Overview of ORCA HIPPA Compliance & Associates Requirements

The ORCA Platform, including the ORCA Developer Tools, is provided as an asset to ORCA's community members and business associates who are developers working to facilitate innovation in dentistry applications. We designed the ORCA Developer Tools to interact with and enhance the ORCA Platform’s offerings in a responsible manner.

While we try to provide the most open and flexible access we can, we only permit use of the Platform to the extent our users’ privacy is protected and we can maintain the integrity of Dental Whale’s business vision.

ORCA HIPAA Compliance & Associate Requirements

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) sets security, privacy, and breach notification standards to maintain the confidentiality, integrity, and availability of protected health information (PHI).

We require all of our business associates to be HIPAA compliant before granting access to any PHI data. Even after becoming HIPAA compliant, the users must agree to install your application before granting access to their data via an OAuth2 token.

To become an ORCA Platform developer you will need to do the following:

  1. Sign Up to request Early Developer Access.

  2. Once we grant you access, you will receive our Business Associate Agreement, Terms of Service, and Usage Policies and Restrictions on the email address you provided when signing up.

  3. Read, sign, and return the documents per the instructions attached to the email.

  4. In addition, you will need to submit Breach Handling and Contingency Planning Procedures.

Terms of Service

Read and sign ORCA's Terms of Service and Privacy Policy.

Business Associate Agreement

Orca Platform developers must sign the ORCA Business Associate Agreement (BAA) certifying they are HIPAA compliant. BAAs satisfy HIPAA regulations and create a bond of liability that binds two parties.

Breach Handling Procedure

Developers must provide an outline of how breaches will be handled, should they occur. Developers must accept financial responsibility for any costs incurred due to breaches experienced on their end and otherwise unrelated to the ORCA API. Breaches must be reported within seven (7) days.

Contingency Planning Procedure

For risk management purposes, developers must submit a detailed contingency plan outlining the course of action to be taken should an unexpected situation or event occur and disrupt operations. The plan should include protocols regarding data backups, disaster recovery, financial losses, employee training, and other relevant information.

Usage and Data Access Restrictions Overview

The ORCA Developer Tools and the ORCA Web API are provided in order to enable business partners to develop Service Applications designed to interact with and enhance, extend, and improve the ORCA Platform. You shall not use the ORCA Developer Tools or ORCA Web API to design or develop anything other than an Application for use with the ORCA Platform.

ORCA or other developers may independently create applications, content, and other products or services that are similar to or competitive with your Application. Nothing shall prevent or restrict ORCA or other developers from creating and fully exploiting any applications, content, and other items they may develop, with no obligation to you.

If your Application causes a User’s account to violate the ORCA Terms of Service, your access to the ORCA Platform may be suspended or revoked.

ORCA reserves the right to disable or upgrade the ORCA Platform and/or related services at any time without notice to you and without any form of compensation or consideration to you, regardless of the status of any Applications. ORCA has no obligation to ensure that an upgrade of the ORCA Platform or related services will continue to be compatible with existing Applications.

Customers and Users must be permitted to express contact preferences, via notice and opt-out, in each subsequent marketing communication you send.

Any Application you develop must have a user agreement that clearly informs the user of the terms and conditions applicable to use of your Application. You also must have a privacy policy that describes any information you may collect. In order to collect, maintain, share, store, and/or use User Data, you must obtain the informed consent of each User, and your user agreement and privacy policy shall be made available for a User’s review at the point of authorization and from within your Application’s User Interface. Your user agreement and privacy policy shall at a minimum disclose your practices regarding User Data.

You will need to agree to use commercially reasonable measures to maintain the security of User Data collected in connection with any of your services offered. At a minimum, you agree to properly configure your systems and software with security measures that ensure the secure operation and storage of User Data.

Use of the ORCA Web API is subject to restrictions on rate limit, use cases, and method calls as outlined on the ORCA Developer Portal. You will not circumvent or exceed any rate limitations described within the ORCA Developer Portal. If the ORCA Platform or Dental Whale believe that you have unreasonably exceeded your rate limits or have attempted to circumvent the rate limit or authentication systems, your ability to utilize the ORCA Web API may be temporarily suspended or permanently revoked. ORCA may monitor your usage of the ORCA Web API in order to improve our service and to ensure compliance with our policies.