Go to Homepage

Privacy Policy / Notice of Privacy Practices
Smile Design Orthodontics

1. Introduction / Purpose
At Smile Design Orthodontics (“we,” “us,” or “our”), we respect your privacy and are committed to protecting the confidentiality of your health information. This Privacy Policy (also called “Notice of Privacy Practices”) explains how we may use and disclose your protected health information (PHI), your rights regarding that information, and our legal obligations under federal law (such as HIPAA) and applicable state law.

2. Legal Duties & Commitment
We are required by law to:

  • Maintain the privacy of your PHI;

  • Provide you with this Notice of our legal duties and privacy practices;

  • Abide by the terms of this Notice as currently in effect;

  • Notify you if there is a breach of your unsecured PHI;

  • Accommodate reasonable requests by you to receive communications by alternate means or at alternate locations.

We reserve the right to change our privacy practices and the terms of this Notice at any time, provided the changes comply with applicable law. Any revised Notice will be effective for PHI we already maintain as well as new information we receive. You may request a copy of the current Notice at any time.

3. What is Protected Health Information (PHI)?
Protected Health Information (PHI) is any individually identifiable health information, held or transmitted by us (in any form: paper, electronic, or oral), that relates to your past, present, or future health condition, provision of health care, or payment for health care, and which can be linked to you.

Examples include: name, address, birth date, Social Security number, treatment records, x-rays, insurance information, billing records, and communications with you about treatment or appointment reminders.

4. How We May Use and Disclose Your PHI
We are permitted under federal law to use or disclose PHI without your written authorization for the following core categories:

Purpose Examples of Use / Disclosure
Treatment Sharing your information with other dental or medical providers involved in your care or referral (e.g. orthodontist, lab, specialist).
Payment Using or sharing PHI to obtain payment from insurers, billing services, coordinating benefits, or determining eligibility.
Health Care Operations Internal administrative, quality control, credentialing, audits, compliance reviews, staff training, and business planning.

In addition to these, we may use or disclose PHI without authorization under certain circumstances defined by law, such as:

  • As required by law (e.g. court orders, public health reporting)

  • For public health activities (e.g. disease reporting)

  • To report abuse, neglect, or domestic violence

  • For health oversight activities (e.g. audits, investigations by regulatory bodies)

  • For certain law enforcement purposes

  • For research, under strict review and safeguards

  • To avert a serious threat to health or safety

  • For workers’ compensation and similar programs

  • As permitted under the “minimum necessary” standard—we will limit uses/disclosures to the minimum needed for the purpose.

Special Use Cases Requiring Authorization
Other uses not listed above, such as marketing communications, fundraising, or sale of PHI, generally require your specific, written authorization. If you provide such authorization, you may revoke it at any time (except to the extent we have relied on it).

5. Your Rights Regarding Your PHI
You have the following rights concerning your PHI (subject to certain legal limitations):

  • Right to Inspect and Copy
    You may request access to inspect and obtain a copy of your PHI (paper or electronic) maintained by us, typically within 30 days.

  • Right to Amend
    You may request an amendment or correction to PHI you believe is incorrect or incomplete. We may deny the request under certain circumstances (if not part of our record or if accurate).

  • Right to an Accounting of Disclosures
    You may request a list of disclosures of your PHI (other than for treatment, payment, or operations) made by us over the past six years (or shorter timeframe as allowed by law).

  • Right to Request Restrictions
    You may ask us to restrict uses or disclosures of your PHI for treatment, payment, or operations. While we are not required to agree to all restrictions, if we do, we will abide by them (except in emergencies).

  • Right to Request Alternative Communications
    You may ask that we communicate PHI to you by alternate means or at an alternate address (for example, sending mail to a P.O. box rather than your home). We will accommodate reasonable requests.

  • Right to a Paper Copy of This Notice
    Even if you agreed to receive this Notice electronically, you may request a paper copy at any time.

  • Right to Be Notified of a Breach
    If a breach of unsecured PHI occurs, we will notify you as required by law.

6. How to Exercise Your Rights
Requests to exercise any of these rights should be made in writing and submitted to our Privacy Officer (see Section 10). We may require identification and additional information to verify your request. We will respond within the timeframe required by law.

7. Our Safeguards
We maintain administrative, physical, and technical safeguards to protect PHI from unauthorized access, disclosure, alteration, or destruction. Some examples include:

  • Access controls (user IDs and passwords)

  • Encryption and secure transmission of electronic data

  • Secure physical storage (locked file rooms, restricted access)

  • Periodic risk assessments and audits

  • Workforce training on privacy, confidentiality, and security

  • Business Associate Agreements (BAAs) with third-party vendors who handle PHI, requiring them to protect the data

8. Business Associates
In some cases, we engage third-party vendors (business associates) to perform services (e.g. billing, data hosting, lab services). We require these entities to comply with HIPAA and other privacy obligations via written agreements. They may receive, use, or disclose PHI only as permitted by contract and law.

9. Retention of Records
We maintain documentation (including privacy policies, notices, and records of disclosures) for the period required by law (typically six years) or longer if required under state law.

10. Contact / Complaints
If you believe your privacy rights have been violated or have questions about this Notice, please contact our Privacy Officer:

Privacy Officer
Smile Design Orthodontics
Dr. Fernan Rodriguez

You have the right to file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, if you believe your rights have been violated. You will not be retaliated against for filing a complaint.

11. Effective Date, Acknowledgment, and Changes
This Notice is effective as of the date noted at the top. We may change this Notice, and new provisions will apply to all PHI we maintain. We will post the revised Notice in our offices and on our website and, if required, distribute it to current patients.

Go to Homepage