Security at DentaQuest

Security Icon We are committed to the highest standards of security and protection for our member and client data. We meet these standards through our layered security approach, which includes Security Awareness, Vendor Risk Management, Vulnerability Management, Penetration Testing, Risk Management, Policy Management, Access Control, Web Application Security, Physical Security, Endpoint Security, Business Continuity, Disaster Recovery, and Incident Management.
 

Elements of Security

We employ the following elements to ensure robust protection of the data entrusted to us.
  • A strong policy structure, evidenced by our Information Security Plan, which is reviewed and updated at least annually
  • Facility-specific emergency procedures, incident response plans, system development lifecycles, standard operating procedures, an employee handbook and code of conduct policies
  • Policy training for new hires, annual security training for all employees, and ongoing customized security awareness training tailored to specific jobs and roles
  • A Secure Software Development Lifecycle process that benefits our portals and applications, which are secured through end to end encryption, including encryption at rest and encryption in transit
  • Proven security processes to manage data loss prevention, firewall, intrusion prevention and endpoint protection.
  •  SIEM application that enables in-depth threat analysis and response
 

Certifications

  • DentaQuest's claim adjudication system, and related processes became HITRUST and NIST CSF certified in 2019. HITRUST is based upon various security frameworks, including NIST 800-53, PCI Data Security Standard, and Cloud Security Alliance, among others. Nineteen different domains and 630 security indicators are addressed through DentaQuest’s HITRUST certification. HITRUST was implemented as a healthcare-specific information security framework and has been the only dedicated framework for the healthcare industry.
  • DentaQuest has an annual Service Organization Control (SOC) 1 report, performed by a major public accounting firm. It is performed to the SSAE 18 standard.
  • DentaQuest also performs security risk and readiness assessments as part of its standard business process that encompasses standards including SANS20 Critical Controls, 23 NYCRR 500, Massachusetts 201 CMR 17.00, COSO, Commonwealth of Virginia Standard SEC501, HIPAA Security and Privacy Rules, HITECH, and HITRUST, among other frameworks.
 
HITRUST logo               SOC Logo