Step 1
Execute a BAA with the AI vendor before PHI is processed.
HIPAA COMPLIANCE
Dental AI HIPAA compliance resources.
Use these resources to prepare consent, NPP updates, staff training, and launch controls. Confirm vendor data handling, retention, access, and BAA terms before go-live.
What this page helps you verify
- BAA before deployment
- Patient consent workflow
- Retention and access terms
- Staff training and opt-out process
ANSWER
What HIPAA means for dental AI scribes
If a vendor creates, receives, maintains, or transmits PHI for the practice, the vendor should be evaluated as a Business Associate. The real go-live question is not whether the page uses a compliance badge. The real questions are whether the BAA is signed, who can access the data, how long audio or transcript data is retained, what the consent workflow says, and who reviews the final clinical note.
For the documentation-risk side of the same decision, read the hidden risk in clinical notes.
For patient recording and consent workflow, read the dental AI privacy and consent guide.
OraCore’s current public position
- OraCore provides a BAA before deployment.
- OraCore supports human review before final documentation.
- Pro includes compliance logging.
- Enterprise includes role-based permissions.
What to confirm during onboarding
- Current retention terms.
- Current access controls.
- Current deletion workflow.
- Who can start and stop recording.
GO-LIVE
Practice go-live checklist
Step 2
Decide whether consent is written, verbal, or both based on state law and practice policy.
Step 3
Update the Notice of Privacy Practices if AI-assisted documentation changes how PHI is created or processed.
Step 4
Train front desk and clinical staff on how to explain the tool and handle opt-outs.
Step 5
Confirm who can access notes, transcripts, and patient context.
Step 6
Run a test appointment without a patient to validate microphone, browser, and room setup.
FREE RESOURCES
HIPAA document templates
These five documents form the core HIPAA compliance package for a dental practice using AI-assisted documentation. Customize them for your practice, then have counsel review before implementation.
Template
Patient consent form
Written authorization for AI scribe use during appointments. Covers what is recorded, how data is protected, and patient rights.
Template
NPP AI addendum
Supplement to your Notice of Privacy Practices for AI-assisted documentation workflows.
Template
Staff training card
Quick-reference card for front desk and clinical staff covering consent, opt-out, and patient questions.
Template
Go-live checklist
Operational checklist covering pre-launch, launch day, and follow-up compliance checks.
Template
Operatory notice card
Print-ready patient notice for rooms where AI-assisted documentation is in use.
VENDOR REVIEW
Questions to ask every AI scribe vendor
Will you sign a BAA before deployment?
If the vendor handles PHI for the practice, the answer should be clear before go-live.
What data is captured during an appointment?
Ask whether the tool captures audio, transcripts, notes, identifiers, and any patient context.
Is raw audio retained?
If yes, ask for the retention period, storage location, and reason for retention.
Who can access the data?
Ask about support staff access, role-based permissions, audit logging, and deletion workflow.
What happens when a patient opts out?
The team should have a documented manual workflow ready before the first visit.
FAQ
Frequently asked questions
Is an AI dental scribe a Business Associate?
If the vendor creates, receives, maintains, or transmits PHI for the practice, it should be evaluated as a Business Associate and covered by a BAA.
Does HIPAA require patient consent for an AI scribe?
HIPAA is not the only rule. Consent requirements can also depend on state recording laws, patient notice obligations, and practice policy.
Can patients opt out?
Yes. A practice should have a clear opt-out workflow and a manual documentation fallback.
Does OraCore replace clinical review?
No. OraCore drafts documentation. The clinical team reviews, edits, and controls what becomes the final record.
What should a practice confirm before go-live?
Confirm the BAA, consent workflow, NPP language, staff training, access controls, retention terms, deletion process, support access, and final note review workflow.
NEXT STEP
Review the compliance flow before the first recording.
The safest launch is the one where the team has already decided how consent, access, review, and opt-out work before a patient sits down.