Business Associate Agreement
Not availableA draft exists, but legal/compliance review is incomplete and no clinic BAA is available for execution. Required vendor BAA coverage is also not complete.
Public trust center
This page states what is implemented, what remains open, and what data a clinic may use with PriorDent today. An open gate is not described as a completed control.
Status reviewed July 14, 2026PriorDent currently permits de-identified shadow-testing only. Do not enter patient names, dates of birth, member IDs, insurance identifiers, images, clinical documents, or any other protected health information.
A draft exists, but legal/compliance review is incomplete and no clinic BAA is available for execution. Required vendor BAA coverage is also not complete.
PriorDent does not have a SOC 2 report or independent security attestation. No audit report is available for clinic reliance.
PriorDent is not represented as HIPAA compliant. The product remains gated from PHI until contracts, technical controls, operating procedures, and independent review are complete.
An independent application security assessment and production penetration test have not been completed.
Authenticated clinic workspaces use PostgreSQL Row Level Security, clinic-scoped records, and owner / manager / staff / viewer roles. Premium workflow records are scoped to the signed-in clinic.
Core workflow changes have append-only database history and application events avoid known PHI fields. This is not yet a complete PHI access audit program.
Vendor platform controls are not yet independently verified by PriorDent for the intended PHI use case. They must not be treated as closing the HIPAA gate.
Revenue, denial-prevention, and time-saved metrics in the current Revenue Operations interface are illustrative and are not validated clinic ROI.