HIPAA Compliance

Last updated: January 2, 2025

Espeto LLC d/b/a Dentte is committed to maintaining the highest standards of data protection and privacy in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and related healthcare regulations.

Our HIPAA Commitment

As a business associate to dental practices, we understand the critical importance of protecting patient health information (PHI). We have implemented comprehensive policies, procedures, and safeguards to ensure HIPAA compliance across all our operations and services.

Business Associate Agreements

We execute Business Associate Agreements (BAAs) with all partner practices that include:

• Clear definition of permitted uses and disclosures of PHI
• Requirements for safeguarding PHI in all forms
• Incident reporting and breach notification procedures
• Audit rights and compliance monitoring
• Return or destruction of PHI upon termination

Administrative Safeguards

• Designated HIPAA Security Officer responsible for compliance oversight
• Regular HIPAA training for all staff members
• Access controls and user authentication procedures
• Incident response and breach notification protocols
• Regular risk assessments and compliance audits
• Vendor management and third-party oversight

Physical Safeguards

• Secure facilities with restricted access controls
• Workstation security and device controls
• Secure storage and disposal of physical records
• Environmental controls and monitoring
• Equipment maintenance and media disposal procedures

Technical Safeguards

• End-to-end encryption for data transmission and storage
• Multi-factor authentication and access controls
• Audit logs and activity monitoring
• Automatic session timeouts and logoff procedures
• Regular security updates and patch management
• Secure backup and disaster recovery systems

Data Handling Practices

Minimum Necessary Standard

We adhere to the minimum necessary standard, accessing and using only the minimum amount of PHI required to accomplish the intended purpose.

Data Retention

PHI is retained only as long as necessary for business purposes or as required by law. We have established data retention schedules and secure disposal procedures.

Breach Response

In the event of a suspected breach, we have procedures in place to investigate, contain, and notify affected parties within required timeframes as specified in HIPAA breach notification rules.

Compliance Certifications

Vendor Management

All third-party vendors and subcontractors who may have access to PHI are required to execute Business Associate Agreements and demonstrate HIPAA compliance. We conduct regular assessments of vendor security practices and compliance status.

Training and Awareness

All Dentte team members receive comprehensive HIPAA training upon joining and participate in regular refresher training. Our training program covers privacy rules, security requirements, breach response, and individual responsibilities.

Reporting Concerns

If you have concerns about our HIPAA compliance or wish to report a potential privacy or security incident, please contact us immediately: