HIPAA & Security at Savvy Agents

At Savvy Agents, protecting patient health information (PHI) is central to everything we build. As an AI-powered platform serving dental practices, we understand the critical importance of HIPAA compliance and data security.

Our HIPAA Commitment

Savvy Agents is committed to maintaining compliance with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations. We operate as a Business Associate under HIPAA and enter into Business Associate Agreements (BAAs) with all covered entity customers.

  • We maintain a comprehensive HIPAA compliance program
  • We execute BAAs with all healthcare customers before processing PHI
  • We conduct regular risk assessments and security audits
  • We train all employees on HIPAA requirements and data handling procedures

Data Encryption

We employ industry-standard encryption to protect your data:

  • In Transit: All data transmitted between your systems and ours is encrypted using TLS 1.2 or higher
  • At Rest: All stored data, including PHI, is encrypted using AES-256 encryption
  • Database: Our PostgreSQL databases use encrypted storage with strict access controls

Access Controls

We implement strict access controls to ensure only authorized personnel can access sensitive data:

  • Role-based access control (RBAC) across all systems
  • Multi-factor authentication (MFA) for all administrative access
  • Principle of least privilege enforced for all team members
  • Regular access reviews and audit logging

Infrastructure Security

  • Cloud infrastructure hosted on SOC 2 compliant providers
  • Network segmentation and firewall protections
  • Regular vulnerability scanning and penetration testing
  • Automated monitoring and alerting for suspicious activity

AI & Voice Data Handling

Our AI assistants handle calls and patient interactions with strict safeguards:

  • Voice data is processed securely and not retained beyond the necessary processing period
  • AI model interactions do not use patient data for training purposes
  • Call recordings and transcripts are stored securely with appropriate access controls
  • All third-party AI providers we use are vetted for HIPAA compliance

Incident Response

We maintain a documented incident response plan that includes:

  • 24/7 security monitoring and alerting
  • Defined escalation procedures for potential breaches
  • Timely notification to affected parties as required by HIPAA Breach Notification Rule
  • Post-incident review and remediation processes

Business Associate Agreement

We require a signed BAA with all healthcare customers before processing any PHI. Our BAA outlines the responsibilities of both parties in protecting patient data. You can review our standard BAA here.

Contact Us

For questions about our HIPAA compliance or security practices, please contact our team:

Email: hello@savvyagents.ai