HIPAA Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

We are required by law to maintain the privacy of protected health information, to provide individuals with notice of our legal duties and privacy practices with respect to protected health information, and to notify affected individuals following a breach of unsecured protected health information. We must follow the privacy practices that are described in this Notice while it is in effect. This Notice takes effect on February 1, 2026, and will remain in effect until we replace it.

We reserve the right to change our privacy practices and the terms of this Notice at any time, provided such changes are permitted by applicable law, and to make new Notice provisions effective for all protected health information that we maintain. When we make a significant change in our privacy practices, we will change this Notice and post the new Notice clearly and prominently at our practice location, and we will provide copies of the new Notice upon request.

You may request a copy of our Notice at any time. For more information about our privacy practices, or for additional copies of this Notice, please contact us using the information listed at the end of this Notice.

HOW WE MAY USE AND DISCLOSE HEALTH INFORMATION ABOUT YOU

We may use and disclose your health information for different purposes, including treatment, payment, and health care operations. For each of these categories, we have provided a description and an example. Some information, such as HIV-related information, genetic information, alcohol and/or substance abuse records, and mental health records may be entitled to special confidentiality protections under applicable state or federal law. We will abide by these special protections as they pertain to applicable cases involving these types of records.

Treatment: While we are providing you with health care services, we may share your protected health information (PHI) including electronic protected health information (ePHI) with other health care providers, business associates and their subcontractors or individuals who are involved in your treatment, billing, administrative support or data analysis. These business associates and subcontractors through signed contracts are required by Federal law to protect your health information. We have established “minimum necessary” or “need to know” standards that limit various staff members’ access to your health information according to their primary job functions. Everyone on our staff is required to sign a confidentiality statement.

Payment. We may use and disclose your health information to obtain reimbursement for the treatment and services you receive from us or another entity involved with your care. Payment activities include billing, collections, claims management, and determinations of eligibility and coverage to obtain payment from you, an insurance company, or another third party. For example, we may send claims to your dental health plan containing certain health information.

Healthcare Operations.We will use and disclose your health information to keep our practice operable. Examples of personnel who may have access to this information include, but are not limited to, our medical records staff, insurance operations, health care clearinghouses and individuals performing similar activities.

Individuals Involved in Your Care or Payment for Your Care. We may disclose your health information to your family or friends or any other individual identified by you when they are involved in your care or in the payment for your care. Additionally, we may disclose information about you to a patient representative. If a person has the authority by law to make health care decisions for you, we will treat that patient representative the same way we would treat you with respect to your health information.

Disaster Relief. We may use or disclose your health information to assist in disaster relief efforts.

Required by Law. We may use or disclose your health information when we are required to do so by law. (Court or administrative orders, subpoena, discovery request or other lawful process.) We will use and disclose your information when requested by national security, intelligence and other State and Federal officials and/or if you are an inmate or otherwise under custody of law enforcement.

Substance Use Disorder (SUD) Records: In limited situations, our dental practice may receive substance use disorder (SUD) treatment records from a program that is subject to 42 C.F.R. Part 2. When Part 2 applies, it may further limit certain uses and disclosures that might otherwise be permitted under HIPAA. Part 2-protected SUD treatment records (or testimony relaying the content of those records) may not be used or disclosed in civil, criminal, administrative, or legislative proceedings against you unless the disclosure is based on your written consent or a court order that meets Part 2 requirements (including notice and an opportunity to be heard); any such court order must be accompanied by a subpoena or other legal requirement compelling disclosure.

Abuse or Neglect: We may disclose your health information to appropriate authorities if we reasonably believe that you are a possible victim of abuse, neglect, or domestic violence or the possible victim of other crimes. This information will be disclosed only to the extent necessary to prevent a serious threat to your health or safety or that of others.

Public Health Activities. We may disclose your health information for public health activities, including disclosures to:

  • Prevent or control disease, injury or disability;
  • Report child abuse or neglect;
  • Report reactions to medications or problems with products or devices;
  • Notify a person of a recall, repair, or replacement of products or devices;
  • Notify a person who may have been exposed to a disease or condition; or
  • Notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect, or domestic violence.

National Security. We may disclose to military authorities the health information of Armed Forces personnel under certain circumstances. We may disclose to authorized federal officials, health information required for lawful intelligence, counterintelligence, and other national security activities. We may disclose to correctional institution or law enforcement official having lawful custody the protected health information of an inmate or patient.

Secretary of HHS. We will disclose your health information to the Secretary of the U.S. Department of Health and Human Services when required to investigate or determine compliance with HIPAA.

Worker’s Compensation. We may disclose your PHI to the extent authorized by and to the extent necessary to comply with laws relating to worker’s compensation or other similar programs established by law.

Law Enforcement. We may disclose your PHI for law enforcement purposes as permitted by HIPAA, as required by law, or in response to a subpoena or court order.

Health Oversight Activities. We may disclose your PHI to an oversight agency for activities authorized by law. These oversight activities include audits, investigations, inspections, and credentialing, as necessary for licensure and for the government to monitor the health care system, government programs, and compliance with civil rights laws.

Judicial and Administrative Proceedings. If you are involved in a lawsuit or a dispute, we may disclose your PHI in response to a court or administrative order. We may also disclose health information about you in response to a subpoena, discovery request, or other lawful process instituted by someone else involved in the dispute, but only if efforts have been made, either by the requesting party or us, to tell you about the request or to obtain an order protecting the information requested.

Research. We may disclose your PHI to researchers when their research has been approved by an institutional review board or privacy board that has reviewed the research proposal and established protocols to ensure the privacy of your information.

Coroners, Medical Examiners, and Funeral Directors. We may release your PHI to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also disclose PHI to funeral directors consistent with applicable law to enable them to carry out their duties.

Marketing Health-Related Services: We will not use your health information for marketing purposes unless we have your written authorization to do so. Effective March 26, 2013, we are required to obtain an authorization for marketing purposes if communication about a product or service is provided and we receive financial remuneration (getting paid in exchange for making the communication). No authorization is required if communication is made face-to-face or for promotional gifts.

Fundraising: We may use certain information (name, address, telephone number or e-mail information, age, date of birth, gender, health insurance status, dates of service, department of service information, treating physician information or outcome information) to contact you for the purpose of raising money and you will have the right to opt out of receiving such communications with each solicitation. Effective March 26, 2013, PHI that requires a written patient authorization prior to fundraising communication include diagnosis, nature of services and treatment. If you have elected to opt out we are prohibited from making fundraising communication under the HIPAA Privacy Rule.

Sale of PHI: We are prohibited to disclose PHI without an authorization if it constitutes remuneration (getting paid in exchange for the PHI). “Sale of PHI” does not include disclosures for public health, certain research purposes, treatment and payment, and for any other purpose permitted by the Privacy Rule, where the only remuneration received is “a reasonable cost-based fee” to cover the cost to prepare and transmit the PHI for such purpose or a fee otherwise expressly permitted by law. Corporate transactions (i.e., sale, transfer, merger, consolidation) are also excluded from the definition of “sale.”

Appointment Reminders: We may use your health records to remind you of recommended services, treatment or scheduled appointments.

Other Uses and Disclosures of PHI

We may disclose and/or share protected health information (PHI) including electronic disclosure with other health care professionals who provide treatment and/or service to you. These professionals will have a privacy and confidentiality policy like this one. Health information about you may also be disclosed to your family, friends and/or other persons you choose to involve in your care, only if you agree that we may do so. As of March 26, 2013, immunization records for students may be released without an authorization (if the PHI disclosed is limited to proof of immunization). If an individual is deceased you may disclose PHI to a family member or individual involved in care or payment prior to death. Psychotherapy notes will not be used or disclosed without your written authorization. Genetic Information Nondiscrimination Act (GINA) prohibits health plans from using or disclosing genetic information for underwriting purposes. Uses and disclosures not described in this notice will be made only with your signed authorization.

Your Health Information Rights

Access. You have the right to look at or get copies of your health information, with limited exceptions. You must make the request in writing. You may obtain a form to request access by using the contact information listed at the end of this Notice. You may also request access by sending us a letter to the address at the end of this Notice. If you request information that we maintain on paper, we may provide photocopies. If you request information that we maintain electronically, you have the right to an electronic copy. We will use the form and format you request if readily producible. We will charge you a reasonable cost-based fee for the cost of supplies and labor of copying, and for postage if you want copies mailed to you. Contact us using the information listed at the end of this Notice for an explanation of our fee structure.

If you are denied a request for access, you have the right to have the denial reviewed in accordance with the requirements of applicable law.

Disclosure Accounting. With the exception of certain disclosures, you have the right to receive an accounting of disclosures of your health information in accordance with applicable laws and regulations. To request an accounting of disclosures of your health information, you must submit your request in writing to the Privacy Official. If you request this accounting more than once in a 12-month period, we may charge you a reasonable, cost-based fee for responding to the additional requests.

Right to Request a Restriction. You have the right to request additional restrictions on our use or disclosure of your PHI by submitting a written request to the Privacy Official. Your written request must include (1) what information you want to limit, (2) whether you want to limit our use, disclosure or both, and (3) to whom you want the limits to apply. We are not required to agree to your request except in the case where the disclosure is to a health plan for purposes of carrying out payment or health care operations, and the information pertains solely to a health care item or service for which you, or a person on your behalf (other than the health plan), has paid our practice in full.

Alternative Communication. You have the right to request that we communicate with you about your health information by alternative means or at alternative locations. You must make your request in writing. Your request must specify the alternative means or location, and provide satisfactory explanation of how payments will be handled under the alternative means or location you request. We will accommodate all reasonable requests. However, if we are unable to contact you using the ways or locations you have requested we may contact you using the information we have.

Amendment. You have the right to request that we amend your health information. Your request must be in writing, and it must explain why the information should be amended. We may deny your request under certain circumstances. If we agree to your request, we will amend your record(s) and notify you of such. If we deny your request for an amendment, we will provide you with a written explanation of why we denied it and explain your rights.

Right to Notification of a Breach. It is presumed that any acquisition, access, use or disclosure of PHI not permitted under HIPAA regulations is a breach. We are required to complete a risk assessment, and if necessary, inform HHS and take any other steps required by law. You will be notified of the situation and any steps you should take to protect yourself against harm due to the breach.

Electronic Notice. You may receive a paper copy of this Notice upon request, even if you have agreed to receive this Notice electronically on our Web site or by electronic mail (e-mail).

Questions and Complaints

If you want more information about our privacy practices or have questions or concerns, please contact us.

If you are concerned that we may have violated your privacy rights, or if you disagree with a decision we made about access to your health information or in response to a request you made to amend or restrict the use or disclosure of your health information or to have us communicate with you by alternative means or at alternative locations, you may complain to us using the contact information listed at the end of this Notice. You also may submit a written complaint to the U.S. Department of Health and Human Services. We will provide you with the address to file your complaint with the U.S. Department of Health and Human Services upon request.

We support your right to the privacy of your health information. We will not retaliate in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.

Our Privacy Officer: Owner or Office Manager

Telephone: 602-285-9979

E-mail: info@northmountaindentistry.com

Address: 1550 East Maryland Avenue | Suite #2 Phoenix, Arizona 85014