Privacy Policy

Last Updated: January 2025

Avenari ("we," "our," or "us") is committed to protecting the privacy and security of Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable privacy laws. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our dental visit transcription and summary services.

1. Information We Collect

1.1 Protected Health Information (PHI)

As a HIPAA Business Associate, we collect and process PHI on behalf of dental practices, including but not limited to:

Patient visit recordings and transcriptions
Treatment plans and recommendations
Medical and dental history information
Patient contact information
Appointment and scheduling data

1.2 Business Information

For dental practice customers, we collect:

Practice name, address, and contact information
Billing and payment information
Account credentials and authentication data
Usage analytics and system logs

2. How We Use Information

2.1 Service Provision

We use PHI and other information to:

Provide AI-powered transcription and summary services
Generate visit summaries and treatment plans
Maintain patient portals and practitioner dashboards
Process appointments and equipment orders
Improve our AI models and service quality

2.2 Business Operations

We use business information to:

Manage customer accounts and billing
Provide customer support
Comply with legal and regulatory requirements
Prevent fraud and ensure security

3. Information Sharing and Disclosure

We do not sell, rent, or trade PHI or personal information. We may disclose information only in the following circumstances:

3.1 With Dental Practices

PHI is shared with the dental practice that provided the information, as authorized by Business Associate Agreements (BAAs).

3.2 With Patients

Visit summaries and related information are shared with patients through secure patient portals, as approved by their dental practitioners.

3.3 Service Providers

We may share information with third-party service providers who assist in operations (e.g., cloud hosting, payment processing) under strict confidentiality agreements.

3.4 Legal Requirements

We may disclose information when required by law, court order, or regulatory authority, or to protect rights, property, or safety.

4. Data Security

We implement comprehensive administrative, physical, and technical safeguards to protect PHI and personal information:

Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
Access Controls: Multi-factor authentication and role-based access controls
Audit Logs: Comprehensive logging and monitoring of system access
Regular Security Audits: Third-party security assessments and penetration testing
Incident Response: Established procedures for security incident detection and response

5. HIPAA Compliance

As a HIPAA Business Associate, we:

Execute Business Associate Agreements (BAAs) with all dental practice customers
Comply with HIPAA Security Rule and Privacy Rule requirements
Implement required administrative, physical, and technical safeguards
Conduct regular risk assessments and security audits
Maintain documentation of security policies and procedures
Provide breach notification as required by HIPAA

6. Data Retention

We retain PHI and business information for as long as necessary to:

Provide services to dental practices
Comply with legal and regulatory requirements
Resolve disputes and enforce agreements

Upon termination of service, data is securely deleted in accordance with HIPAA requirements and our data retention policies.

7. Your Rights

7.1 Patient Rights

Under HIPAA, patients have the right to:

Access their PHI
Request amendments to their PHI
Request restrictions on use or disclosure
Request confidential communications
File complaints regarding privacy practices

Patients should direct such requests to their dental practice, which will coordinate with us as needed.

7.2 Business Customer Rights

Dental practice customers may:

Access and manage their account information
Request data export or deletion
Modify account settings and preferences
Request information about our data practices

8. Children's Privacy

Our services are designed for use by dental practices serving patients of all ages. We process PHI for pediatric patients only as authorized by their dental practices and in compliance with applicable laws, including the Children's Online Privacy Protection Act (COPPA) where applicable.

9. International Data Transfers

Our services are primarily provided within the United States. If data is transferred internationally, we ensure appropriate safeguards are in place to protect PHI and personal information in accordance with applicable laws.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify dental practice customers of material changes via email or through our service platform. The "Last Updated" date at the top indicates when changes were last made.

11. Contact Us

Privacy Officer
Avenari
Email: privacy@avenaridental.ai

For HIPAA-related inquiries or to report a privacy concern:
Please contact your dental practice's Privacy Officer, or contact us directly at the email above.

For Business Associate Agreement inquiries:
Please contact your account representative or email: baa@avenaridental.ai

← Back to Home | Terms of Service