HIPAA Notice of Privacy Practices

Our Commitment to Your Privacy

Dental3DApp is committed to maintaining the privacy and security of your Protected Health Information (PHI). As a HIPAA-compliant platform, we are required by law to:

• Maintain the privacy of your health information
• Provide you with this Notice of our legal duties and privacy practices
• Follow the terms of the Notice currently in effect
• Notify you following a breach of your unsecured PHI

1. Understanding HIPAA Compliance

1.1 What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that protects the privacy and security of health information. As a Business Associate of covered entities (healthcare providers), Dental3DApp must comply with all applicable HIPAA regulations.

1.2 Our Role as a Business Associate

Dental3DApp acts as a Business Associate to dental practices and healthcare providers. We:

• Sign Business Associate Agreements (BAAs) with all covered entities
• Process PHI only as permitted by HIPAA and our agreements
• Implement safeguards to protect PHI from unauthorized access
• Report any security incidents to covered entities promptly

2. How We Use and Disclose Protected Health Information

2.1 For Treatment Purposes

We facilitate the sharing of PHI between healthcare providers for treatment purposes:

• Sharing dental images and records between referring dentists
• Transmitting 3D scans to specialists for consultation
• Exchanging treatment plans among care team members
• Coordinating care between multiple providers

2.2 For Healthcare Operations

We may use PHI for healthcare operations as permitted:

• Quality assessment and improvement activities
• Case management and care coordination
• Professional review and performance evaluation
• Training programs for healthcare professionals

2.3 As Required by Law

We will disclose PHI when required by federal, state, or local law, including:

• Court orders or administrative proceedings
• Law enforcement purposes as required
• Public health activities
• Health oversight activities

3. Your Rights Under HIPAA

3.1 Right to Access Your Health Information

You have the right to inspect and obtain copies of your health information that we maintain. To request access, contact the healthcare provider who uploaded your information. We will facilitate this access through our secure platform.

3.2 Right to Request Amendment

If you believe health information we have about you is incorrect or incomplete, you may request an amendment. Amendment requests must be made through your healthcare provider and include a reason for the request.

3.3 Right to an Accounting of Disclosures

You have the right to request an accounting of certain disclosures of your health information. Our platform maintains comprehensive audit logs of all access and sharing activities.

3.4 Right to Request Restrictions

You may request restrictions on how your health information is used or disclosed for treatment, payment, or healthcare operations. While we will consider all requests, we are not required to agree to all requested restrictions.

3.5 Right to Confidential Communications

You have the right to request that we communicate with you about health matters in a certain way or at a certain location. We will accommodate reasonable requests.

3.6 Right to a Paper Copy of This Notice

You have the right to receive a paper copy of this Notice at any time, even if you have agreed to receive it electronically.

4. Security Safeguards We Implement

4.1 Administrative Safeguards

• Designated HIPAA Security Officer and Privacy Officer
• Workforce training on HIPAA compliance
• Access management procedures
• Regular risk assessments
• Incident response procedures
• Business Associate Agreements with all partners

4.2 Physical Safeguards

• Facility access controls with badge systems
• Workstation security policies
• Device and media controls
• Secure disposal procedures for PHI

4.3 Technical Safeguards

• 256-bit AES encryption at rest and in transit
• Unique user identification and strong passwords
• Automatic logoff after inactivity
• Comprehensive audit logs
• Data integrity controls
• Secure API endpoints

5. Breach Notification Procedures

6. Minimum Necessary Standard

We follow the "minimum necessary" standard, meaning we only access, use, or disclose the minimum amount of PHI necessary to accomplish the intended purpose. Our system implements:

• Role-based access controls
• Need-to-know basis for information access
• Automatic de-identification where appropriate
• Granular permission settings

7. Training and Compliance

7.1 Workforce Training

All Dental3DApp employees and contractors receive:

• Initial HIPAA training upon hiring
• Annual refresher training
• Specialized training for roles with PHI access
• Updates on regulatory changes

7.2 Compliance Monitoring

We maintain an active compliance program including:

• Regular internal audits
• External security assessments
• Continuous monitoring of access logs
• Incident tracking and resolution
• Policy and procedure updates

8. Patient Portal Rights

Through our secure platform, patients have the ability to:

• View who has accessed their records
• See when records were shared
• Track the purpose of each disclosure
• Download copies of their information
• Request corrections through their provider

9. Marketing and Sale of PHI

10. State Law Considerations

Some states have additional privacy protections beyond HIPAA. Where state law provides greater privacy protections or rights, we comply with the more stringent requirements. This includes:

• California Consumer Privacy Act (CCPA) requirements
• State-specific breach notification timelines
• Additional consent requirements for certain information
• Special protections for mental health or substance abuse records

11. Changes to This Notice

We reserve the right to change this Notice and make the revised Notice effective for health information we already have about you as well as any information we receive in the future. We will:

• Post the current Notice on our platform
• Notify users of material changes via email
• Make the Notice available upon request
• Include the effective date on the first page

12. Complaints and Reporting

12.1 Filing a Complaint

If you believe your privacy rights have been violated, you may file a complaint with:

12.2 Federal Complaint Process

You may also file a complaint with the Secretary of Health and Human Services:

13. Questions About This Notice

If you have questions about this Notice or our privacy practices, please contact our Privacy Officer at the contact information provided above. We are committed to protecting your health information and will respond to your inquiries promptly.

14. Acknowledgment of Receipt

Healthcare providers using our platform may request that you acknowledge receipt of this Notice. Your acknowledgment helps us comply with HIPAA requirements and ensures you are informed of your rights.