Privacy Policy for Our Valued Patients

At [CLINIC NAME], your trust and privacy are paramount. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information when you visit our website [CLINIC WEBSITE], use our services, or engage with our communications—including SMS messages. Please read this policy carefully. By using the Site, you agree to the practices described below. If you do not agree, please do not access the Site.

Information We Collect

We may collect personal information from you in several ways. This includes, but is not limited to:

1. Personal Data
Information you voluntarily provide, such as your:

  • Name

  • Address

  • Phone number

  • Email address

  • Demographic information (e.g., age, gender, preferences)

  • Any data submitted through our contact forms, chat, or other communication tools

2. Derivative Data
Information automatically collected by our servers and tools when you visit our Site, including:

  • IP address

  • Browser type

  • Operating system

  • Device type

  • Access times

  • Referring and exit pages

3. Mobile Device Data
If you access our Site via mobile, we may collect:

  • Mobile device ID

  • Device model and manufacturer

  • Location data (if enabled)

4. Third-Party Data
Information we may receive from third parties when you connect your account or data with external services (e.g., social media logins, marketing platforms).

How We Use Your Information

We use the information we collect for a range of purposes, including to:

  • Respond to inquiries and provide personalized service

  • Manage appointments and treatment coordination

  • Improve the usability, performance, and security of our website

  • Send appointment reminders and treatment updates

  • Notify you of promotions, events, or service updates (with your consent)

  • Analyze usage trends to improve our services

  • Comply with legal obligations or respond to law enforcement

  • Enable user-to-user communication if applicable

  • Administer promotions or surveys

  • Support advertising or remarketing campaigns

We will never sell or rent your personal data. Your information is only shared with third parties who help us operate our business—such as SMS providers, hosting platforms, or analytics tools—under strict confidentiality and compliance agreements.

SMS Communication Compliance

[CLINIC NAME] takes your communication preferences seriously. If you provide your mobile number, you expressly consent to receive SMS (text) messages from us related to:

  • Appointment confirmations and reminders

  • Treatment plans or changes

  • Important office updates (e.g., closures, emergencies)

  • Promotional or educational content relevant to your care

Message frequency may vary. Standard message and data rates may apply.

You may opt in to SMS messaging by:

  • Filling out online or in-office registration forms

  • Checking an opt-in box on our website or patient portal

  • Completing a double opt-in process if applicable

You may opt out at any time by:

  • Replying “STOP” to any message

  • Calling our office at [CLINIC PHONE]

  • Updating your preferences through our patient portal (if available)

After opting out, you will only receive essential communications (e.g., opt-out confirmation).

Your phone number is used strictly to support your orthodontic or dental care experience and will not be shared for marketing purposes without your explicit consent.

Your Rights and Choices

You are in control of your personal information. You have the right to:

  • Request a copy of the personal data we store about you

  • Correct or update inaccurate or outdated information

  • Withdraw consent to marketing communications at any time

  • Request deletion of your personal information, subject to applicable laws

  • Express concerns or file a complaint about our privacy practices

You can exercise these rights by contacting us at [CLINIC PHONE] or via the contact information listed below.

Data Retention and Deletion

We retain your data only as long as necessary to fulfill the purpose for which it was collected or as required by law. If you request deletion of your information (e.g., mobile number, email address), we will take appropriate steps to remove it from our records unless retention is legally required.

Security of Your Information

We implement industry-standard safeguards to protect your information, including:

  • Administrative controls (e.g., staff training, access control)

  • Technical protections (e.g., encryption, secure servers)

  • Physical security (e.g., locked storage areas for paper records)

However, no method of data transmission or storage is completely secure. For this reason, we advise against including sensitive personal, financial, or medical information in web forms or unsecured emails.

Cookies and Tracking Technologies

Our website may use cookies, tracking pixels, and similar technologies to:

  • Personalize your browsing experience

  • Monitor website performance and troubleshoot issues

  • Enable secure login sessions

  • Track marketing and advertising effectiveness

Cookies are small data files stored on your device. They do not collect health data or sensitive personal information. You may disable cookies in your browser settings at any time.

Internet-Based Advertising

We may work with third-party vendors (e.g., Google, Facebook) to deliver relevant ads to you across the internet based on your interactions with our Site.

To opt out of this kind of advertising, visit:

Website Analytics

We may use tools like Google Analytics or Meta Pixel to understand traffic trends, page views, and user behavior. These services may collect information such as:

  • Device and browser type

  • Pages visited

  • Time spent on site

  • Referring URLs

This data helps us enhance the Site and make informed improvements. We do not use analytics tools to collect personally identifiable information.

Links to Third-Party Sites

Our Site may contain links to third-party websites. These websites have separate privacy policies, and [CLINIC NAME] is not responsible for the content or practices of any linked site. We encourage you to read those policies before providing any information.

Children’s Privacy

Our Site is not intended for use by individuals under the age of 13. We do not knowingly collect personal data from children without verifiable parental consent. If we become aware that we have collected information from a child, we will delete it promptly.

Changes to This Privacy Policy

We may update this Privacy Policy periodically. Any changes will be posted on our website with the “Last Updated” date. We encourage you to review this policy regularly. Continued use of our Site after updates means you accept the revised policy.

 

HIPAA NOTICE • REQUIRED FEDERAL DISCLOSURE

Notice of Privacy Practices

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

  • Practice: [Practice Name]
  • Effective: February 16, 2026
  • Regulation: 45 CFR §164.520  |  HIPAA Privacy Rule
  • Published by: HHS OCR Model Notice — Revised February 13, 2026

This notice is required by the HIPAA Privacy Rule. Signing an acknowledgment of receipt does not limit your rights. Questions? Contact us or visit hhs.gov/hipaa

Your Rights

  • Get a copy of your record
  • Correct your record
  • Request confidential comms
  • Ask us to limit what we share
  • List of those we’ve shared with
  • Get a copy of this notice
  • Choose someone to act for you
  • File a complaint

Your Choices

  • Share with family/friends
  • Share in disaster relief
  • Marketing (requires permission)
  • Sale of info (requires permission)
  • Psychotherapy notes (permission)
  • Opt out of fundraising

How We Use PHI

  • Treat and care for you
  • Run our practice
  • Bill for your services
  • Public health & safety
  • Research
  • Comply with the law
  • Legal actions & subpoenas

Section 1 — Your Rights

When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.

Get an electronic or paper copy of your medical record

  • You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. Ask us how to do this.
  • We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.

Ask us to correct your medical record

  • You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this.
  • We may say “no” to your request, but we’ll tell you why in writing within 60 days.

Request confidential communications

  • You can ask us to contact you in a specific way (for example, home, office, or cell phone) or to send mail to a different address.
  • We will say “yes” to all reasonable requests.

Ask us to limit what we use or share

  • You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say “no” — for example, if it could affect your care. If we agree, we may still share information in the event that you need emergency treatment.
  • If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share that information.

Get a list of those with whom we’ve shared information

  • You can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why.
  • We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.

Get a copy of this privacy notice

You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.

Choose someone to act for you

  • If someone has authority to act as your personal representative, such as if someone has your medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
  • We will make sure the person has this authority and can act for you before we take any action.

Note for parents of orthodontic patients: When a parent or legal guardian accompanies a minor patient, we will provide this notice to the parent or guardian and make a good-faith effort to obtain written acknowledgment of receipt, as required by 45 CFR §164.520(c)(2)(ii).

Section 2 — Your Choices

For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.

You have both the right and choice to tell us to:

  • Share information with your family, close friends, or others involved in your care or payment for your care
  • Share information in a disaster relief situation

If you are not able to tell us your preference — for example, if you are unconscious — we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.

We never share your information unless you give us written permission for:

Marketing purposes  •  Sale of your information  •  Most sharing of psychotherapy notes

Fundraising

We may contact you for fundraising efforts, but you can tell us not to contact you again. If we have your substance use disorder patient records (subject to 42 CFR Part 2), we will give you clear and conspicuous notice in advance and a meaningful choice about whether to receive fundraising communications that use your Part 2 information.

Section 3 — Our Uses & Disclosures

How we typically use or share your health information

Treat You

We can use your health information and share it with other professionals who are treating you.

Example: Your orthodontist coordinates with your general dentist or an oral surgeon to plan your treatment.

Run Our Organization

We can use and share your health information to run our practice, improve your care, and contact you when necessary.

Example: We use health information about you to manage your treatment and services, conduct quality reviews, and train our staff.

Bill for Your Services

We can use and share your health information to bill and get payment from health plans or other entities.

Example: We give information about you to your health insurance plan so it will pay for your orthodontic services.

How else we may use or share your health information

We are allowed or required to share your information in other ways — usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes.

Important — Substance Use Disorder Records (42 CFR Part 2): In all cases below, if we have substance use disorder patient records about you subject to 42 CFR Part 2, we cannot use or share information in those records in civil, criminal, administrative, or legislative investigations or proceedings against you without (1) your written consent or (2) a court order and a subpoena.

Help with Public Health and Safety Issues

We can share health information for certain situations such as: preventing disease, helping with product recalls, reporting adverse reactions to medications, reporting suspected abuse, neglect, or domestic violence, and preventing or reducing a serious threat to anyone’s health or safety.

Do Research

We can use or share your information for health research, subject to applicable legal requirements and protections.

Comply with the Law

We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.

Respond to Organ and Tissue Donation Requests

We can share health information about you with organ procurement organizations.

Work with a Medical Examiner or Funeral Director

We can share health information with a coroner, medical examiner, or funeral director when an individual dies.

Address Workers’ Compensation, Law Enforcement & Other Government Requests

We can use or share health information about you for workers’ compensation claims; for law enforcement purposes; with health oversight agencies; and for special government functions such as military, national security, and presidential protective services.

Respond to Lawsuits and Legal Actions

We can share health information about you in response to a court or administrative order, or in response to a subpoena.

Redisclosure Notice (required under 45 CFR §164.520): Please be aware that PHI disclosed by our practice may be redisclosed by the recipient and may no longer be protected under the HIPAA Privacy Rule, unless stronger federal confidentiality protections (such as 42 CFR Part 2 for SUD records) apply.

Section 4 — Our Responsibilities

  • We are required by law to maintain the privacy and security of your protected health information.
  • We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
  • We must follow the duties and privacy practices described in this notice and give you a copy of it.
  • We will not use or share your information other than as described in this notice unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.

For more information, visit: www.hhs.gov/hipaa/for-individuals/notice-privacy-practices

Section 5 — Changes to the Terms of This Notice

We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, in our office, and on our website. Any material changes will be posted with an updated effective date, consistent with 45 CFR §164.520(b)(1)(v)(C).

Section 6 — File a Complaint If You Feel Your Rights Are Violated

You can complain if you feel we have violated your rights by contacting us using the information in the Contact section below.

You can also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights:

  • By mail: 200 Independence Avenue, S.W., Washington, D.C. 20201
  • By phone: 1-877-696-6775
  • Online: www.hhs.gov/hipaa/filing-a-complaint

We will not retaliate against you for filing a complaint.

Section 7 — Contact & Privacy Officer

PRIVACY OFFICER

[Dr. Name]

PHONE

 

[phone]

EMAIL

[email]

MAILING ADDRESS

 

[address]

OFFICE HOURS

[hours]

 

FAX

N/A

U.S. Department of Health & Human Services — Office for Civil Rights:

200 Independence Avenue, S.W., Washington, D.C. 20201  |  1-877-696-6775  |  www.hhs.gov/hipaa/filing-a-complaint

If you participate in a patient portal for accessing your records online, you may contact us through the portal’s secure messaging system in addition to the methods listed above.

This notice was prepared in accordance with the HIPAA Privacy Rule (45 CFR §164.520) and 42 CFR Part 2. Content based on the HHS OCR Model Notice for Health Care Providers, last reviewed February 13, 2026.

Effective Date: February 16, 2026

Contact Us

If you have any questions or concerns about this Privacy Policy or how we handle your data, please contact us:

[practicename]

Street Address

City, State, Zip

Phone