Practice Core AI
Practice Core AI
PRIVACY POLICY
← Back to Home

Privacy Policy

Last Updated: February 4, 2026

HIPAA Compliance

Practice Core AI is fully HIPAA compliant. We maintain Business Associate Agreements (BAAs) with all dental practices using our platform. We adhere to all HIPAA Privacy Rule and Security Rule requirements for Protected Health Information (PHI).

Information We Collect

Patient Information:

  • Name, date of birth, contact information
  • Appointment scheduling information
  • Insurance and billing information
  • Clinical treatment information
  • Communication preferences (SMS opt-in status)

Practice Information:

  • Practice name and contact details
  • Provider credentials and licensing
  • Billing and payment information
  • Usage analytics and system logs

How We Use Your Information

  • Provide practice management services
  • Send appointment reminders via SMS/email (with consent)
  • Process insurance claims and billing
  • Maintain patient records
  • Facilitate patient-practice communication
  • Improve our services and user experience
  • Comply with legal and regulatory requirements

SMS Appointment Reminders

Opt-In Required: We only send SMS messages to patients who explicitly opt in via:

  • Online booking checkbox
  • Verbal phone consent (documented)
  • Written intake forms
  • Patient portal settings

Minimal PHI: SMS messages contain only minimal PHI (appointment date/time). You can opt-out anytime by replying STOP.

See our SMS Terms for full details.

We DO NOT Sell Your Information

We never sell, rent, or trade patient health information. Your PHI is protected under HIPAA and is only used for treatment, payment, and healthcare operations as permitted by law.

Data Security

We implement industry-leading security measures to protect your data:

  • Encryption: AES-256 encryption at rest, TLS 1.3 in transit
  • Access Control: Role-based access with multi-factor authentication
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Auditing: Regular security audits and penetration testing
  • Backups: Encrypted backups with disaster recovery
  • Compliance: SOC 2 Type II certified infrastructure

Your Rights

Under HIPAA and applicable privacy laws, you have the right to:

  • Access: Request copies of your health information
  • Amendment: Request corrections to your records
  • Restriction: Request limits on use or disclosure
  • Accounting: Receive a list of disclosures we have made
  • Opt-Out: Unsubscribe from SMS/email communications
  • Complaint: File a complaint if you believe your rights have been violated

Data Retention

We retain patient health information in accordance with HIPAA requirements and state regulations. Typically, records are retained for a minimum of 6 years from the date of last service, or longer as required by law. You may request deletion of your data subject to legal retention requirements.

Third-Party Services

We use trusted third-party services to provide our platform. All third parties with access to PHI have signed Business Associate Agreements and are HIPAA compliant:

  • Cloud infrastructure providers (data hosting)
  • Payment processors (billing)
  • Communication providers (SMS/email)
  • Analytics services (anonymized usage data only)

Cookies and Tracking

Our website uses essential cookies for functionality and security. We use analytics cookies to understand how visitors use our site (no PHI is collected through cookies). You can control cookie preferences through your browser settings.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Practice Core AI

Privacy Officer

Email: privacy@practice-core-ai.com

HIPAA Compliance: hipaa@practice-core-ai.com