Smylen HIPAA Compliance Policies

Smylen, Inc ("Smylen") is committed to ensuring the confidentiality, privacy, integrity, and availability of all electronic protected health information (ePHI) it receives, maintains, processes and/or transmits on behalf of its Customers. As builders of compliant, hosted software used by health practitioners, consumers, insurance brokers, businesses, and various types of organizations ("Customers"), Smylen strives to maintain compliance, proactively address information security, mitigate risk for these Customers, and assure known breaches are completely and effectively communicated in a timely manner. The following documents address core policies used by Smylen to maintain compliance and assure the proper protections of infrastructure used to store, process, and transmit ePHI for Smylen Customers.

Smylen provides a technology enabled, mobile web based marketplace ("platform") for consumers to book dental treatments, and a membership rewards program sponsored by organizations and offered to groups. These Categories are cited throughout policies as Customers in each category inherit different policies, procedures, and obligations from Smylen.

The platform stores dental treatment information and medical history to provide a seamless consumer experience going to the dentist. Smylen makes every effort to reduce the risk of unauthorized disclosure, access, and/or breach of Smylen customer data through the use of secure cloud technologies. Our platform is locked down at all levels including the network (firewalls, dedicated VPC, etc), server (encryption at rest and in transit, strict of use containers, etc) and application layer. Access is limited to those who need it for their jobs, and any changes or exceptions are documented so such that these claims are verifiable by audit.