Information Security at DentaQuest
We implement the highest Information Security standards to protect member and client data.
DentaQuest's multi-layered Information Security (IS) approach protects individual data components and includes backup to counter any potential gaps. These layers include Security Awareness, Vendor Risk Management, Vulnerability Management, Penetration Testing, Risk Management, Policy Management, Access Control, Web Application Security, Physical Security, Endpoint Security, Business Continuity, Disaster Recovery, and Incident Management.
Our state-of-the-art cybersecurity elements include a comprehensive IS plan that we update every year or sooner, plus:
- A secure software development lifecycle that benefits our portals and applications
- End-to-end portal encryption, including encryption at rest and encryption in transit
- Customized emergency and incident response plans and system development lifecycles
- Processes to prevent data loss, and manage firewall, intrusion prevention and endpoint protection
- In-depth threat analysis and response with security information and event management (SIEM)
- Policy training for new hires, annual security training for all employees, and ongoing security-awareness training that we tailor for specific jobs and roles
- Standardized operating procedures, codified in our employee handbook and code of conduct
- DentaQuest is HITRUST and NIST CSF-certified for claims adjudication and related processes.
- A major public accounting firm annually performs DentaQuest’s Service Organization Control 1 report, using the SSAE 18 standard.
- Our ongoing security risk and readiness assessments maintain standards such as CIS Top 20 Critical Security Controls, 23 NYCRR 500, Massachusetts 201 CMR 17.00, COSO, Commonwealth of Virginia Standard SEC501, HIPAA Security and Privacy Rules, HITECH and HITRUST, among other frameworks.
The newsletter designed for anyone who wants to improve oral health for themselves, their families, customers or communities.