PatientBridge360
Sign inRegister clinic

HIPAA Compliance & Security

Last updated: May 10, 2026. Replace with counsel-reviewed copy before production launch.

PatientBridge360 is built for dental clinics and SaaS operators who need a security-conscious foundation when handling protected health information (PHI). This page summarizes our HIPAA-minded approach. It is not legal advice—work with qualified counsel and sign a Business Associate Agreement (BAA) where required before processing PHI in production.

1. Our role

Depending on your configuration, PatientBridge360 may act as a business associate to covered entities. Clinics remain responsible for their HIPAA compliance program, workforce training, and patient authorizations. We provide technical safeguards designed to support your obligations.

2. Administrative safeguards

  • Role-based access control for company admins, staff, and platform operators
  • Unique user accounts with authentication and session management
  • Activity logging for sensitive administrative actions
  • Company approval workflow before new tenants access production data

2. Physical safeguards

Production infrastructure should be hosted with reputable cloud providers that maintain physical security controls. Self-hosted deployments remain the customer's responsibility for facility access and media controls.

3. Technical safeguards

  • Encryption in transit (HTTPS/TLS) for web and API traffic
  • Encryption-aware architecture for sensitive medical record fields
  • Tenant isolation so each clinic's data is scoped to its workspace
  • Plan-aware feature gates aligned with API enforcement
  • Configurable SMTP and audit-friendly email workflows

4. Minimum necessary & access

Staff permissions can be limited by role so users see only the modules required for their job—appointments, patients, finance, or settings. Super Admin platform tools are segregated from clinic tenant dashboards.

5. Breach notification

We maintain procedures to investigate suspected security incidents. Customers will be notified without unreasonable delay when a breach of unsecured PHI is confirmed, consistent with applicable law and your BAA.

6. Business Associate Agreement

Enterprise and HIPAA-regulated customers may request a BAA before go-live. Contact support@patientbridge360.com with your clinic name, locations (USA/Canada), and expected PHI volume.

7. Your responsibilities

  • Execute workforce HIPAA training
  • Use strong passwords and disable accounts when staff leave
  • Configure clinic policies, consent forms, and retention rules
  • Review integrations and embedded booking forms for PHI exposure

Last updated: May 2026. Replace with counsel-reviewed language before production launch.