Privacy Policy & Notice of Privacy Practices

5D Smiles Dental Implant Center
8500 Florence Ave., Ste 100, Downey, CA 90240
Phone: (562) 396-9100
Effective Date: March 1, 2025  |  Last Updated: March 1, 2025

Our Commitment to Your Privacy

At 5D Smiles Dental Implant Center, we are committed to protecting the privacy and security of your health information. This Privacy Policy and Notice of Privacy Practices describes how we collect, use, and protect your information, and explains your rights under the Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable laws.

We are required by law to:

  • Maintain the privacy of your Protected Health Information (PHI)
  • Provide you with this notice of our legal duties and privacy practices regarding your PHI
  • Notify you following a breach of your unsecured PHI
  • Follow the terms of this Notice while it is in effect

Part I — HIPAA Notice of Privacy Practices

What Is Protected Health Information (PHI)?

Protected Health Information (PHI) is any individually identifiable health information we create, receive, maintain, or transmit in connection with providing you dental care. PHI includes your name, address, date of birth, Social Security number, insurance information, treatment records, X-rays, photographs, payment history, and any other information that could identify you and relates to your health or healthcare.

How We May Use and Disclose Your PHI

The following categories describe the ways we may use and disclose your PHI. For each category, we explain what we mean and provide some examples. Not every use or disclosure in a category will be listed; however, all ways we are permitted to use and disclose information will fall within one of these categories.

Treatment. We may use and disclose your PHI to provide, coordinate, or manage your dental care. For example, we may share your records with a specialist, oral surgeon, periodontist, or laboratory technician involved in your treatment.

Payment. We may use and disclose your PHI to bill and collect payment for dental services. For example, we may submit claims to your dental insurance carrier or send billing statements to you or a guarantor.

Healthcare Operations. We may use and disclose your PHI for our internal business operations, including quality assessment, staff training, accreditation activities, legal services, auditing functions, and business planning.

Appointment Reminders. We may contact you to remind you of scheduled appointments or to provide information about treatment alternatives or other health-related services that may be of interest to you.

Required by Law. We will disclose your PHI when required to do so by federal, state, or local law, including disclosures to the California Dental Board or other licensing authorities.

Public Health Activities. We may disclose your PHI for public health activities, including reporting communicable diseases to public health authorities as required by law.

Health Oversight Activities. We may disclose PHI to government agencies for oversight activities authorized by law, such as audits, investigations, and inspections.

Judicial and Administrative Proceedings. We may disclose your PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process, subject to HIPAA requirements.

Law Enforcement. We may disclose PHI to law enforcement officials in limited circumstances as permitted or required by law.

Serious Threats to Health or Safety. We may use or disclose your PHI to prevent or lessen a serious and imminent threat to your health or safety or the health or safety of the public.

Workers’ Compensation. We may disclose your PHI to the extent authorized by and to the extent necessary to comply with workers’ compensation laws.

Business Associates. We share certain PHI with trusted vendors (our “Business Associates”) who perform services on our behalf, such as billing companies, IT providers, and cloud storage services. All Business Associates are contractually required to safeguard your PHI under a HIPAA Business Associate Agreement.

Uses and Disclosures That Require Your Authorization

Certain uses and disclosures of your PHI require your written authorization, including:

  • Most uses of psychotherapy notes
  • Sale of your PHI
  • Uses of PHI for marketing purposes (with limited exceptions)
  • Any other use or disclosure not described in this Notice

You may revoke any authorization you provide to us in writing at any time, except to the extent that we have already taken action in reliance on your authorization.

Your Rights Regarding Your PHI

You have the following rights with respect to your PHI. To exercise any of these rights, please submit a written request to our Privacy Officer at the address below.

Right to Access Your PHI. You have the right to inspect and obtain a copy of the PHI we maintain about you in a designated record set, including your dental chart, X-rays, treatment records, and billing records. We may charge a reasonable, cost-based fee for copies. We will respond to your request within 30 days (or up to 60 days with written notice).

Right to Request an Amendment. If you believe information in your records is incorrect or incomplete, you may request an amendment. We may deny your request if the information was not created by us, is not part of a designated record set, is not available for inspection, or is accurate and complete. We will respond within 60 days.

Right to an Accounting of Disclosures. You may request a list of certain disclosures we have made of your PHI during the prior six years. This right does not apply to disclosures for treatment, payment, or healthcare operations, disclosures made with your authorization, or disclosures to you.

Right to Request Restrictions. You may ask us to restrict certain uses or disclosures of your PHI for treatment, payment, or healthcare operations. We are not required to agree to a restriction except in one case: if you request that we not disclose PHI to a health plan for services you paid for entirely out-of-pocket, we must honor that restriction.

Right to Request Confidential Communications. You may request that we communicate with you about your PHI by alternative means or at an alternative location (e.g., only by mail to a P.O. Box, or by a specific phone number). We will accommodate reasonable requests.

Right to a Paper Copy of This Notice. You have the right to a paper copy of this Notice at any time, even if you have agreed to receive it electronically. Please contact our front desk or our Privacy Officer.

Right to Be Notified of a Breach. You have the right to receive notification if there is a breach of your unsecured PHI. We will notify you without unreasonable delay and no later than 60 days after discovery of a breach.

Minimum Necessary Standard

When using or disclosing PHI or requesting PHI from another covered entity, we make reasonable efforts to limit our use, disclosure, or request to the minimum amount of PHI necessary to accomplish the intended purpose.

Part II — General Privacy Policy

Information We Collect

Clinical and Health Information. When you become a patient, we collect health history, dental records, X-rays, photographs, treatment plans, medication lists, insurance information, and other health-related information necessary to provide your dental care.

Personal and Contact Information. We collect your name, date of birth, address, phone number, and email address to schedule appointments, send reminders, and communicate with you about your care.

Payment and Financial Information. We collect insurance policy details and payment method information solely for billing purposes. We do not store full credit card or bank account numbers.

Website and Technical Data. When you visit our website at 5dsmiles.com, we may collect certain technical information automatically, including your IP address, browser type, pages visited, time spent on pages, and referring URL. This information is collected through cookies and similar technologies for analytics and website improvement purposes. We do not use this data to personally identify you.

Inquiry and Contact Form Data. If you submit a contact form, consultation request, or questionnaire through our website, we collect the information you voluntarily provide, including your name, phone number, email address, and health-related questions. This data is used to respond to your inquiry and may be processed through our HIPAA-compliant patient management system.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyze site usage. You may control cookie preferences through your browser settings. Disabling cookies may affect certain website functionality.

We may use the following types of cookies:

  • Strictly Necessary Cookies: Required for the website to function properly.
  • Analytics Cookies: Used to understand how visitors interact with our site (e.g., Google Analytics).
  • Marketing Cookies: Used to deliver relevant ads (e.g., Google Ads remarketing). You may opt out of personalized advertising at optout.aboutads.info.

Data Security

We implement administrative, technical, and physical safeguards to protect your information from unauthorized access, use, or disclosure. These safeguards include:

  • Encrypted electronic health records and data transmission (TLS/SSL)
  • Role-based access controls limiting staff access to PHI on a need-to-know basis
  • Password-protected workstations and automatic screen locks
  • Secure, locked storage for paper records
  • Regular staff HIPAA training and workforce security awareness
  • HIPAA-compliant practice management and patient communication software
  • Business Associate Agreements with all third-party vendors handling PHI

No method of electronic storage or transmission is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Data Retention

We retain dental records in accordance with California law, which requires dental records to be maintained for a minimum of seven (7) years from the date of service, or until a minor patient reaches age 19, whichever is later. HIPAA-related documentation (policies, procedures, training records) is retained for at least six (6) years. Financial records are retained as required by applicable tax and regulatory law.

Third-Party Links

Our website may contain links to third-party websites (such as dental insurance portals or payment processors). We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party site you visit.

Children’s Privacy

We provide dental care to patients of all ages, including minors. For patients under the age of 18, a parent or legal guardian must provide consent for treatment. The parent or legal guardian has the right to access and control the minor’s PHI, subject to limited exceptions under California law (e.g., certain services a minor may consent to independently). We do not knowingly collect personal information from children under 13 through our website without verifiable parental consent.

Part III — California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). Please note that PHI governed by HIPAA is exempt from CCPA; the rights below apply to non-PHI personal information we collect through our website and business operations.

Right to Know. You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.

Right to Delete. You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (e.g., information needed to complete a transaction, comply with a legal obligation, or exercise a legal claim).

Right to Correct. You have the right to request correction of inaccurate personal information we maintain about you.

Right to Opt Out of Sale or Sharing. We do not sell your personal information for monetary consideration. We do not share personal information for cross-context behavioral advertising purposes without your consent.

Right to Limit Use of Sensitive Personal Information. We collect sensitive personal information (such as health information) only as necessary to provide dental services and as otherwise required by law. You may request that we limit the use and disclosure of sensitive personal information to those purposes permitted under the CPRA.

Right to Non-Discrimination. We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny services, charge different prices, or provide a different quality of care because you exercised a privacy right.

How to Submit a California Privacy Request. You or an authorized agent may submit a verifiable consumer request by:

  • Calling us at (562) 396-9100
  • Emailing us at privacy@5dsmiles.com
  • Writing to us at: Privacy Officer, 5D Smiles Dental Implant Center, 8500 Florence Ave., Ste 100, Downey, CA 90240

We will respond to a verifiable consumer request within 45 days. If we require more time, we will notify you and may extend our response by an additional 45 days.

Part IV — Complaints and Contact

Privacy Officer

Our Privacy Officer is responsible for developing and implementing our privacy policies. If you have questions about this Notice, your privacy rights, or our privacy practices, please contact:

Privacy Officer
5D Smiles Dental Implant Center
8500 Florence Ave., Ste 100
Downey, CA 90240
Phone: (562) 396-9100
Email: privacy@5dsmiles.com

How to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the U.S. Department of Health and Human Services (HHS). You will not be penalized or retaliated against for filing a complaint.

To file a complaint with us: Contact our Privacy Officer at the address above.

To file a complaint with the U.S. Department of Health and Human Services:
Office for Civil Rights, U.S. Department of Health and Human Services
200 Independence Avenue, S.W., Washington, D.C. 20201
Toll-free: 1-800-368-1019 | Website: www.hhs.gov/ocr

Changes to This Notice

We reserve the right to change this Notice at any time. We reserve the right to make the revised or changed Notice effective for PHI we already have about you, as well as any information we receive in the future. We will post the current Notice in our office and on our website with its effective date. We will provide a copy of the current Notice to any patient upon request.

This Notice of Privacy Practices is provided in accordance with the requirements of 45 C.F.R. § 164.520 (HIPAA Privacy Rule) and California Health and Safety Code § 123111.