DermEstimator does not require you to enter patient names, dates of birth, insurance IDs, or any other Protected Health Information. Estimates are built from procedure codes and cost-share inputs only.
All data transmitted between your browser and DermEstimator servers is encrypted via HTTPS/TLS. Connections to the unencrypted HTTP version are automatically redirected.
Every user gets their own login credentials. Only one active session is allowed per account at a time, reducing the risk of unauthorized concurrent access.
Every Good Faith Estimate document issued through DermEstimator is stored with a permanent, timestamped audit snapshot — available for review if your practice is ever audited for No Surprises Act compliance.
DermEstimator is hosted on Railway, a SOC 2-aligned cloud infrastructure provider. All compute and storage operates within a managed, monitored environment.
User sessions expire after a period of inactivity, reducing exposure if a workstation is left unattended at the front desk.
If your practice requires a signed BAA as part of your HIPAA compliance program, DermEstimator will execute one with you. Email support@dermestimator.com to request a BAA and we will respond within one business day.
DermEstimator is designed to minimize the handling of Protected Health Information (PHI). The core function of the tool — calculating procedure cost estimates — requires only CPT codes, payer selection, and cost-share inputs (deductible, co-insurance, copay). None of these are PHI under the HIPAA Privacy Rule. See pricing — plans start at $30/month.
When practices use the Good Faith Estimate generator, patient names may optionally be entered to personalize the GFE document. Practices have full control over what patient identifiers, if any, are recorded within the tool. DermEstimator does not share, sell, or transmit any patient information to third parties.
DermEstimator does not require the following to function:
The following data is stored to operate the service:
All data in transit between your browser and DermEstimator is encrypted using TLS 1.2 or higher. Passwords are stored as salted hashes — plaintext passwords are never stored or logged. Database storage is encrypted at rest on the hosting platform.
DermEstimator maintains a permanent, timestamped record of every Good Faith Estimate document issued. Each GFE record captures the date, time, procedure codes, cost calculations, and the issued document content — giving your practice a reliable audit trail in the event of a No Surprises Act dispute or compliance review.
Estimate history is accessible from the Saved Estimates section of the application and is retained for the life of the account.
DermEstimator is built around the HIPAA minimum necessary standard — we only collect the data required to deliver the service. We do not request, store, or process clinical data beyond what is explicitly entered by your staff for estimation and GFE purposes.
If your practice's HIPAA compliance program requires a signed Business Associate Agreement with DermEstimator, we are happy to provide one. To request a BAA, email support@dermestimator.com with the subject line "BAA Request" and include your practice name. We will respond within one business day.
For any security or compliance questions, contact us at support@dermestimator.com.