Security & Compliance

HIPAA compliance,
built into the architecture

DentalCanvas doesn't just follow HIPAA guidelines — it's architecturally designed so that PHI never leaves your network in the first place.

Data stays on your network

DentalCanvas runs entirely on your local server or workstation. Patient data is read from your Open Dental database over your LAN and never transmitted externally.

Read-only API access

DentalCanvas connects through the official Open Dental API using read-only methods. It cannot modify, delete, or alter your Open Dental data in any way.

PHI masking & session control

Toggle HIPAA mode to mask patient names, DOB, phone numbers, and other identifiers on screen. Sessions auto-lock after 15 minutes of inactivity.

Technical Details

How we protect patient data

API Safety Controls

DentalCanvas connects through the official Open Dental API using read-only methods. Multiple layers of protection ensure your data integrity:

  • Only GET requests are made — DentalCanvas never writes, updates, or deletes data
  • API key permissions are scoped to read-only access
  • Request rate limiting prevents excessive load on your Open Dental system
  • All API activity is logged to hash-chained audit entries
  • Open Dental's own API permission model provides an additional safety layer
// Open Dental API access pattern Method: GET only Writes: None — read-only by design // API key scoped to read permissions // Rate limiting active // Audit logging on all requests

PHI Masking System

DentalCanvas includes a comprehensive PHI masking system that can be toggled with a keyboard shortcut (Ctrl+Shift+H) or from the admin panel:

  • Patient names replaced with initials or redacted placeholders
  • Date of birth, phone numbers, and email addresses masked
  • Physical addresses and subscriber IDs redacted
  • Masking state persisted across sessions via settings API
  • All error reporting and crash analytics scrub PHI before transmission

Electron Runtime Hardening

The desktop application is built on Electron with maximum security isolation:

  • Context isolation enabled — renderer processes cannot access Node.js APIs
  • Sandbox mode active — renderer runs in a restricted environment
  • Node integration disabled — no direct filesystem access from the UI
  • Content Security Policy applied on all responses
  • IPC handlers verify renderer origin before processing any request
  • External window opens denied by default (only HTTPS and mailto allowed)
  • Session permission requests denied by default

Audit & Credential Security

DentalCanvas maintains audit trails and protects integration credentials:

  • Marketing integration credentials encrypted at rest before database storage
  • Audit events recorded for scan and integration operations
  • Local tool scanning returns redacted path metadata by default
  • Windows installer enforces per-machine installation in protected paths with restrictive ACLs
  • Service installer uses LocalService identity instead of LocalSystem
FAQ

Common HIPAA questions

Does DentalCanvas offer a BAA?
Yes. We sign Business Associate Agreements with practices that require one. That said, because DentalCanvas runs entirely on your local network and does not transmit or store PHI on any external server, the scope of the BAA is minimal compared to cloud-based vendors. Your patient data stays within your existing HIPAA-covered environment at all times.
Can DentalCanvas modify our Open Dental data?
No. DentalCanvas connects through the official Open Dental API using read-only methods (GET requests only). It never writes, updates, or deletes data. The API key is scoped to read-only permissions, and Open Dental's own permission model provides an additional safety layer. Your Open Dental data integrity is never at risk.
Does any patient data leave our network?
No. All data processing happens locally on your server or workstation. The only network traffic DentalCanvas generates externally is for license activation, automatic software updates, and optional marketing integrations (Google Ads, Meta, etc.) — none of which transmit patient data. AI huddle briefings also run locally on your machine.
How does HIPAA mode work?
HIPAA mode can be toggled with Ctrl+Shift+H or from the admin panel. When active, it masks patient names (showing initials only), dates of birth, phone numbers, email addresses, physical addresses, and subscriber IDs. The masking state persists across sessions. Additionally, sessions auto-lock after 15 minutes of inactivity, requiring re-authentication.
What about error reporting — could PHI leak through crash reports?
No. All error reporting and crash analytics pipelines include PHI scrubbing filters that strip patient identifiers before any data is transmitted. Local file paths are also redacted by default in diagnostic metadata.

Your data. Your network. Your control.

See how DentalCanvas keeps your practice data secure while delivering powerful analytics.

See Plans & Pricing Open Dental Integration