Is Flex Patient Communication in Open Dental HIPAA-Compliant?

We Take on The Topic of Data Security & How Flex Works to Keep Your Practice’s Private Data, Well . . . Private.

Our team has worked hard - imagine a training montage from one of the Rocky films featuring some catchy 80’s music - to build a solution that works on all fronts, even in areas that aren’t always initially front-and-center, like HIPAA-compliance.

The Importance of HIPAA-Compliant Patient Communications

Our team believes in being relentlessly transparent - figuratively, of course. It’s our philosophy that our team will do our best to provide you with the facts about Flex, the potential value to your practice, and allow you to make your own decision about whether or not Flex is a good fit for you. We want you to know as much about Flex as possible so that there are no surprises down the road - we hate surprises just as much as you do.

When we discuss Flex with dental and specialty practices, the topic of HIPAA-compliance and safeguarding your patients’ Electronic Protected Health Information (EPHI) is always on the list, and for good reason. The last thing you want to do is have to explain to your patients that somehow their data was compromised. How do I know that? I’ve spent quite a bit of time working in a dental practice - just like all of you.

Prior to starting Flex, my wife, Jennifer (who is a dentist), and I began a scratch start-up practice near San Diego, CA. If you don’t know the Flex story, we developed Flex in our own practice after searching for a patient communication solution that addressed the workflow challenges our staff was facing in our Open Dental PMS. I wrote the software code for Flex while Jen and the practice team provided the roadmap for optimizing our workflow in Open Dental and what features we had at the top of our Flex wish list. 

Having helped start a practice from the ground up AND having built a dental software company, I know the critical role both practices and technology providers play in maintaining HIPAA-compliance. Your patient data should be considered sacred and treated as such. It’s the responsibility of dental practices to ensure they are utilizing appropriate IT infrastructures and security measures to protect the patient data stored in Open Dental and other software on their local servers. 

Similarly, technology providers, including Flex, have an obligation to keep all protected health information utilized or accessible by their systems secure. It’s a symbiotic relationship that takes effort from both sides. We’ve certainly designed Flex to hold up to its end of the bargain.

How Flex Keeps Your Patient Communications in Open Dental HIPAA Compliant

As you likely know, there are many requirements under HIPAA which are designed to protect EPHI.  While there are literally dozens of considerations that went into the development of Flex that were designed to protect data integrity, here are the major safeguards Flex has implemented to keep your patients’ EPHI secure:

Data Storage

Flex’s method of protecting stored data is never having to store patient information in the first place. Flex only reads and writes patient data to and from Open Dental, where the information is stored in the appropriate area of the patient record. Your safeguards in place for protecting your data in Open Dental cover any and all data accessed by Flex. Flex does not store any of the patient information that it accesses or transmits to Open Dental. That’s right, none.


Access to data is an exclusive party and not everyone should make the guest list. Limiting data access is a critical component of HIPAA and, again, Flex provides a safeguard here. Flex user profiles are imported directly from Open Dental and the system administrator can set permissions for what functionality each user has access to in Flex. Users are also automatically logged off after a period of inactivity.


We keep your data safe from prying eyes with state-of-the-art encryption. When Flex accesses Open Dental and transmits data, the information is encrypted so that it is not viewable in transit. So, any submitted patient forms, health history updates, etc. are safely sent back to the patient record in Open Dental.


It’s 3 strikes and you’re out. When your practice sends a patient their statement or a treatment plan via email or text, Flex creates a unique URL that requires authentication with the patient’s date of birth. These statement and treatment plan links lock after 3 failed login attempts and expire after 7 days to prevent unwanted access.

Business Associate Agreement

You know the old saying that you are the company you keep? Every practice that does business with Flex is required to sign a Business Associate Agreement (BAA) outlining their commitment to maintaining HIPAA compliance in their practice just like we commit to continue making security in Flex a top priority on our end. We take data security very seriously but, unfortunately, some responsibilities are beyond our control. We expect all of our customers to make the same level of commitment to data security that we do. 

Is Flex HIPAA Compliant?

Absolutely! As mentioned above, we take many steps to ensure the integrity of your data and to safeguard electronic protected health information. As always, each practice we partner with has a responsibility of their own to maintain an environment that keeps HIPAA compliance a top priority. 

If you have any questions about Flex or our protection of EPHI, please feel free to reach out to one of our “Flex-perts” via the button below. We will be happy to speak with you about the specific challenges your practice is facing and how Flex can help make your Open Dental practice more efficient and your patients happier.

Ready to learn more?

If you’re an Open Dental user looking for a patient communication solution, please ask for opinions of our solution from other Open Dental practices. We pride ourselves on creating Flex fans for life. The words of our customers are our best reference and we think you’ll like what you find.

Our team members are all what we affectionately call “Flex-perts” and make it a priority to address all requests quickly and knowledgeably. If you have any questions or would like to learn more, please click the button below and submit your questions online. A member of our team will connect with you shortly and help you understand the value that Flex can bring to your practice and your patients.

Reach Out to Our Team