Privacy Policy

Introduction

Madderra Dental Spa ("we," "our," or "us") is committed to protecting your privacy and complying with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable privacy laws. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information and protected health information (PHI).

HIPAA Notice of Privacy Practices

Your Rights

You have the right to:

• Request a copy of your health records
• Request corrections to your health records
• Request confidential communications
• Request restrictions on certain uses and disclosures
• Receive a paper copy of this notice upon request
• File a complaint if you believe your privacy rights have been violated

How We May Use and Disclose Your Health Information

Treatment

We may use your health information to provide, coordinate, or manage your dental care and related services. This includes consultation with other healthcare providers regarding your treatment.

Payment

We may use and disclose your health information to obtain payment for services we provide. This may include submitting claims to your insurance company, verifying coverage, and collecting payment.

Healthcare Operations

We may use your health information for our healthcare operations, including quality assessment, staff training, business management, and compliance activities.

Appointment Reminders

We may use your contact information to send appointment reminders via phone, email, or text message.

Treatment Alternatives

We may use your information to inform you about treatment alternatives or health-related benefits and services that may be of interest to you.

Information We Collect

Personal Information

• Name, address, phone number, email address
• Date of birth, Social Security number (for insurance purposes)
• Insurance information
• Emergency contact information

Protected Health Information (PHI)

• Medical and dental history
• Treatment records and clinical notes
• X-rays and diagnostic images
• Prescriptions and medications
• Laboratory results
• Billing and payment records

Website Usage Information

• IP address, browser type, device information
• Pages visited, time spent on site, referring website
• Cookies and similar tracking technologies

Data Security

We implement appropriate technical, administrative, and physical safeguards to protect your personal information and PHI from unauthorized access, use, or disclosure:

• Encrypted data transmission (SSL/TLS)
• Secure database storage with access controls
• Regular security audits and vulnerability assessments
• Staff training on privacy and security practices
• Physical security measures at our facility
• Business associate agreements with third-party vendors

Disclosure of Information

We will not disclose your PHI without your written authorization except as required or permitted by law:

• Required by Law: When disclosure is mandated by federal, state, or local law
• Public Health Activities: To prevent or control disease, injury, or disability
• Law Enforcement: In response to court orders, subpoenas, or law enforcement requests
• Health Oversight: To agencies authorized to oversee the healthcare system
• Judicial Proceedings: In response to court orders or lawful process
• Emergency Situations: To prevent serious threat to health or safety

Your Privacy Rights

Access to Records

You have the right to inspect and obtain a copy of your health records. We may charge a reasonable fee for copying and mailing costs. Requests must be made in writing.

Amendment of Records

You may request that we amend your health information if you believe it is incorrect or incomplete. We may deny your request in certain circumstances as permitted by law.

Accounting of Disclosures

You have the right to receive an accounting of certain disclosures of your health information made by our practice within the past six years.

Confidential Communications

You may request that we communicate with you about your health information by alternative means or at alternative locations (e.g., send mail to a P.O. Box instead of your home address).

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience, analyze site traffic, and understand user behavior. You can control cookie preferences through your browser settings.

We use analytics tools (such as Google Analytics) to collect aggregated, non-identifiable information about website usage. This data helps us improve our website and services.

Third-Party Services

We may use third-party service providers to assist with:

• Payment processing
• Insurance verification and claims submission
• Appointment scheduling and reminders
• Email communications
• Website hosting and analytics

All third-party service providers that handle PHI are required to sign Business Associate Agreements and comply with HIPAA regulations.

Data Retention

We retain your health records for a minimum of seven years from the date of last treatment, or longer as required by state law or regulatory requirements. Website usage data is retained for analytical purposes and is typically deleted after 26 months.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

Your California Rights

• Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the sources from which we collected it, the purposes for collection, and the third parties with whom we share it.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, fraud prevention, HIPAA requirements).
• Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
• Right to Opt-Out: You have the right to opt-out of the "sale" or "sharing" of your personal information. We do not sell your personal information in the traditional sense, but some data sharing for advertising purposes may qualify under California law.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information to purposes necessary to perform services or provide goods.
• Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your California privacy rights.

Categories of Personal Information We Collect

We collect the following categories of personal information:

• Identifiers: Name, address, email, phone number, Social Security number
• Protected Classifications: Age, gender, medical conditions
• Commercial Information: Treatment history, insurance information, payment records
• Biometric Information: Dental x-rays, photographs, scans
• Internet Activity: Website browsing history, interaction with our website
• Geolocation Data: Approximate location based on IP address
• Professional Information: Employment information (for insurance verification)
• Sensitive Personal Information: Health information, Social Security number, precise geolocation

How to Exercise Your California Rights

To exercise your California privacy rights, you may:

• Call us at (415) 552-9200
• Email us at [email protected]
• Submit a written request to our office address

We will verify your identity before processing your request and respond within 45 days. You may designate an authorized agent to make a request on your behalf by providing written authorization.

Do Not Sell or Share My Personal Information

We do not sell your personal information for monetary consideration. However, we may share certain information with third-party advertising partners for targeted advertising purposes, which may constitute a "sale" or "share" under California law. You can opt-out of this sharing by adjusting your cookie preferences or contacting us directly.

Shine the Light Law

Under California Civil Code Section 1798.83 ("Shine the Light" law), California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. To make such a request, please contact us using the information provided in the Contact Us section.

Children's Privacy

We do not knowingly collect personal information from children under 13 through our website without parental consent. For patients under 18, we obtain consent from a parent or legal guardian before providing treatment.

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Changes will be effective immediately upon posting to our website. We will provide notice of material changes by posting a prominent notice on our website or by sending you an email notification.

Filing a Complaint

If you believe your privacy rights have been violated, you may file a complaint with:

You will not be retaliated against for filing a complaint.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us: