Compliance

HIPAA Notice

Last Updated: March 31, 2026

CyberDental Group LLC ("CyberDental") is a dental-exclusive Managed Service Provider (MSP) that provides HIPAA-compliant IT infrastructure, cybersecurity, and compliance services to dental practices. This notice explains how HIPAA applies to our public website and managed services.

Scope of This Notice

This HIPAA Notice applies to the CyberDental website (cyberdentalgroup.com) and clarifies the distinction between our public website and our managed IT services provided under contract to dental practices.

This website does not process, store, or transmit Protected Health Information (PHI).

The public CyberDental website is an informational marketing site. It is not a patient portal, electronic health record system, or HIPAA-covered communication channel.

AI Chat Assistant & PHI

Our website features an AI-powered chat assistant ("Core") for general inquiries about our IT services. Important limitations:

  • Do not enter Protected Health Information — patient names, medical records, diagnoses, treatment information, Social Security numbers, or any data that could identify a patient.
  • The chat is powered by a third-party AI service (Anthropic) and is not a HIPAA-compliant communication channel.
  • Chat conversations are not covered by any Business Associate Agreement.
  • If you need to discuss matters involving PHI, contact us directly through secure, contracted communication channels established under your service agreement.

CyberDental's HIPAA-Compliant Services

When engaged as a managed IT provider for dental practices, CyberDental operates as a Business Associate under HIPAA and maintains the following compliance framework:

  • Business Associate Agreements (BAAs) executed with all contracted clients
  • Encryption at rest and in transit for all managed systems
  • Access controls and audit logging across managed infrastructure
  • Regular risk assessments and vulnerability scanning
  • Incident response and breach notification procedures
  • Workforce training on HIPAA requirements
  • Documented policies and procedures per the HIPAA Security Rule

HIPAA 2026 Security Rule

The U.S. Department of Health and Human Services has published updated HIPAA Security Rule requirements taking effect in 2026. Key changes include:

  • Mandatory encryption of all electronic PHI (ePHI) at rest and in transit
  • Required multi-factor authentication (MFA) for all systems accessing ePHI
  • Annual penetration testing and biannual vulnerability scanning
  • 72-hour recovery validation after security incidents
  • Enhanced documentation and risk assessment requirements
  • Increased maximum penalties up to $2.1 million per violation category

CyberDental offers three compliance tiers to help practices meet these requirements:

Shield
Foundational compliance — risk assessment, policy templates, basic encryption verification, and compliance training.
Sentinel
Advanced compliance — continuous monitoring, vulnerability scanning, MFA enforcement, and incident response planning.
Fortress
Enterprise compliance — full penetration testing, 72-hour recovery validation, dedicated compliance officer support, and audit-ready documentation.

Business Associate Agreements

CyberDental executes Business Associate Agreements with all clients whose data we access, manage, or store as part of our managed IT services. BAAs are provided as part of our standard client onboarding process. If you are a current client and need a copy of your BAA, contact your account representative or our compliance team.

Reporting a Concern

If you believe PHI has been inadvertently shared through our website or have any HIPAA-related concerns, contact our compliance team immediately:

HIPAA Compliance Officer
CyberDental Group LLC
480 W 84th Street, Suite B106
Hialeah, FL 33014

Email: [email protected]
Phone: (954) 639-7049

Related Policies