Public trust center

Compliance status, without the marketing gloss.

This page states what is implemented, what remains open, and what data a clinic may use with PriorDent today. An open gate is not described as a completed control.

Status reviewed July 14, 2026
!
Production PHI use is not authorized.

PriorDent currently permits de-identified shadow-testing only. Do not enter patient names, dates of birth, member IDs, insurance identifiers, images, clinical documents, or any other protected health information.

Business Associate Agreement

Not available

A draft exists, but legal/compliance review is incomplete and no clinic BAA is available for execution. Required vendor BAA coverage is also not complete.

SOC 2 / independent audit

Not started

PriorDent does not have a SOC 2 report or independent security attestation. No audit report is available for clinic reliance.

HIPAA status

No compliance claim

PriorDent is not represented as HIPAA compliant. The product remains gated from PHI until contracts, technical controls, operating procedures, and independent review are complete.

Security assessment

Open gate

An independent application security assessment and production penetration test have not been completed.

Tenant access controls

Implemented

Authenticated clinic workspaces use PostgreSQL Row Level Security, clinic-scoped records, and owner / manager / staff / viewer roles. Premium workflow records are scoped to the signed-in clinic.

Workflow audit history

Limited

Core workflow changes have append-only database history and application events avoid known PHI fields. This is not yet a complete PHI access audit program.

Data encryption assurance

Verification pending

Vendor platform controls are not yet independently verified by PriorDent for the intended PHI use case. They must not be treated as closing the HIPAA gate.

Financial attribution

Pilot evidence needed

Revenue, denial-prevention, and time-saved metrics in the current Revenue Operations interface are illustrative and are not validated clinic ROI.

What a clinic can safely evaluate today

Permitted
  • De-identified test cases
  • Team workflow persistence using non-PHI case labels
  • Rule and checklist behavior
  • Illustrative appeal-packet generation
Not permitted
  • Real patient or member identifiers
  • Clinical images or source documents containing PHI
  • Production payer submissions
  • Financial decisions based on sample ROI metrics
Launch rule: PriorDent will not mark the paid system production-ready until the BAA and PHI control gates are complete, the independent security review is available, operational persistence is verified, and ROI is supported by real de-identified outcomes with an attribution protocol.