Privacy Policy

1. Introduction

We respect your privacy and are committed to protecting your personal and health information. This Privacy Policy explains how our dental office collects, uses, discloses, and safeguards your information in compliance with federal laws, including the Health Insurance Portability and Accountability Act (HIPAA), and California state privacy requirements, including the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

2. Our Legal Obligations

• We are legally required to protect the privacy of your Protected Health Information (PHI)
• We must provide you with this Notice of Privacy Practices explaining how we use and disclose your PHI
• We comply with applicable federal and state laws, including HIPAA, CCPA, CPRA, and California privacy regulations, and follow the strictest standard when they differ
• We reserve the right to change our privacy practices and will notify you of significant updates

3. Information We Collect

We collect and retain the following types of personal and health information:

• Personal identifiers such as your name, address, phone numbers, email, date of birth, and government-issued identification
• Dental and medical histories, treatment records, examination findings, radiographs (X-rays), charts, and clinical photographs
• Insurance and payment information, including billing records and payment history
• Communication records, including appointment scheduling and correspondence with other healthcare providers when needed
• Emergency contact information and authorized representative designations
• Records of your privacy preferences and communication choices
• Website usage information through cookies and similar technologies when you visit our website
• Information collected through online forms, appointment booking systems, and patient portals

4. Website Cookies and Digital Technologies

Cookies and Analytics: Our website uses cookies and similar technologies to improve functionality, analyze website traffic, and enhance your online experience. We may use services like Google Analytics to understand how visitors use our website, which helps us improve our online services.

Do Not Track Signals: Our website does not currently respond to "Do Not Track" browser signals, but you can manage tracking preferences through your browser settings or by contacting us directly.

Online Forms and Booking Systems: When you use our online appointment booking system, contact forms, or patient portal, we collect the information necessary to provide these services and communicate with you about your dental care.

Social Media and Marketing Technologies: We may use social media pixels or similar technologies to provide relevant information about our services. You can opt out of these communications through your social media privacy settings or by contacting our office.

5. Cloud Services and Data Storage

Your health information may be securely stored using cloud-based services to improve our practice operations and ensure data backup and security. These services may include:

• Practice management software and electronic health record systems
• Secure cloud storage services (such as Google Workspace, Microsoft 365, or similar HIPAA-compliant platforms)
• Email and communication platforms
• Credit card processing and payment systems
• Insurance verification and claims processing services

All cloud service providers are required to sign Business Associate Agreements and protect your information according to HIPAA standards, regardless of where their servers are located. We ensure that all data storage meets or exceeds federal and California privacy and security requirements.

6. Use and Disclosure of Your Information

Permitted Uses and Disclosures

We use and disclose your PHI:

For Treatment: To provide, coordinate, and manage your dental care, including communication with other healthcare providers, specialists, laboratories, and emergency care providers.

For Payment: To bill and collect payment from you, your insurance company, or other third parties, including verification of benefits and pre-authorization requests.

For Healthcare Operations: To manage the office, improve quality, conduct training, perform administrative functions, and conduct internal audits.

As Required by Law: To report communicable diseases, abuse, neglect, or comply with court orders, legal investigations, and public health requirements.

To Prevent Harm: To avert a serious threat to your health or safety or that of others.

Family and Friends: We may share your PHI with family members, friends, or other persons you identify who are involved in your care or payment for care, provided you give us verbal or written permission, or in emergency situations when we determine it is in your best interest.

Additional Disclosures Without Your Authorization

We may also use or disclose your PHI without your authorization for:

• Public Health Activities: To public health authorities for disease prevention and control, vaccine monitoring, and reporting of vital statistics.
• Health Oversight Activities: To health oversight agencies for licensing, certification, auditing, and monitoring activities authorized by law.
• Judicial and Administrative Proceedings: In response to court orders, subpoenas, discovery requests, or other lawful process.
• Law Enforcement: To law enforcement officials for specific law enforcement purposes.
• Coroners and Medical Examiners: To coroners, medical examiners, or funeral directors as necessary.
• Workers' Compensation: For workers' compensation claims if you are injured at work.
• Research: For research purposes only when properly approved and with appropriate privacy protections.

Limited Sharing - Minimum Necessary Standard

We limit the use and disclosure of your PHI to the minimum amount necessary to accomplish the intended purpose.

Uses and Disclosures Requiring Your Written Authorization

The following uses and disclosures will be made only with your written authorization:

• Marketing: Communications about products or services that encourage you to purchase or use a product or service.
• Sale of PHI: We do not and will not sell your protected health information to third parties.
• Fundraising: We will only contact you for fundraising purposes with your prior written authorization.
• Psychotherapy Notes: If applicable, any use or disclosure requires separate authorization.

You may revoke any authorization in writing at any time, except to the extent we have already acted based on your authorization.

7. Clinical Photography and Imaging

Treatment Documentation: We may take clinical photographs as part of your dental care for treatment planning, progress monitoring, and record keeping.

Educational and Marketing Use: Any use of clinical photographs for educational purposes, case presentations, or marketing materials requires your separate written authorization.

Patient Rights: You have the right to request copies of clinical photographs in your record and to restrict certain uses of these images.

8. Genetic Information

We follow federal and state laws regarding genetic information:

• Genetic information cannot be used or disclosed for underwriting purposes
• We will not request genetic testing unless medically necessary for your dental treatment
• Any genetic information in your health record receives the same privacy protections as other PHI

9. Amendment and Correction Process

If you believe information in your record is incorrect or incomplete:

How to Request: Submit a written request describing the specific information and explaining why it should be changed.

Our Response Time: We will respond within 60 days, with a possible 30-day extension if needed.

Approval: If we approve your request, we will make the amendment and notify relevant parties.

Denial: If we deny your request, we will provide written reasons. You may submit a written statement of disagreement.

10. Minor Patient Privacy Rights

Parental Access: Parents or legal guardians generally have the right to access their minor child's health information.

Adolescent Privacy: For patients aged 12 and older, certain dental and medical services may be provided with enhanced privacy protections as required by California law.

Confidential Communications: Minor patients may request that communications about their care be directed to alternative locations or methods.

11. Patient Rights

HIPAA Rights

You have the right to:

• Access and obtain copies of your PHI, with some legal exceptions
• Request corrections or amendments to your records
• Receive a list of disclosures of your PHI made by our office
• Request restrictions on how we use or disclose your PHI
• Receive communications from us at an alternative location or in a confidential manner
• Revoke any prior authorizations in writing
• File a complaint if you believe your privacy rights have been violated

California Consumer Privacy Rights

Under California law, you also have the right to:

• Right to Know: Request information about the categories and specific pieces of personal information we collect about you.
• Right to Delete: Request deletion of your personal information, subject to certain healthcare exceptions.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

Appeals Process for Denied Requests

If we deny your privacy request, you have the right to appeal our decision. Submit a written appeal to our Privacy Officer within 60 days. You may also file a complaint with the U.S. Department of Health & Human Services Office for Civil Rights or the California Attorney General's Office.

12. Electronic Access and Patient Portal

If we provide electronic access to your health information:

• You will receive secure login credentials and are responsible for maintaining their confidentiality
• Electronic communications carry inherent security risks
• You may choose to opt out of electronic communications at any time
• We implement reasonable security measures but cannot guarantee complete security

13. Safeguards and Security Measures

We implement the following safeguards to protect your PHI:

• Administrative: Privacy policies, staff training, disciplinary measures, and a designated Privacy Officer
• Physical: Secure storage of paper records, controlled access to office and record storage areas
• Technical: User authentication, password protections, encryption, secure data backups, and access monitoring
• Access Controls: Only authorized personnel are allowed access to your health information

14. Business Associates

We may share your PHI with carefully selected third-party vendors who assist us in our operations. These Business Associates are required to sign agreements to protect your PHI in accordance with HIPAA.

15. Breach Notification

If a breach of your unsecured PHI occurs:

• We will notify you in writing within 60 days of discovering the breach
• The notice will include a description of what happened and steps you can take to protect yourself
• We will take all required steps to mitigate potential harm
• We will also notify appropriate regulatory authorities as required by law

16. Retention of Records

We retain health records and privacy documentation according to the following schedule:

• Adult patient records: Minimum of seven years from last treatment
• Minor patient records: Minimum of seven years from last treatment or until age 21, whichever is longer
• Radiographs: Minimum of seven years
• Financial records: Minimum of seven years
• Privacy documentation: Minimum of six years

17. Electronic Communication and Data Policy

Consent to Receive SMS Messages

By providing your mobile phone number, you consent to receive SMS/text messages from our office for appointment reminders, confirmations, and treatment notifications.

Opt-Out and Assistance

• You may opt out of all SMS messages at any time by replying "STOP" to any message
• You may opt out of marketing messages only by replying "STOP MARKETING"
• For help or to change preferences, reply "HELP" or contact our office at (858) 487-4683

18. Complaints and Contact Information

If you have questions about this Privacy Policy or wish to file a complaint:

Federal Complaints: You may file a complaint with the U.S. Department of Health & Human Services Office for Civil Rights.

California Complaints: You may contact the California Attorney General's Office.

Non-Retaliation: We will not retaliate against you for filing any complaint or exercising your privacy rights.

19. Policy Updates

We reserve the right to change this Privacy Policy at any time. Material changes will be posted in our office and on our website.