HIPAA Compliance

HIPAA's Privacy Rule governs how protected health information (PHI) may be used and disclosed; its Security Rule requires administrative, physical and technical safeguards for electronic PHI; and its Breach Notification Rule sets out what must happen if PHI is exposed. A software vendor that handles PHI on a provider's behalf acts as a "business associate".

HIPAA is enforced by the U.S. Department of Health and Human Services, Office for Civil Rights (OCR). Where Teliyadu processes PHI on your behalf, we do so as a business associate. A Business Associate Agreement (BAA) is available on request for clinics that require one.

• Encryption everywhere — TLS 1.2+ for data in transit and AES-256 for data at rest.
• Strict tenant isolation — each clinic's records live in their own private database schema, never in shared tables.
• Role-based access control (Admin, Dentist, Receptionist, Dental Assistant) so staff only reach the data their role needs.
• Audit logging of every access to patient records and financial data.
• Hosting on AWS in the EU (Frankfurt, eu-central-1) with automated, encrypted daily backups.
• We never use your patients' data to train third-party AI models, and we never sell it.

Your clinic is the data controller for the patient information it stores in Teliyadu OralOS — you decide why and how it is processed. Teliyadu acts as a data processor, handling that information only on your documented instructions and only to provide the service. A data processing agreement (DPA) setting out these responsibilities is available on request.

Patients can access and obtain a copy of their health records, request corrections, request an accounting of certain disclosures, and request restrictions on how their information is used. Teliyadu OralOS gives your clinic the tools to honour these requests.

To ask a data-protection question, or to make a request on behalf of a patient, email support@teliyadu.com and we'll route it to the right person.