NOTICE OF PRIVACY PRACTICES

Effective Date: February 16, 2026

THIS NOTICE DESCRIBES HOW MEDICAL AND DENTAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

1. OUR LEGAL DUTY

Advanced Dental Care Clinic  is required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended, including the 2026 updates to the Privacy Rule, Security Rule, and Breach Notification Rule, to:

• Maintain the privacy of your Protected Health Information (PHI)

• Provide you with this Notice of Privacy Practices

• Abide by the terms of this Notice

• Notify you in the event of a breach of unsecured PHI

• Comply with applicable federal and Wisconsin state privacy laws

We reserve the right to change this Notice and make the revised Notice effective for all PHI we maintain.

2. ELECTRONIC RECORD ENVIRONMENT

This Practice operates as a fully electronic health record (EHR) system.

• We do not maintain paper patient charts or physical records

• We do not use voice recording systems

• We do not store patient health information on our public website

• We do not operate a patient portal

All PHI is maintained in secure, encrypted electronic systems.

3. HOW WE MAY USE AND DISCLOSE YOUR INFORMATION

We may use and disclose your PHI without written authorization for the following purposes:

A. Treatment

• Providing dental care and services

• Referring you to another dentist or specialist

• Consulting with other healthcare providers involved in your care

B. Payment

• Submitting claims to dental or medical insurance carriers

• Verifying benefits

• Collecting payment for services rendered

C. Healthcare Operations

• Quality assessment and improvement activities

• Licensing and credentialing

• Training and internal administrative operations

• Compliance and risk management activities

All disclosures follow the HIPAA “minimum necessary” standard.

4. ELECTRONIC COMMUNICATIONS

Text Messaging

We use text messaging for appointment reminders and, when appropriate, two-way communication. Text messages may contain limited PHI.

By providing your mobile number, you consent to receiving text communications from our office.

Email Communication

• We use secure, encrypted email when transmitting PHI.

• Standard email may be used only with patient acknowledgment of risk.

• Patients may opt out of electronic communications at any time.

5. AI AND CLOUD-BASED SERVICES

Our Practice utilizes HIPAA-compliant artificial intelligence and cloud-based services, including:

Overjet AI

We use Overjet for radiographic analysis and secure cloud imaging support.

• Overjet operates under HIPAA-compliant standards.

• Business Associate Agreements (BAAs) are in place where required.

• AI systems are used solely to enhance diagnostic review, quality assurance, and clinical accuracy.

• Patient data is not used for public datasets or non-healthcare marketing purposes.

6. SECURITY SAFEGUARDS (2026 SECURITY RULE ALIGNMENT)

In accordance with updated federal cybersecurity expectations, we implement:

• Multi-Factor Authentication (MFA)

• Encryption of PHI at rest and in transit

• Role-based access controls

• System audit logging

• Firewall and malware protection

• Ongoing cybersecurity audits and vulnerability assessments

• Secure cloud backup systems

• Incident response and breach notification protocols

7. 42 CFR PART 2 (SUBSTANCE USE DISORDER RECORDS)

Federal law provides additional protections for certain substance use disorder (SUD) treatment records under 42 C.F.R. Part 2.

Our Practice does not operate as a substance use disorder treatment facility. However, if we receive SUD-related records from another provider, those records:

• Will be protected in accordance with Part 2 requirements

• Will not be redisclosed without proper authorization unless permitted by law

Where applicable, Part 2 protections may be more stringent than HIPAA.

8. OTHER PERMITTED DISCLOSURES

We may disclose PHI without authorization when required by law, including:

• Public health reporting

• Health oversight activities

• Court orders or subpoenas

• Law enforcement requests

• Workers’ compensation

• Serious threat to health or safety

9. USES REQUIRING YOUR AUTHORIZATION

We will obtain written authorization before:

• Using PHI for marketing unrelated to treatment

• Selling PHI

• Disclosing psychotherapy notes (if applicable)

• Any other use not described in this Notice

You may revoke authorization in writing at any time.

10. BREACH NOTIFICATION

If unsecured PHI is breached:

• We will notify affected individuals without unreasonable delay

• Notification will occur no later than 60 days after discovery, or sooner if required by law

• Notifications will comply with federal and Wisconsin requirements

11. YOUR RIGHTS

You have the right to:

• Inspect and obtain a copy of your electronic records

• Request an amendment to your records

• Request restrictions on certain disclosures

• Request confidential communications

• Receive an accounting of disclosures

• Receive a paper copy of this Notice

• File a complaint without retaliation

12. COMPLAINTS

If you believe your privacy rights have been violated, you may file a complaint with us or U.S. Department of Health and Human Services
Office for Civil Rights