DentiVue is built with modern healthcare security practices to protect patient data at every layer.
All protected health information is encrypted using AES-256-GCM with unique initialization vectors per field. Data in transit is protected by TLS 1.2+ across every connection. Encryption keys are validated at startup — the server will not start without them, ensuring PHI is never stored in plaintext under any circumstance.
Staff accounts support time-based one-time password (TOTP) authentication compatible with any standard authenticator app including Google Authenticator, Authy, and 1Password. MFA secrets are encrypted at rest using the same AES-256-GCM system, and backup recovery codes are individually bcrypt-hashed.
DentiVue enforces granular role-based access control with three distinct roles: Owner, Dentist, and Staff. Each role has a precisely scoped set of permissions — from full practice administration down to read-only patient access. Permissions are checked on every API request, and unauthorized actions are blocked before reaching the database.
Every database query is automatically scoped to the authenticated practice through a server-side isolation layer. This fail-closed design means that even in the event of a software bug, one practice can never access another practice's data. Ownership verification runs on every record-level operation.
Every read, create, update, and delete operation on protected health information is automatically logged with the user, timestamp, entity type, and IP address. Audit entries are batched for performance and written to both a general audit log and a dedicated PHI access log. Audit logging covers 15 PHI models including patients, visits, prescriptions, files, messages, and treatment plans.
Passwords are hashed using bcrypt with a cost factor of 12. DentiVue enforces minimum complexity requirements and supports 90-day password rotation policies aligned with healthcare security standards. Failed login attempts trigger progressive rate limiting and account lockout protection to prevent brute-force attacks.
DentiVue runs a security self-test on every server boot, verifying that all critical environment variables — encryption keys, authentication secrets, and database credentials — are properly configured before accepting any traffic. Security headers including Content Security Policy, HSTS, X-Frame-Options, and X-Content-Type-Options are applied to every response.
DentiVue's architecture is designed from the ground up to support HIPAA technical safeguard requirements. This includes field-level encryption of PHI, automatic audit trails, access controls, session management, and secure data handling. Every security layer is enforced by default with no configuration required — there is no way to accidentally run the application in an insecure state.
Our team is happy to discuss DentiVue's security architecture, compliance posture, or any specific requirements for your practice.
Contact our team