HIPAA & PCI compliant software platform.
At Pearly, practice and patient trust is our #1 priority.
We take a rigorous approach to security to ensure HIPAA-compliant handling of protected health information (PHI) and PCI-compliant handling of financial card data. Pearly has legally-binding Business Associate's Agreements (BAAs) with all third-party service providers handling PHI.
Patient identity data (name, email, password) are managed and stored in the Google Identity Platform.
Google's Identity Platform implements industry-leading encryption (SHA-2) and authentication (OAuth 2.0) standards.
Patient Uploads are transmitted via SSL and stored in Google Cloud Storage, which implements AES-256 encryption at rest.
Patient profile data (address, birthdate, etc.) and history are stored in a data vault administered by VGS, a HIPAA, PCI, and SOC2 compliant security provider.
Pearly has countersigned Business Associate's Agreements ("BAA") with Google and VGS certifying their compliance with all relevant HIPAA requirements vis-a-vis their data transmission and storage functions.
We, in turn, offer a Business Associate Addentum to Pearly dental practice customers.
All credit card, debit card, ACH, and other financial data is collected, stored, and processed via Stripe.
Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.