Dental Office Privacy Policy: Your Rights and How We Protect Your Health Information (HIPAA Notice)

This Notice of Privacy Practices explains how we handle your Protected Health Information (PHI) in compliance with the HIPAA Privacy Rule. It outlines what we may do with your information, your choices and rights, and the safeguards we use to keep your data confidential.

Within this HIPAA Notice, you will learn how PHI is used for treatment, payment, and healthcare operations; when we require your Authorization for Disclosure; how the Minimum Necessary Standard guides our practices; and the Patient Consent Requirements we follow to respect your preferences.

Treatment Uses and Disclosures

We use and share PHI to diagnose, treat, and coordinate your dental care. This includes communication among dentists, hygienists, specialists, laboratories, pharmacies, and other providers involved in your treatment.

• Consulting with or referring you to specialists (e.g., oral surgeons, endodontists).
• Sending x-rays, impressions, or clinical notes to a dental lab or imaging center.
• Discussing medications with your prescribing provider or pharmacist.

Under the HIPAA Privacy Rule, these treatment activities generally do not require a separate Authorization for Disclosure. The Minimum Necessary Standard does not apply to disclosures for treatment; however, we still limit access to those who need information to care for you. While HIPAA does not require consent for treatment, payment, and operations, our Patient Consent Requirements may include obtaining your acknowledgment of this Notice and your general consent for treatment during intake.

We will seek your written Authorization for Disclosure before using PHI for purposes not allowed by HIPAA—such as most marketing communications or certain research activities. You may revoke an authorization at any time in writing, except to the extent we have already acted on it.

Payment and Billing Practices

We use PHI to obtain payment for services, verify benefits, and manage billing. Disclosures may be made to your dental plan, clearinghouses, or other entities that process claims and payments.

• Confirming eligibility and coverage, obtaining preauthorizations, and submitting claims.
• Providing necessary details for explanations of benefits and coordination of benefits.
• Managing patient statements, refunds, and, when needed, limited disclosures to collection services.

For payment functions, we follow the Minimum Necessary Standard and share only the information needed to complete the task. If you pay for a service in full out of pocket, you may request that we not disclose information about that service to your health plan; when applicable, we will honor that restriction. We do not sell your PHI, and we will not use it for marketing without your explicit Authorization for Disclosure.

Healthcare Operations Management

We use PHI to support essential business functions that keep our practice running safely and effectively. These activities include quality assessment, staff training, accreditation, auditing, credentialing, and compliance monitoring.

• Evaluating provider performance and improving the quality and safety of care.
• Conducting internal audits, risk assessments, and privacy or security reviews.
• Working with Business Associates (e.g., IT, billing, shredding) under written agreements that protect PHI.
• Using de-identified data where feasible to minimize exposure of PHI.

We apply the Minimum Necessary Standard to operations and maintain administrative, physical, and technical safeguards—such as role-based access, encryption where feasible, workforce training, and facility protections—to reduce risks to your PHI.

Patient Communication and Appointment Reminders

We may contact you by phone, text, email, or mail for appointment reminders, treatment follow-ups, test results, and billing notices. We limit message content to necessary details and will use your preferred methods whenever reasonable.

• Scheduling and recall reminders, pre- and post-procedure instructions, and care coordination.
• Account notices, benefit updates, and time-sensitive insurance requests.
• No marketing uses of PHI without your signed Authorization for Disclosure.

You may request confidential communications (for example, using an alternate phone number or mailing address). Tell us your preferences, and we will accommodate reasonable requests consistent with HIPAA and our Patient Consent Requirements.

Rights to Amend and Restrict Health Information

You have important rights regarding your dental records, including the ability to request corrections and place limits on how your PHI is used or shared. We will respond promptly and document any approved changes or agreed restrictions.

Requesting an amendment (correction)

• Submit a written request describing what you believe is inaccurate or incomplete and why.
• We will review and respond, typically within 60 days. If additional time is needed, we may extend once, and we will notify you of the reason and new deadline.
• If we deny an amendment (for example, when records are accurate, complete, or not created by us), you may submit a written statement of disagreement that we will attach to the record.

Requesting a restriction

• You may ask us to limit certain uses or disclosures of PHI for treatment, payment, or operations. We are not required to agree, but we will consider each request.
• If you pay for a specific item or service in full out of pocket, you may require us not to disclose that information to your health plan, and we will comply with that restriction when applicable.
• You may also request confidential communications (alternate address, phone, or email), which we will honor when reasonable.

Breach Notification Procedures

We follow HIPAA’s Breach Notification Rule. If an unauthorized use or disclosure of unsecured PHI occurs, we perform a risk assessment considering the nature of the information, to whom it was disclosed, whether it was actually viewed or acquired, and the extent of mitigation.

• Investigate promptly, secure systems, and mitigate potential harm.
• Notify you without unreasonable delay and no later than 60 days after discovery, describing what happened, the types of PHI involved, steps you can take, what we are doing, and contact information.
• Report qualifying breaches to the U.S. Department of Health and Human Services and, when required, to the media for large incidents.
• Document findings and improvements to prevent recurrence.

Complaint and Enforcement Process

If you believe your privacy rights were violated, contact our Privacy Officer to file a complaint. We will investigate, respond in writing, and take corrective action as needed. We will not retaliate against you for raising a concern.

• Submit concerns in person, by phone, or in writing; include dates, people involved, and a brief description.
• You also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights.
• We keep records of complaints and outcomes to support ongoing compliance and improvements.

FAQs

What is a dental office privacy policy?

It is our Notice of Privacy Practices that explains how we collect, use, and protect your Protected Health Information, the purposes allowed under the HIPAA Privacy Rule, when we need your Authorization for Disclosure, and the rights you have to access, amend, and restrict your records.

How is my health information protected under HIPAA?

HIPAA sets rules for who can access your PHI and under what circumstances, requires safeguards and training to protect it, and mandates notifications under the Breach Notification Rule if unsecured PHI is compromised. We also apply the Minimum Necessary Standard and honor reasonable Patient Consent Requirements to respect your choices.

Can I request corrections to my dental records?

Yes. You may request an amendment if you believe information is inaccurate or incomplete. Send us a written request with your reason. We will respond within HIPAA time frames; if we deny the change, you can add a statement of disagreement that becomes part of your record.

What should I do if I suspect a privacy breach?

Contact our Privacy Officer right away with the date, what occurred, and any details you have. We will investigate, mitigate any harm, and notify you as required. You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights without fear of retaliation.