Take Our Billing Process Assessment | See How Your Practice Compares →
OUR SECURITY COMMITMENT

HIPAA & PCI Compliant Software

At Pearly, practice and patient trust is our #1 priority. We apply a rigorous, platform-wide approach to security, specifically with regards to HIPAA-compliant handling of protected health information (PHI) and PCI-compliant handling of financial card data. Pearly offers a Business Associate Agreement (BAA) to our dental practice customers enumerating our respective obligations under HIPAA. Further detail on our security posture is outlined below:

Security Icon

Patient Information

Patient information, including data that falls within the scope of HIPAA and the Pearly BAA, is persisted on Google Cloud Platform (GCP) and Confluent Cloud. Pearly has countersigned BAAs with these entities and has verified their compliance with HIPAA, SOC2, and ISO 27001.

Within Pearly's cloud infrastructure, we employ the following practices to ensure data integrity and security: 1) Virtual Private Cloud isolation and peering, 2) Encryption of Data At Rest (AES-256) and In Transit (TLS) 3) Anonymization of Non-Production data

Security Icon

Identity Management

Pearly relies on the industry-standard Google Identity Platform within GCP for API-level identity management of both Practice Users and Patients.

Our identity layer consists of SHA-2 encrypted password management and authentication, role-based, session-delimited access controls, and application level authorization logic.

Security Icon

Financial Information

All credit card, debit card, ACH, and other payment method data is collected, stored, and processed via Stripe.

Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.

Security Icon

Internal Security Policy

Pearly maintains and enforces an Internal Security Policy. This policy establishes information security controls and business practices to ensure the protection of sensitive data, specifically Protected Health Information, within the managed services, infrastructure, and business systems operated by Pearly Technology, Inc.

Find out if Pearly is right for your practice.

Book a 1:1 demo with a product expert.

Schedule Free Demo