Privacy Policy

1. Information We Collect

Information you provide directly

We collect personal information that you choose to provide to us through our website, intake forms, patient portal, appointment requests, contact forms, or other direct interactions, including:

• Identification and contact information: name, date of birth, mailing address, email address, phone number, and government-issued identification documents when required.
• Health and medical information: medical and dental history, current medications, allergies, insurance information, treatment records, X-rays, imaging, and other clinical data collected in connection with your care.
• Payment and financial information: insurance policy details, billing address, and payment card information processed through our secure payment processor.
• Communications: messages, questions, or feedback you send us through contact forms, email, or telephone, and responses to optional surveys or questionnaires.
• Emergency contact information: name, relationship, and phone number of a person designated to be contacted on your behalf.
• Social media information: if you interact with our practice on social media platforms (e.g., Facebook, Instagram), we may receive information you choose to share publicly or with our pages, such as your name and profile information.

Information collected automatically

When you visit our website, certain information is automatically collected by our servers and third-party analytics tools:

• Log data: IP address, browser type and version, operating system, referring URL, pages visited, links clicked, and the date and time of your visit.
• Device information: device type, device identifiers, and settings.
• Usage data: how you navigate and interact with our website, including time spent on pages, search queries entered on our site, and features used.
• Location data: general geographic location inferred from your IP address.
• Cookie and tracking data: see Section 5 (Cookies & Tracking Technologies) below.

Information from third parties

We may receive limited personal information from third parties such as referring dental professionals, insurance companies, laboratories, pharmacies, and other healthcare providers involved in coordinating your care, or from publicly available sources and review platforms if you post reviews about our practice.

2. Protected Health Information & HIPAA

As a dental and oral surgery practice, we are a “covered entity” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”). We are required by law to maintain the privacy of your Protected Health Information (“PHI”), to provide you with notice of our legal duties and privacy practices with respect to PHI, and to notify you following a breach of unsecured PHI.

What is Protected Health Information?

PHI is any individually identifiable health information we hold or transmit in any form — electronic, paper, or oral — that relates to your past, present, or future physical or mental health or condition; the provision of health care to you; or the past, present, or future payment for health care. This includes your dental records, X-rays, treatment notes, diagnoses, prescriptions, and insurance and billing records.

How we may use and disclose PHI without your authorization

We are permitted by law to use and disclose your PHI without your written authorization for the following primary purposes:

• Treatment: to provide, coordinate, and manage your dental and oral surgery care, including sharing information with other treating providers, specialists, laboratories, pharmacies, and hospitals involved in your care.
• Payment: to bill and collect payment for services, verify insurance coverage, obtain prior authorizations, and process claims.
• Health care operations: for quality assessment and improvement, training, licensing, accreditation, legal and financial services, and other activities necessary to operate our practice.
• As required by law: including reporting to public health authorities, complying with court orders or subpoenas, reporting abuse or neglect, and responding to law enforcement as required or permitted by applicable law.
• Appointment reminders and treatment alternatives: we may contact you by phone, text, or email to remind you of appointments or to inform you about treatment alternatives or other health-related benefits and services that may be of interest to you.
• Business associates: we may share PHI with third-party “business associates” (such as billing companies, IT vendors, and practice management software providers) who perform services on our behalf, subject to written Business Associate Agreements that require them to protect your PHI.

Uses and disclosures requiring your authorization

Certain uses and disclosures of your PHI require your written authorization, including: most uses for marketing purposes; the sale of your PHI; and uses or disclosures of psychotherapy notes. You may revoke any such authorization in writing at any time, except to the extent we have already acted in reliance on it.

Your HIPAA rights

Subject to certain conditions and limitations under HIPAA, you have the right to:

• Request access to, and receive a copy or summary of, your dental records and other PHI we maintain, usually within 30 days of request;
• Request that we correct or amend PHI you believe is inaccurate or incomplete;
• Request an accounting of certain disclosures of your PHI that we have made;
• Request that we restrict certain uses and disclosures of your PHI (we are not always required to agree);
• Request that we communicate with you by alternative means or at an alternative location;
• Receive a paper copy of this Notice upon request, even if you have agreed to receive it electronically; and
• File a complaint with our Privacy Officer or with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your privacy rights have been violated — we will not retaliate against you for filing a complaint.

To exercise any of these rights, please contact our Privacy Officer using the contact information in Section 15.

Complaints to HHS

You may file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, by calling 1-800-368-1019 (toll-free) or 1-800-537-7697 (TDD), or online at www.hhs.gov/hipaa/filing-a-complaint.

3. How We Use Your Information

We use personal information collected through our website and practice for the following purposes:

• Providing and managing care: scheduling and confirming appointments, delivering dental and oral surgery services, coordinating referrals, and managing your patient account.
• Communication: responding to your inquiries and messages; sending appointment reminders, pre-operative and post-operative instructions, and care-related updates; and communicating administrative information about our practice.
• Billing and payment: processing insurance claims and payments, verifying coverage, and managing your account balance.
• Website improvement: analyzing how visitors use our website to improve its content, functionality, and user experience.
• Marketing: We do not sell your personal information, and we do not share your PHI with third parties for their own marketing purposes without your written authorization, except as permitted or required by HIPAA and applicable law. You may opt out of marketing communications from us at any time.
• Legal compliance and safety: complying with applicable laws and regulations, responding to legal process, protecting the rights and safety of our patients and staff, preventing fraud and misuse, and enforcing our policies.
• Aggregate analytics: creating de-identified, aggregated statistical data about website usage and patient demographics that cannot reasonably be used to identify any individual.

4. How We Share Your Information

We may share personal information in the following circumstances:

Healthcare providers and care coordination

We may share your health information with other dental professionals, physicians, specialists, oral surgeons, hospitals, laboratories, pharmacies, and other providers involved in your treatment and care coordination, as permitted or required by HIPAA and applicable law.

Business associates and service providers

We share information with trusted vendors and service providers who perform functions on our behalf, such as dental practice management software, patient portal operators, billing and coding services, cloud hosting providers, appointment reminder services, IT security providers, and marketing agencies. These parties are permitted to access, process, or store your information only as necessary to perform their contracted services, and are bound by written agreements (including HIPAA Business Associate Agreements where applicable) that require them to protect your information.

Insurance companies and payers

We share PHI and billing information with your dental and health insurance carriers as necessary to verify eligibility, obtain prior authorizations, and submit and process claims for services rendered.

Legal and regulatory requirements

We may disclose information where required or permitted by law, including: to comply with a subpoena, court order, or other legal process; to report to public health authorities or regulatory bodies; to report suspected abuse, neglect, or domestic violence; to cooperate with law enforcement investigations; or to protect the vital interests of a patient or other person.

Business transfers

In the event that our practice is involved in a merger, acquisition, sale of assets, or other business transfer, patient information and records may be transferred as part of that transaction, subject to applicable law, including HIPAA requirements regarding transfer of PHI.

With your consent

We may share your information with third parties when you have given us your explicit consent to do so, such as when you authorize us to communicate with a family member, caregiver, or other designated individual about your care.

5. Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to operate, analyze, and improve the site.

What are cookies?

A cookie is a small text file placed on your device by a website you visit. Cookies can be session cookies (deleted when you close your browser) or persistent cookies (which remain on your device until they expire or you delete them).

Types of cookies we use

• Strictly necessary cookies: essential for the website to function — e.g., maintaining your session when you use our patient portal or online forms. These cannot be disabled.
• Analytics cookies: help us understand how visitors interact with our site by collecting aggregated, anonymous data. See Section 6 for our use of Google Analytics.
• Functional cookies: remember preferences you set (such as language or region) to improve your experience.
• Marketing / advertising cookies: may be placed by our advertising partners to build a profile of your interests and serve relevant ads on other platforms. We use these only where applicable to promote our practice.

Managing cookies

You can manage and delete cookies through your browser settings. Most browsers allow you to refuse new cookies, delete existing cookies, or receive a notification before a new cookie is set. Please note that disabling certain cookies may affect your ability to use parts of our website, including our patient portal. Instructions for managing cookies in common browsers:

• Google Chrome
• Mozilla Firefox
• Apple Safari
• Microsoft Edge

Do Not Track

Our website does not currently respond to browser “Do Not Track” (DNT) signals. If our practices change, we will update this section accordingly.

6. Analytics & Third-Party Tools

Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC, to collect and analyze aggregated, anonymized information about how visitors use our website. Google Analytics uses cookies to collect information such as how often users visit the site, what pages they visit, and what other sites they used prior to coming to this site. We use this information only to improve our website. Google Analytics collects only the IP address assigned to you on the date you visit the site, not your name or other identifying information. We do not combine information collected through Google Analytics with PHI or other personally identifiable information. For more information about how Google uses data collected through our site, visit policies.google.com/technologies/partner-sites. To opt out of Google Analytics, you may install the Google Analytics Opt-out Browser Add-on.

Other tools

We may also use the following third-party tools on our website. Each provider’s privacy policy governs how they handle data collected through our site:

• Google Tag Manager: used to manage and deploy website tags without modifying code directly. Google Privacy Policy
• Meta (Facebook) Pixel: [include only if used] used to measure the effectiveness of advertising on Facebook and Instagram and to build custom audiences. Meta Privacy Policy
• Patient portal and practice management software: our patient portal is operated by a third-party vendor. Use of the portal is governed by that vendor’s separate terms and privacy policy, which will be provided to you at the time of registration.

7. SMS / Text Messaging

With your separate, explicit written consent, we may send you text messages (SMS) for purposes including appointment reminders, scheduling updates, pre- and post-operative instructions, prescription notifications, billing reminders, insurance matters, clinical follow-ups and treatment plan updates, and general practice communications.

• Consent is voluntary and is not a condition of receiving care or services at our practice.
• Adult consent required — SMS consent must be provided by the patient if 18 or older, or by a parent or legal guardian on behalf of a minor patient.
• Message frequency varies based on your treatment schedule and appointment activity.
• Message and data rates may apply depending on your mobile carrier and plan.
• To opt out at any time, reply STOP to any message we send, call our office at North Broward Oral Surgery Phone Number 954-753-7070, or email [email protected].
• For help, reply HELP to any message or call our office at North Broward Oral Surgery Phone Number 954-753-7070.
• Text messaging originator opt-in data and consent will not be shared with any third parties for marketing or promotional purposes.

For full details about our SMS program, including your rights and our data practices related to text messaging, please see our separate SMS Consent Policy.

8. Data Security

We implement reasonable and appropriate administrative, technical, and physical safeguards to protect your personal information and PHI from unauthorized access, use, disclosure, alteration, and destruction. These measures include:

• Encryption of electronic PHI in transit and at rest where required by HIPAA and HITECH;
• Access controls limiting PHI access to workforce members who need it to perform their job functions;
• Workforce training on HIPAA privacy and security policies and procedures;
• Written Business Associate Agreements with all third-party service providers that access PHI;
• Regular risk assessments and security reviews; and
• Procedures for identifying, responding to, and notifying affected individuals of security incidents and breaches in accordance with HIPAA and the Florida Information Protection Act (FIPA), Fla. Stat. § 501.171.

Despite these measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your information, and we encourage you not to share sensitive health information over unsecured channels such as standard (unencrypted) email or SMS.

Data breach notification

In the event of a breach of unsecured PHI or other personal information, we will notify affected individuals and report to applicable authorities as required by HIPAA’s Breach Notification Rule and FIPA. Under FIPA (Fla. Stat. § 501.171), we are required to notify affected Florida residents as expeditiously as practicable and no later than 30 days after we determine or reasonably believe a breach has occurred. If a breach affects 500 or more Florida residents, we are also required to notify the Florida Department of Legal Affairs (Office of the Attorney General) within the same 30-day period.

9. Data Retention

We retain patient dental records and associated PHI for a minimum period as required by Florida law and applicable professional regulations. Under Florida law (Fla. Stat. § 466.028), a dentist must maintain patient dental records for a minimum of four (4) years from the date of the last examination or treatment. For minor patients, records must be retained for at least four years after the patient reaches the age of 18, or for a minimum of seven (7) years from the last examination or treatment, whichever is longer.

We may retain records for longer periods where required by law, for litigation holds, or where we have legitimate business reasons to do so. Website usage data and analytics information are retained for shorter periods consistent with our analytics providers’ standard retention periods.

When personal information is no longer needed and retention is not required, we will dispose of it securely in accordance with HIPAA requirements and FIPA’s secure disposal obligations.

10. Your Rights & Choices

In addition to your rights under HIPAA described in Section 2, you have the following rights with respect to personal information we hold about you:

To exercise any of these rights, please contact us using the information in Section 15. We may need to verify your identity before processing a request. We will respond to verified requests within a reasonable time and as required by applicable law.

11. Florida-Specific Disclosures

Florida Information Protection Act (FIPA)

The Florida Information Protection Act, Fla. Stat. § 501.171, requires businesses that maintain personal information of Florida residents in electronic form to implement reasonable data security measures and to notify affected individuals of certain security breaches within 30 days. As described in Section 8, we comply with FIPA’s security and breach notification requirements. FIPA does not create a private cause of action; enforcement is by the Florida Office of the Attorney General, which may impose civil penalties of up to $500,000 per breach for violations.

Florida Digital Bill of Rights (FDBR)

The Florida Digital Bill of Rights (Fla. Stat. §§ 501.701–501.721), which took effect July 1, 2024, applies only to entities with more than $1 billion in global annual revenue. As a dental practice, we do not meet that threshold and the FDBR does not apply to us. PHI regulated under HIPAA is also expressly exempt from the FDBR.

Florida patient records law

Under Fla. Stat. § 466.028 and related regulations of the Florida Board of Dentistry, patients have the right to obtain copies of their dental records. We will provide copies of your records upon your written request. We may charge a reasonable, cost-based fee for copying. Requests may be directed to our office in writing.

Florida Agency for Health Care Administration (AHCA)

Certain dental facilities in Florida are subject to oversight by the Agency for Health Care Administration. Complaints about the privacy practices of a Florida-regulated healthcare facility may also be directed to AHCA at ahca.myflorida.com or 1-888-419-3456.

12. Children’s Privacy

Our website is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 through our website without parental consent, in compliance with the Children’s Online Privacy Protection Act (COPPA).

We do provide oral surgery and dental services to minor patients. Health information about minor patients is collected and maintained as part of providing clinical care, with consent obtained from a parent or legal guardian as required. Parents and legal guardians may exercise rights with respect to their minor child’s PHI on the child’s behalf by contacting our Privacy Officer.

If we become aware that we have inadvertently collected personal information from a child under 13 through our website without appropriate parental consent, we will take steps to delete it promptly. Contact us at [email protected] if you believe this has occurred.

13. Third-Party Links

Our website may contain links to third-party websites, including insurance carrier portals, payment processors, referral resources, and social media platforms. We do not control the privacy practices of those sites and are not responsible for the content or privacy policies of any linked third-party sites. We encourage you to review the privacy policy of any external site before providing personal information through it.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or technology. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email or by posting a notice on our website. We encourage you to review this policy periodically. Your continued use of our website or services after any changes are posted constitutes your acceptance of the updated policy.

If we change how we use your PHI in a material way, we will provide you with a revised HIPAA Notice of Privacy Practices and will make the revised notice available at our office and on our website.

15. Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or our privacy practices — including requests to exercise your rights under HIPAA or applicable law — please contact our Privacy Officer:

To file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights:

To file a complaint with the Florida Office of the Attorney General regarding a data breach or FIPA violation: