Security Paper


DentalXChange, the dental RCM platform, has established a leading-edge security infrastructure with multiple overlapping security controls but feels it’s important to remind our clients there are no security guarantees with data transmissions over the Internet. Security controls managed by our clients also affect the security of their use of our system. Items such as not creating unique logins for each user, using complex passwords, and promptly disabling accounts when an authorized user leaves the practice can bypass the effectiveness of security controls. We are all in this together and DentalXChange’s mission is to simplify the dental RCM ecosystem and to help dental providers, payers and partners to grow their business securely.

Security is a top priority at EDIHealth Group - DentalXChange. As a Clearinghouse, DentalXChange is designated as a HIPAA Covered Entity and we take our responsibilities for protecting our PHI, PII, and other data seriously. Our servers and data are protected behind a state-of-the-art security infrastructure designed to safeguard your personal data. Our data is processed and stored at a leading commercial data center designed to support complexInternet hosting for enterprises with mission-critical Internet operations. Once you have logged in to ClaimConnect™, DentalXChange's powerful Web-based practice revenue management and payer connectivity solution, your patient and practice information is encrypted both "in motion" and "at rest." All data communications between your browser and our servers are encrypted byTransport Layer Security 1.2 (TLS 1.2) at a minimum and data stored on our servers is encrypted by the leading encryption standard, AES-256. As a result, all of DentalXChange's clients can enjoy the protection and peace of mind of a world-class security system.

Industry-Leading Security

DentalXChange has created a best-of-breed security infrastructure assembled from leading-edge technologies proven to be the most secure for each function. All firewalls and encryption devices in use are sourced from leading Internet security providers, configured by experts and rigorously tested before being placed into production.

Because a network is only as secure as its most vulnerable point, DentalXChange implements a broad array of security measures at multiple locations throughout its architecture. Specific examples of our security measures include:

Physical Security

All transaction-based areas of, including ClaimConnect, are hosted at a leading provider of complex Internet hosting for enterprises with mission-critical Internet operations. The data center provides the physical environment necessary to help keep our servers up and running 24 hours a day, seven days a week, with sophisticated redundant subsystems, fire suppression systems, security cameras, locked access specific to our equipment, and security breach alarms. Entry into the facility requires an electronic card key and biometric scans.

Perimeter Defense

A strong perimeter defense is essential to prevent unauthorized or inappropriate system access. DentalXChange utilizes industry-standard security in several areas. All servers and hardware are supported by their manufacturers and patched with all current security patches. Actively updated anti-virus endpoint protection is run corporate-wide on all servers and workstations. The networks at both the corporate office and data center are protected by redundant firewalls. Our communication between these two networks is encrypted via a point-to-point tunnel. Administrative access to our servers, firewalls and routers is available only to a small number of well-trained and trusted individuals. All passwords are required to be strong passwords and are changed frequently. We run intrusion detection software and data loss prevention methods on network components and log all accesses. We constantly evaluate and add to these defenses as industry standards change

Data Encryption

The strongest available encryption protects all DentalXChange client data transmitted over the Internet. DentalXChange servers have been certified by authentication leader Thawte as secured by strong encryption. This is evidenced by the lock icon in the corner of the user's browser and assures clients that data is protected from access in transit.

User Authentication

DentalXChange client data can be accessed only with a valid username and password combination, which is encrypted via secure certificates from Thawte to prevent theft. Once a session has been established, an encrypted session ID cookie that does not contain username or password information is used to identify the user. For added security, the session key is automatically scrambled and re-established in the background at regular intervals.

Application Security

ClaimConnect, which users access to verify eligibility, look up benefit plan details and submit claims or encounters, uses a role-based security system. Authorized users are assigned unique usernames and passwords within a group associated with the subscribing dental practice and are given specific functionality based on their role. If your practice needs to restrict some users to certain functionality, please contact our client service for help.

Operating System Security

DentalXChange enforces tight operation system-level security by using a minimal number of access points to all production servers and protecting all operation system accounts with strong passwords. All operating systems, commercial applications, and hardware components are conscientiously maintained at each vendor's recommended patch levels for security.

Database Security

Wherever possible, all database access is controlled at the operating system and database connection level for additional security. Access to production databases is limited to a minimal number of points; as with production servers, production databases do not share a master password database.

Reliability and Backup

To prevent data loss in the event of a catastrophic event or failure, all client data is frequently backed up to the last committed transaction. Data is backed up at both a secure offsite repository as well as at a secure geographically redundant secondary data center.

Our data centers provide many hours of backup battery power as well as 18 days of redundant diesel generator power. There is redundant Internet connectivity via all four exterior walls of the data center facility in case of a trenching accident or earthquake. In addition, DentalXChange stocks redundant computer equipment in case of severe hardware failure. Individuals with administrative security are designated for disaster coverage and alternates are available at all times.

Certification and Audits

DentalXChange Is HITRUST certified. HITRUST has been described as the “Gold Standard” of HIPAA privacy, security and compliance certifications and involves a rigorous process of review by an independent third-party assessor. Additionally, DentalXChange is partnered with the largest dental insurance carriers in the country and must satisfy each of their security requirements.