📘 Best Practices for Sending PHI

Overview

Protecting patient information is essential in every digital workflow. This guide outlines the best practices for safely sending PHI (Protected Health Information) to CAE Dental, ensuring compliance with HIPAA standards and maintaining the highest level of data security.

🔐 What Counts as PHI?

PHI includes any information that can identify a patient, such as:

• Full name
• Date of birth
• Phone number
• Address
• Medical or dental history
• Photos showing the patient’s face
• Case notes containing identifiable details
• Appointment dates tied to a specific patient

Digital scans (STL/PLY/OBJ) may contain PHI if labeled with patient identifiers.

🛡 General Rules for Sending PHI Safely

1. Use Your Secure CAE Dental Account

Always upload PHI through your password‑protected CAE Dental account, not through email or unsecured messaging.

This ensures:

• Encrypted transmission
• Controlled access
• Secure storage

2. Remove Identifiers When Possible

If PHI is not required for the case, remove it before uploading.

Examples:

• Rename files to “Upper.stl” instead of “JohnSmithUpper.stl”
• Crop photos to remove the patient’s full face when not needed
• Avoid including birthdates or phone numbers in case notes

3. Upload Files Directly Through the Order Page

Use the secure upload fields inside the case checkout or order details page.

Avoid:

• Email attachments
• Text messages
• Third‑party file‑sharing links

These methods are not HIPAA‑aligned.

4. Use Encrypted Devices & Networks

When sending PHI:

• Use secure office Wi‑Fi
• Avoid public networks
• Keep your devices password‑protected
• Ensure your browser and scanner software are updated

5. Limit PHI to What Is Clinically Necessary

Only send the information required to complete the case.

Examples:

• A smile photo is needed for anterior esthetics
• A full‑face photo is not needed for a posterior crown
• A patient’s name is not required in the file name

📸 Best Practices for Photos Containing PHI

1. Use Neutral Backgrounds

Avoid capturing:

• Office paperwork
• Schedules
• Patient charts
• Reflections showing other patients

2. Avoid Full‑Face Photos Unless Needed

For anterior esthetics, full‑face photos are helpful.
For posterior or implant cases, they are usually unnecessary.

3. Do Not Add PHI to Photo Filenames

Use:

• ShadePhoto.jpg
• SmilePhoto.jpg

Avoid:

• JaneDoeShadePhoto.jpg

🦷 Best Practices for Scans Containing PHI

1. Remove Patient Names From File Names

Use:

• Upper.stl
• Lower.stl
• Bite.stl

Avoid:

• Michael_Rodriguez_Upper.stl

2. Ensure Scan Bodies Are Correctly Seated

This reduces the need for resubmissions, limiting repeated PHI transfers.

3. Upload All Required Files at Once

Minimizes multiple transmissions of PHI.

📝 Best Practices for Case Notes

Do Include:

• Tooth numbers
• Material preferences
• Occlusion instructions
• Implant system + platform

Do NOT Include:

• Patient’s full name
• Birthdate
• Phone number
• Insurance details
• Medical history unrelated to the case

⚠️ What to Avoid

To maintain HIPAA‑aligned workflows, avoid:

• Sending PHI through email
• Using personal messaging apps
• Uploading files with patient identifiers
• Sharing screenshots that include unrelated patient data
• Leaving PHI visible in background photos

🚀 Summary

To protect PHI when sending cases to CAE Dental:

• Use your secure account
• Remove identifiers when possible
• Upload files directly through the order page
• Limit PHI to what is clinically necessary
• Keep devices and networks secure
• Avoid email and unsecured messaging

These practices help maintain HIPAA‑aligned workflows and ensure patient information stays protected at every step.