Regulatory Compliance

Built in Canada. Designed for Oral & Dental Care. Trusted Globally.

At Compass Pro, compliance isn’t an afterthought — it’s the foundation.
As a Canadian-built Dental Practice Management Software, Compass Pro is designed for oral health professionals who handle sensitive patient data every day. We understand that your practice must meet strict privacy and security requirements — whether you operate in Canada, the United States, or the European Union.

That’s why Compass Pro helps ensure your dental workflows remain secure, compliant, and legally sound across all regions.

Privacy and Compliance in Canada

As a Canadian-developed platform, Compass Pro is built to comply with Canadian privacy legislation first, including:

• PIPEDA (Personal Information Protection and Electronic Documents Act): Governs the collection, use, and disclosure of personal information in commercial healthcare environments.
• PHIPA (Personal Health Information Protection Act – Ontario): Establishes standards for how dental and healthcare providers manage patient health records.

Compass Pro incorporates these principles throughout its design — from data encryption and access control to audit logging and Canadian data residency options.

HIPAA Support for U.S. Dental Practices

For practices operating in or serving patients in the U.S., Compass Pro supports compliance with the Health Insurance Portability and Accountability Act (HIPAA).
We provide tools that help dental and oral care providers meet the administrative, physical, and technical safeguards outlined under HIPAA:

• Administrative Safeguards: Role-based permissions, staff access policies, and training features.
• Physical Safeguards: Secure hosting, restricted access, and redundancy protection.
• Technical Safeguards: End-to-end encryption, MFA, and full audit trails.

Where required, Compass Pro enters into Business Associate Agreements (BAAs) to formalize compliance support for our U.S. customers.

GDPR Alignment for European Clinics

Compass Pro also supports dental clinics and service providers managing patient data under the General Data Protection Regulation (GDPR).
Key privacy-aligned features include:

• Consent Management: Capture and manage patient consent digitally.
• Data Subject Rights: Tools to support data access, rectification, and deletion.
• Data Portability: Enable secure transfer of records when requested.
• Configurable Retention: Set retention policies by region or clinic type.

Secure by Design

From appointment scheduling to patient records, compliance is built into every layer of Compass Pro’s infrastructure:

• Role-Based Access Control (RBAC): Ensures only authorized staff can access PHI.
• Encryption in Transit and at Rest: AES-256 and TLS encryption safeguard all patient data.
• Comprehensive Audit Logs: Track every action and access for full accountability.
• Data Residency Options: Host patient data in Canadian, U.S., or EU data centres to meet local laws.

Supporting Your Compliance Efforts

Compliance is a shared responsibility. Compass Pro provides the technology, documentation, and training to help your dental practice maintain compliance every day:

• Onboarding & Staff Training: Guidance for privacy and data-handling best practices.
• Policy Templates: Prebuilt frameworks for internal privacy procedures.
• Dedicated Support: Assistance with audits, due diligence, and compliance documentation.

Why It Matters

Regulatory compliance isn’t just about avoiding penalties — it’s about patient trust.
By choosing Compass Pro, you’re choosing a Canadian-built platform that protects patient privacy, simplifies regulatory readiness, and keeps your practice running confidently and compliantly.