Security at Pearly
HIPAA & PCI compliant software platform.
Our Security Commitment.
At Pearly, practice and patient trust is our #1 priority.
We take a rigorous approach to security to ensure HIPAA-compliant handling of protected health information (PHI) and PCI-compliant handling of financial card data. Pearly has legally-binding Business Associate's Agreements (BAAs) with all third-party service providers handling PHI.
Identity Management
Patient identity data (name, email, password) are managed and stored in the Google Identity Platform.
Google's Identity Platform implements industry-leading encryption (SHA-2) and authentication (OAuth 2.0) standards.
Patient Information
Patient Uploads are transmitted via SSL and stored in Google Cloud Storage, which implements AES-256 encryption at rest.
Patient profile data (address, birthdate, etc.) and history are stored in a data vault administered by VGS, a HIPAA, PCI, and SOC2 compliant security provider.
Business Associate Agreements
Pearly has countersigned Business Associate's Agreements ("BAA") with Google and VGS certifying their compliance with all relevant HIPAA requirements vis-a-vis their data transmission and storage functions.
We, in turn, offer a Business Associate Addentum to Pearly dental practice customers.
Financial Information
All credit card, debit card, ACH, and other financial data is collected, stored, and processed via Stripe.
Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.
