically by built-in software on their workstation machines. Privacy of the team members will be protected; logs are available in case of an incident.
Security Officer
If practices encounter discrepancies, report to the Security Officer by sending an email to hipaa@carestack.com. (Please note: it is the practice’s duty to report any discrepancy.)
Background Updates
CareStack team will update the HIPAA compliance rules as and when needed, based on new laws enacted/technological advancements.
HIPAA Compliance Actions at Your Practice
Discrepancies
Report to the Security Officer if you see any discrepancies. Send an email to hipaa@carestack.com describing the issue and context.
Encrypted e-PHI
If you want to send the e-PHI data, then always encrypt and send.
Passwords
The password should be shared in a separate email.
Redacting
If you are sending/uploading images, then blur the PHI information.
Personal Steps
Always secure your laptop/desktop, especially if it contains e-PHI data.
Offline Use
If you need to print information that contains PHI data, make sure to keep it secure or shred it after use.
DataStores
Always remember to keep PHI data on your desktop/laptop to an absolute minimum. Use the secure DataStores which are held in CareStack Office/Azure VM/Azure SQL.
Benefits of CareStack’s HIPAA Compliance
Frequently Asked Questions
support@carestack.com
Where can providers conduct teledentistry?
Does HIPAA require software updates?
How secure are online payments?
Related Features
CareStack's all-in-one platform contains many additional related features, including:
