800.847.7638 Login Support

The Health Insurance Portability and Accountability Act (HIPAA) addresses the security and privacy of patient health care data. The standards are meant to improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in the US health care system. While HIPAA oversight does not specifically apply to dental practice management systems, Dentisoft has nevertheless used HIPAA standards as the requirements for its employed security layers (virtual and physical). These layers of security form a foundation of safety for Dentisoft users which is far in excess of the actual HIPAA requirements.

HIPAA outlines several specifications for Administrative, Physical and Technical safeguards that must be implemented where critical and/or sensitive patient health related information or Protected Health Information (PHI) is involved, for example:

According to HIPAA standards, covered entities must have a contingency plan, and: "Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information." (HIPAA, Section 164.308(a)(7)(i)).

Dentisoft protects its healthcare industry customers against physical systems damage by storing backed-up records offsite, in multiple Amazon data centers. Even complete destruction of the healthcare provider's facility would not result in the loss of patient records.

Another HIPAA standard requires covered entities to: "Allow access only to those persons or software programs that have been granted access right."(Section 164.312(a)(2)(1)). Furthermore, covered entities must: "Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network." (Section 164.312(e)(1)). These provisions also require that backups be encrypted to control access to the data, and that the encryption occurs before any data has been transmitted from a computer to its backup location.

Dentisoft protects backup files with 256 bit AES encryption (adopted as an encryption standard by the U.S. government) before they ever leave our production machines. Backup files are protected during transmission with Dentisoft's 256 bit SSL encryption layer. (Section 164.312(e)(I)) All access to backed-up data requires unique user authentication, and no passwords are stored in clear text. In fact encryption and compression of data occurs "on-the-fly" (rather than begin stored first).

Dentisoft Online Uses Amazon Web Services

Dentisoft uses Amazon Web Services (AWS) to host Dentisoft Office Online. Since 2006, AWS has delivered a highly scalable "cloud computing" platform with high availability and dependability. AWS is now the recognized leader in the cloud computing space, hosting thousands of well-known websites and web-based applications. As opposed to using a dedicated server infrastructure, AWS provides the most highly scalable and secure virtual server infrastructure available, which provides enhanced security, scalability, reliability, and change management capabilities.


In recognition of the unique data security requirements of HIPAA, Dentisoft has added additional layers of encryption security at every node within our AWS-hosted environment. We are committed to providing data safety which is in excess of that which is required under HIPAA. This includes encrypting traffic from your browser to each web-server, requests between the web servers and the database, during database back-ups, and in retrieving from data storage when necessary. At no point anywhere in the process of reading or writing updates to Dentisoft is the data ever available in an unencrypted format. This represents a significant upgrade from solo-location hosting environments which have typified the dental practice management system business in the past. The Dentisoft-AWS environment represents the most secure infrastructure available anywhere in the U.S. today.

Change Management

Through AWS, Dentisoft can also instantly accommodate the implementation of new software components across the entire infrastructure without the typical downtime associated with these kinds of activities. Updates and windows patches can be applied completely in the background without disrupting a Dentisoft user's normal course of business. This includes such normally disruptive processes as upgrading hardware.


Dentisoft also chose AWS to host its application because of the potential for unlimited scalability to Dentisoft's end-users. This means Dentisoft is not burdened by typical hardware constraints which can slow down web-based applications when traffic increases—we can accommodate a theoretically unlimited number of offices, users, and patient records. And do this without the risks often associated with changes to the hardware. Dentisoft can scale accordingly “on-the-fly” when necessary.


AWS also has no single point of failure for any of its hardware components. AWS provides for real-time back-up servers in multiple locations around the U.S. (and the world) in the unlikely event of an outage -- service is restored automatically and in real-time. In fact AWS publishes a 99.95% service guarantee on all of its hosted websites. However, AWS also gives Dentisoft the ability to implement new servers in multiple geographic locations in just a matter of minutes. The cost of so-called "hot site" back-up is typically price prohibitive; yet Dentisoft users leverage this capability free of charge. This presents an additional reassurance that your business will never be impacted by an extended service interruption