Healthcare · US & Canada

Healthcare Privacy & Compliance

How JotLink supports dental clinics, healthcare practices, and care providers with administrative, technical, and physical safeguards for sensitive data.

Statement for the United States and Canada  ·  For contractual terms, see your agreement and our Privacy Policy

01

Overview

At JotLink, we understand the critical importance of protecting patient privacy and the trust placed in us by dental clinics, healthcare practices, and other care providers across the United States and Canada.

We are committed to maintaining strong administrative, technical, and physical safeguards to protect personal health information and other sensitive data processed through our services.

For customers in the United States, JotLink supports compliance with applicable HIPAA requirements, including acting as a Business Associate where applicable. For customers in Canada, JotLink supports compliance with applicable privacy requirements, including PIPEDA and relevant provincial health privacy laws, as applicable to the customer’s operations and use of our services.

02

Business Associate & data protection agreements

Where required and appropriate, JotLink enters into Business Associate Agreements with Covered Entities and with subcontractors that process Protected Health Information on our behalf in support of U.S. healthcare customers.

For Canadian customers, JotLink supports privacy and security obligations through appropriate contractual commitments and operational controls designed to align with applicable Canadian privacy requirements.

03

Secure technology & safeguards

JotLink uses industry-standard security measures to protect sensitive data in transit and at rest.

Technical safeguards

  • Data in transit is protected using secure encryption protocols, including HTTPS with TLS 1.2 or higher for APIs and web traffic, and secure real-time media protection such as SRTP for supported voice and video communications.
  • Data at rest is protected using strong encryption standards, including AES-256 or equivalent safeguards where applicable.
  • Access to sensitive information is restricted based on role, business need, and authorized purpose.
  • Logging & monitoring — system access and security-relevant events are logged and monitored to support security oversight and incident investigation.

04

Privacy & data protection practices

JotLink applies the principles of least privilege and minimum necessary access when handling Protected Health Information, personal health information, and other sensitive customer data.

What we do — and don’t do

  • Sensitive information is accessed, used, and disclosed only as necessary to provide, support, secure, and maintain our services, or as otherwise permitted by contract and applicable law.
  • JotLink does not use patient information for marketing purposes.
  • JotLink does not use customer PHI or personal health information to train AI models except where expressly authorized by the customer and permitted by applicable law and contractual terms.
  • We maintain controls designed to limit access to authorized personnel and approved service providers with a legitimate operational need.

05

Incident response & breach notification

JotLink maintains incident response procedures designed to identify, contain, investigate, and remediate security incidents in a timely manner.

In the event that a security incident affects PHI or personal health information, JotLink will work promptly and in good faith with affected customers to provide relevant information and support their compliance with applicable notification and reporting obligations under U.S. and Canadian law.

06

Workforce training & ongoing compliance

JotLink maintains an ongoing privacy and security compliance program to support the needs of healthcare customers.

  • Workforce members receive privacy and security training as part of onboarding and on a recurring basis thereafter.
  • We conduct periodic risk assessments and review relevant vendors and subprocessors involved in delivering our services.
  • We evaluate and update our safeguards, practices, and vendor oversight processes as our products, infrastructure, and regulatory requirements evolve.

07

Our approach

JotLink is committed to helping healthcare organizations protect patient information through strong security practices, responsible data handling, and careful oversight of the vendors and service providers that support our platform. We work closely with our customers to support their privacy and compliance obligations in both the United States and Canada.

Related documents

Privacy & terms

Privacy Policy  ·  Terms & Conditions