What's Included
Every Mayla customer gets the same compliance foundation — no add-on compliance tier, no enterprise-only security.
We execute a BAA with every practice before going live — on every plan, including Starter. You receive a fully signed copy for your compliance documentation.
All patient call data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Call recordings are stored in HIPAA-compliant US-based infrastructure and accessible only to your practice.
We collect and retain only the data needed to complete a booking. We don't store clinical information, insurance details beyond basic eligibility, or any data beyond what's required for appointment management.
Mayla integrates only with HIPAA-compliant practice management systems: Dentrix, Eaglesoft, Jane App, Open Dental, and Curve Dental. No data passes through non-compliant third parties.
Your Mayla dashboard supports role-based access. You control which team members can access call recordings, review logs, and manage settings. Access can be revoked instantly.
All patient call data is stored and processed within the United States. We do not transfer patient data to international servers or use offshore call processing.
For Compliance Officers
Whether you're a single-location practice or a DSO with a compliance officer on staff, Mayla provides the documentation and controls you need to proceed confidently.
Our BAA is available for review before you sign up. Our security documentation is available on request. Most practices complete compliance review in under a week.
Request Compliance Documentation →Integrates only with HIPAA-compliant systems
FAQ
Yes. Mayla signs a Business Associate Agreement with every practice before going live — on every plan, including Starter. The BAA is executed during onboarding, before any patient call data is processed. You receive a fully executed copy for your compliance records.
Patient call data is processed and stored within HIPAA-compliant cloud infrastructure in the United States. Call recordings are encrypted at rest and in transit. We retain only the data necessary for booking and compliance purposes — we do not sell, share, or use patient data for any purpose beyond delivering the Mayla service.
Yes, when the AI vendor signs a BAA and implements appropriate safeguards. The HIPAA Privacy and Security Rules permit the use of AI tools for patient scheduling as long as the vendor is a covered Business Associate with proper data handling controls in place. Mayla meets all of these requirements.
Using an AI receptionist that doesn't sign a BAA would be a HIPAA violation. Always verify BAA status with any vendor handling patient call data.
Mayla's HIPAA safeguards include: Business Associate Agreement with every customer; end-to-end encryption on all call data (TLS 1.2+ in transit, AES-256 at rest); minimum necessary data principle (we don't store more than needed for booking); integrations only with HIPAA-compliant PMS systems; role-based staff access controls in the dashboard; US-based data storage; and complete audit logging of all data access.
Yes. Our BAA template is available for review before you commit, and we provide a full security overview document on request. If you have a compliance officer or IT team that needs to review before approval, book a demo and mention it — we'll route you to our compliance contact directly.
When your account is closed, your call recordings and data can be exported or deleted per your instruction. We provide a data deletion confirmation in writing. Our BAA governs data handling through and after termination per HIPAA requirements.
Sign a BAA, integrate with your PMS, and go live. No IT project, no compliance risk.