Privacy Policy

Privacy Policy and Patient Rights for SmilesByEddie.com

Last Updated: July 3, 2025

At Smiles By Eddie, your privacy, trust, and well-being are our top priorities. This Privacy Policy outlines how we collect, use, disclose, and protect your Protected Health Information (PHI) and other personal information in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), as well as other relevant California state laws.

By using our services, visiting our website, or communicating with us, you agree to the terms of this Privacy Policy.

1. Our Commitment to Your Privacy

Smiles By Eddie is a “covered entity” under HIPAA and is committed to maintaining the privacy and security of your health information. We adhere to the strictest standards for safeguarding your PHI, whether in electronic, paper, or oral form.

2. Information We Collect

We collect various types of information to provide you with comprehensive dental care and manage our practice effectively. This may include:

a) Protected Health Information (PHI):

• Demographic Information: Your name, address, phone number, email address, date of birth, gender, and social security number.

• Medical and Dental History: Past medical and dental conditions, allergies, medications, family medical history, and any relevant health conditions.

• Treatment Information: Examination findings, diagnoses, treatment plans, procedures performed, progress notes, radiographs (X-rays), models, and impressions.

• Financial and Insurance Information: Insurance policy details, billing information, payment history, and information necessary for processing claims.

• Appointment Information: Scheduling details, missed, rescheduled, or canceled appointments.

b) Non-PHI / Website and Technical Information:

• Website Usage Data: Anonymous data regarding website usage, pages viewed, Browse activity, and referral sources.

• Device and Browser Information: IP address, browser type, operating system, and device identifiers.

• Cookies: Information collected through cookies and similar technologies to enhance your Browse experience. You can manage cookie preferences through your browser settings, but please note that some website features may not function optimally without cookies.

3. How We Use Your Information

Your information is used primarily to provide you with high-quality dental care and manage our practice operations. This includes:

• Treatment: To diagnose your dental condition, develop treatment plans, and provide dental services.

• Payment: To bill for services, process insurance claims, and manage financial transactions.

• Healthcare Operations: For administrative purposes such as appointment reminders, quality assessment, staff training, and compliance activities.

• Communication: To communicate with you regarding your appointments, treatment, and general practice information. This may include SMS messages if you have opted in (you can opt out by replying “STOP”).

• Internal Operations: To improve our services, analyze website usage, and maintain the security of our systems.

• Public Health Activities: We may disclose health information for public health activities, such as preventing or controlling disease, injury, or disability, or reporting reactions to medications.

• Legal and Regulatory Requirements: As required or permitted by law, including responding to subpoenas, court orders, or government requests.

4. How We Disclose Your Information

We do not sell or rent your personal information to third parties. We may disclose your information in the following circumstances:

• To Other Healthcare Providers: With your consent, we may share relevant portions of your PHI with other healthcare providers involved in your care (e.g., specialists, laboratories) for coordination of treatment.

• To Business Associates: We may share PHI with third-party service providers (Business Associates) who perform services on our behalf (e.g., billing companies, IT support, shredding services). We have written agreements with these Business Associates requiring them to protect your PHI in accordance with HIPAA and CMIA.

• For Payment Purposes: With insurance companies, clearinghouses, and other entities involved in processing payments for your dental care.

• For Healthcare Operations: With accreditation bodies, legal counsel, and auditors as necessary for compliance and quality improvement.

• To Family Members or Others Involved in Your Care: With your permission, or in emergency circumstances where we deem it necessary based on our professional judgment, we may share information with family members or others assisting with your care or payment.

• As Required by Law: To comply with legal obligations, such as reporting certain communicable diseases, responding to court orders, or in cases of suspected abuse, neglect, or domestic violence.

• In Case of Emergency: To avert a serious threat to your health or safety or the health or safety of others.

5. Your Patient Rights (HIPAA & California Law)

As our patient, you have specific rights concerning your health information:

• Right to Access Your Records: You have the right to inspect and obtain a copy of your PHI. We will provide copies within 15 days of your written request. We may charge a reasonable, cost-based fee for copies (e.g., for photocopying and postage), but we cannot charge for the labor of locating and making records available. If you request an electronic copy and we are able to provide it in the requested format, we will do so.

• Right to Request an Amendment: You have the right to request that we amend your PHI if you believe it is inaccurate or incomplete. We may deny your request if we determine the information is accurate and complete, but we will provide you with a written explanation.

• Right to an Accounting of Disclosures: You have the right to request an accounting of certain disclosures of your PHI made by us, excluding disclosures for treatment, payment, healthcare operations, or those made with your authorization.

• Right to Request Restrictions: You have the right to request restrictions on how we use or disclose your PHI for treatment, payment, or healthcare operations. We are not required to agree to all requested restrictions, except for disclosures to a health plan for services you have paid for out-of-pocket in full.

• Right to Request Confidential Communications: You have the right to request that we communicate with you about your health matters in a certain way or at a certain location (e.g., by mail to a specific address, or by phone to a specific number). We will accommodate reasonable requests.

• Right to a Paper Copy of this Notice: You have the right to obtain a paper copy of this Privacy Policy upon request, even if you have agreed to receive it electronically.

• Right to Opt-Out of Marketing Communications: You have the right to opt-out of marketing communications. We do not sell or rent your phone number or SMS opt-in information for marketing purposes.

• California Consumer Privacy Rights (CMIA): You have the right to know, request access to, and in certain circumstances, delete personal information we collect. We will verify your identity before processing such requests.

To exercise any of these rights, please submit a written request to the contact information provided at the end of this policy.

6. Data Security and Record Retention

We implement robust administrative, physical, and technical safeguards to protect your PHI and other personal information from unauthorized access, use, or disclosure. These measures include:

• Secure electronic health record systems with access controls and audit trails.

• Encryption for electronic transmissions and stored data.

• Physical security measures for our office and data storage.

• Regular staff training on privacy and security policies.

• Policies and procedures for proper disposal of sensitive information to ensure it is indecipherable.

Record Retention:

In compliance with California regulations and best practices, we retain patient dental records for adults for a minimum of 7 years from the date of the last treatment. For minor patients, records are retained for at least 7 years from the last treatment or 1 year past their 18th birthday (age 19), whichever is longer. HIPAA compliance documents, such as training records and written policies, are retained for at least six (6) years from creation or last effect, whichever is later.

7. Online Communication Consent & Risks

While we strive to secure all communications, please be aware that unencrypted email is not a secure form of communication. If you choose to communicate with us via unencrypted email, you acknowledge and accept the inherent risk that individually identifiable health information and other sensitive or confidential information may be misdirected, disclosed to, or intercepted by unauthorized third parties. By sending us an unencrypted email with PHI, you are providing your consent to such communication.

8. Third-Party Links

Our website may contain links to external websites that are not operated by Smiles By Eddie. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review their privacy policies before providing any personal information.

9. Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Any updates will be posted on this page with a revised effective date. Your continued use of our services after such changes constitutes your acceptance of the updated policy.

10. Contact Information

If you have any questions about this Privacy Policy, your patient rights, or our privacy practices, please contact us:

Smiles By Eddie

info@smilesbyeddie.com