(949) 837-7112
OC Perfect Smile - Cosmetic, Implant, and General Dentistry office.

Privacy Contact: OC Perfect Smile Attn: Privacy Officer 24953 Paseo De Valencia, #3c, Laguna Hills, CA  92653. (949) 837-7112, OCPerfectSmileDental.com

COMPREHENSIVE PRIVACY POLICY

Effective Date: 09.2023, last updated 06.2025

OUR COMMITMENT TO YOUR PRIVACY

At OC Perfect Smile we understand that your privacy is of utmost importance, especially when it comes to your health information. We are deeply committed to protecting the confidentiality and security of your Protected Health Information (PHI) and other personal information. This Privacy Policy outlines how we collect, use, disclose, and protect your information, and details your rights regarding that information.

This policy applies to information collected both offline (e.g., in person, over the phone) and online (e.g., through our website, social media, or other digital properties).

We adhere to all applicable federal and state laws, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, the California Confidentiality of Medical Information Act (CMIA), and the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

  1. DEFINITIONS OF KEY TERMS
  • Protected Health Information (PHI): As defined by HIPAA, this is individually identifiable health information transmitted or maintained by us in any form or medium (electronic, paper, or oral). It relates to your past, present, or future physical or mental health or condition, the provision of healthcare to you, or the past, present, or future payment for the provision of healthcare to you. This includes your name, address, date of birth, medical history, dental records, billing information, etc.
  • Personal Information (PI): As defined by CCPA/CPRA, this is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. It includes, but is not limited to, identifiers (like name, email, IP address), financial information, internet activity, geolocation data, and inferences drawn from other personal information. Note: To the extent information is PHI and subject to HIPAA/CMIA, it may be exempt from certain CCPA/CPRA requirements. This policy addresses both categories of data.
  • Sensitive Personal Information (SPI): A subset of PI under CCPA/CPRA that includes precise geolocation, racial or ethnic origin, religious or philosophical beliefs, union membership, content of mail, email, and text messages (unless the business is the intended recipient), genetic data, biometric information, health information, and information concerning sex life or sexual orientation.
  1. WHAT INFORMATION WE GATHER ABOUT YOU

We collect various types of information to provide you with comprehensive dental care, manage our operations, and communicate effectively with you.

  1. Protected Health Information (PHI) & Medical Information (under CMIA): This information is primarily collected when you become a patient, during appointments, or through health-related communications. It includes:
  • Identifying Information: Your full name, date of birth, gender, social security number (if collected), home address, phone number(s), email address.
  • Medical & Dental History: Past and present medical conditions, allergies, medications, past dental treatments, family medical history relevant to your care.
  • Treatment Information: Details of your examinations, diagnoses, treatment plans, progress notes, X-rays, intraoral and extraoral photographs, impressions, lab results, and referrals.
  • Financial & Insurance Information: Your dental insurance policy details, subscriber information, financial account numbers (for payment processing), payment history, and billing records.
  • Appointment Information: Date and time of appointments, appointment history, and any notes related to scheduling.
  1. Personal Information (PI) & Sensitive Personal Information (SPI) (primarily from website/digital interactions, subject to CCPA/CPRA): This information is collected through your interactions with our website, online services, and potentially social media.
  • Contact Information: Your name, email address, phone number, and mailing address provided when you sign up for newsletters, contests, promotions, or use online appointment scheduling forms.
  • Demographic Information: Postcode, preferences, and interests (e.g., if you complete surveys or preference forms).
  • Public Information: Comments, reviews, or questions that you post on our website, social media pages, or other public forums.
  • Online Activity Data:
    • Device & Usage Information: Your IP address, browser type and version, operating system, device type, screen resolution, referral source, pages viewed, time spent on pages, navigation paths, and other statistics about your use of our website.
    • Geolocation Data: Your approximate location derived from your IP address. If you enable GPS services on your mobile device when interacting with our site, we may collect precise geolocation data.
    • Cookies and Tracking Technologies: Information collected through cookies, web beacons, pixels, tags, and similar technologies (see Section 6 for more details).
  • Information from Partners: We may receive information about you from partners (e.g., Zoc Doc, Care Credit, or other third-party appointment scheduling platforms) when you voluntarily provide it to them and authorize its sharing.
  • Social Media Information: Information associated with your social media account (e.g., name, username, email address, gender, profile picture) if you interact with our social media content. We may also collect information about your friends or family if you share our social content using web tools.
  1. HOW WE USE YOUR INFORMATION

We use your information for various purposes to provide dental care, manage our business, improve our services, and communicate with you.

  1. Uses and Disclosures of PHI for Treatment, Payment, and Healthcare Operations (Permitted by HIPAA/CMIA): These are fundamental to our ability to provide you with care. We do not need your specific authorization for these uses, though we will always maintain the highest standards of confidentiality.
  • Treatment: To provide, coordinate, and manage your healthcare. This includes:
    • Consulting with other healthcare providers (e.g., specialists, oral surgeons, primary care physicians, dental labs) regarding your treatment.
    • Referring you to other healthcare providers for diagnosis or treatment.
    • Discussing your treatment options and plans with you.
    • Documenting your symptoms, examination results, diagnoses, and treatment in your dental record.
  • Payment: To obtain payment for the dental services we provide. This includes:
    • Submitting claims to your dental insurance company or other third-party payers.
    • Verifying your insurance coverage and eligibility.
    • Processing payments from you or your insurance company.
    • Billing and collection activities.
  • Healthcare Operations: For the routine operations of our dental practice, including:
    • Quality assessment and improvement activities.
    • Staff training and evaluations.
    • Reviewing the competence or qualifications of healthcare professionals.
    • Licensing, credentialing, and accreditation activities.
    • Business planning and development.
    • Compliance with legal and regulatory requirements (e.g., audits, investigations).
    • Internal record-keeping for reporting and analysis.
  1. General Business & Marketing Uses of PI (Subject to CCPA/CPRA, where applicable):
  • Communication: To remain in communication with you regarding products or services you requested, schedule appointments, and send appointment confirmations via mobile phone text/SMS or e-mail.
  • Service Improvement: To improve our sites, products, and services.
  • Marketing & Promotions: To provide you with relevant content, materials, offers, programs, and to administer your participation in our contests or sweepstakes. We may also use your information to contact you for market research purposes (by email, phone, or mail).
  • Personalized Advertising: To target ads to you based on your past online activity.
  • Responding to Inquiries: To respond to your requests or questions that you may provide via our website or social sites.
  • Security: To protect the office, other patients, our assets, and sites, and for other security measures.
  1. DISCLOSURE OF YOUR INFORMATION

We will not sell your information. Any information collected is disclosed to you here and is used as permitted or required by law.

  1. Disclosures of PHI (Permitted or Required by HIPAA/CMIA):
  • Business Associates: We may share your PHI with third-party service providers (called “Business Associates” under HIPAA) who perform functions on our behalf, such as billing companies, IT service providers, practice management software providers, or dental labs. We have written agreements with these Business Associates requiring them to protect the privacy and security of your PHI.
  • Public Health Activities: To public health authorities for preventing or controlling disease, injury, or disability.
  • Abuse, Neglect, or Domestic Violence: To a government authority authorized by law to receive reports of abuse or neglect.
  • Health Oversight Activities: To a health oversight agency for audits, investigations, inspections, and licensure.
  • Judicial and Administrative Proceedings: In response to a court order, subpoena, discovery request, or other lawful process.
  • Law Enforcement Purposes: For specific purposes permitted by law (e.g., identifying a suspect, fugitive, or missing person).
  • Decedents: To a coroner or medical examiner for identification or determining cause of death, or to funeral directors.
  • Organ and Tissue Donation: To facilitate organ or tissue donation and transplantation.
  • Research: Under very strict conditions, with IRB or Privacy Board approval and safeguards to protect your privacy.
  • Serious Threat to Health or Safety: When necessary to prevent a serious and imminent threat to your health or safety or the health and safety of the public.
  • Specialized Government Functions: For military and veterans’ activities, national security, intelligence, and correctional institutions.
  • Workers’ Compensation: As authorized by and to the extent necessary to comply with workers’ compensation laws.
  • Referral to Other Providers: For coordinating care with other healthcare providers.
  1. Disclosures of PI (Subject to CCPA/CPRA):
  • Service Providers: We may share PI with third-party service providers (not necessarily Business Associates under HIPAA) who assist us in our business operations, such as website hosting, analytics providers, marketing agencies, email service providers, and advertising partners (e.g., Google, Facebook). These partners are contractually obligated to keep your information confidential and use it only for the purposes for which we disclose it to them.
  • Third-Party Vendors for Advertising: As noted in your original policy, third-party vendors, including Google and Facebook, may use cookies, web beacons, and similar technologies to collect or receive information from our website and use that information to provide measurement services and target ads.
  • Legal Compliance: To comply with legal obligations, respond to lawful requests from public authorities, or protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.
  • Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will provide notice before your PI is transferred and becomes subject to a different privacy policy.
  1. Uses and Disclosures Requiring Your Specific Written Authorization:
  • Marketing Purposes: We will not use or disclose your PHI for marketing purposes without your specific written authorization, unless the communication is about treatment alternatives or health-related benefits and services that may be of interest to you.
  • Sale of PHI/PI: We will not “sell” or “share” your PHI or PI as defined by CCPA/CPRA without your specific written authorization. This includes sharing for cross-context behavioral advertising.
  • Psychotherapy Notes: We do not typically create or maintain psychotherapy notes. However, if we were to, their use and disclosure would require your specific written authorization, with very limited exceptions.
  • Other Uses and Disclosures: Any other uses and disclosures of your PHI or PI not covered by this policy or permitted by law will require your explicit written authorization.
  1. EMAILS AND SMS/TEXT MESSAGES: APPOINTMENTS, SPECIAL OFFERS, AND OPT-OUT
  • Informational & Promotional Communications: When you provide us with your email address or phone number (e.g., during registration, appointment setting, or signing up for contests), we may use this to send you informational and promotional communications, including appointment reminders, information about specialty treatments, and special offers.
  • Unsecure Transmission: Information sent via email or SMS/text message is an unsecure transmission. This means there is a possibility that information could potentially be exposed while in transmission from our office server to your email/SMS server.
  • Opt-Out: It is our intention to send only useful communications. Each time you receive a non-transactional email or SMS/text message, you will be provided with the clear choice to “opt-out” of future communications by following the unsubscribe instructions provided in the message. If the unsecure nature of email or SMS is not acceptable to you, you must opt-out of these communications.
  1. SECURITY

We are committed to ensuring that your information is secure. To prevent unauthorized access or disclosure, we have implemented reasonable physical, electronic, and managerial procedures to safeguard and secure the information we collect and maintain, both online and offline. This includes:

  • Encryption: Using encryption for sensitive data transmission where appropriate.
  • Access Controls: Limiting access to your information to authorized personnel on a “need-to-know” basis.
  • Secure Servers: Storing electronic information on secure servers.
  • Physical Safeguards: Protecting physical records in secure locations.
  • Regular Audits: Conducting regular security audits and assessments.
  • Staff Training: Training our staff on privacy and security protocols.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

  1. HOW WE COLLECT INFORMATION ABOUT YOU
  • Directly from You: When you sign up for contests or promotions, register through our website, schedule an appointment online, fill out new patient forms, speak with us in person or over the phone, or engage with our social media.
  • Through Tracking Tools: Automatically collected through cookies, web beacons, tags, and other technologies when you visit our website, affiliated websites, or any other digital property associated with us.
  • Social Media: We may collect information associated with your social media account (e.g., your name, username, email address, gender, profile picture) when you connect with our sites through social networking platforms. We may also collect information about your friends or family if you share any of our social content using web tools.
  1. WHAT ARE COOKIES? HOW DO WE USE THEM?

A cookie is a small file that asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyze web traffic or informs you when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes, and dislikes by gathering and remembering information about your preferences.

We use cookies to:

  • Personalize Services: To provide you with personalized services and content.
  • Analyze Traffic: To identify which of our sites or pages are of most interest to you, helping us improve our website experience through reporting and analysis.
  • Target Ads: Third-party vendors, including Google, use cookies to serve ads to you based on your past visits to our website.

Managing Cookies: We recommend that you leave cookies enabled to fully experience our site and allow us to personalize our services. Disabling cookies may prevent you from experiencing the entire site as intended. You can disable cookies through your browser’s settings.

Opting Out of Google’s Advertising Cookies: You can opt out of Google’s use of cookies for personalized advertising by visiting Google’s Ads Settings.

  1. LINKS TO OTHER WEBSITES

Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over other websites. Therefore, we cannot be responsible for the protection and privacy of any information that you provide whilst visiting such sites, and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

  1. HOW DO THIRD PARTIES COLLECT AND USE YOUR INFORMATION?
  • Advertising: Third-party vendors, including Google and Facebook, show our ads on sites across the internet. Please be aware that these third parties may use cookies, web beacons, and similar technologies to collect or receive information from our website and use that information to provide measurement services and target ads.
  • Data Broker Services (Opt-Out): You can opt out from receiving interest-based advertising from some or all of our participating companies, as well as:
    • Find out which participating companies have currently enabled customized ads for your browser;
    • See all the participating companies on this site and learn more about their advertising and privacy practices;
    • Check whether you’ve already opted out from participating companies;
    • Opt out of browser-enabled interest-based advertising by some or all participating companies, using opt-out cookies to store your preferences in your browser; or
    • Use the “Choose All Companies” feature to opt out from all currently participating companies in one step.
    • Opting out will reduce the amount of unsolicited marketing you receive from companies with whom you have not done business. It may also reduce the relevance of offers you receive from companies with whom you have done business. We suggest you also consider opting-out directly from any company that sends you unwanted solicitations or use the Direct Marketing Association’s Commitment to Consumer Choice services which applies to all DMA member companies and can be accessed at www.dmachoice.org.
  1. YOUR RIGHTS REGARDING YOUR INFORMATION

You have specific rights regarding your PHI and PI under HIPAA, CMIA, and CCPA/CPRA. To exercise any of these rights, please submit a written request to our Privacy Officer at the address listed below. We may need to verify your identity to process your request.

  1. Rights Regarding Protected Health Information (PHI) & Medical Information (HIPAA/CMIA):
  1. Right to Request Restrictions: You have the right to request restrictions on certain uses and disclosures of your PHI. While we will consider your request, we are not required to agree to all requested restrictions, especially if it would impede our ability to provide you with necessary care. However, we must agree to a request to restrict disclosures of PHI to your health plan if the disclosure is for payment or healthcare operations and pertains solely to a healthcare item or service for which you have paid out of pocket in full.
  2. Right to Receive Confidential Communications: You have the right to request that we communicate with you about health matters in a certain way or at a certain location (e.g., only by mail, or only at your work phone number). We will accommodate all reasonable requests.
  3. Right to Inspect and Copy Your PHI: You have the right to inspect and obtain a copy of your PHI that we maintain in our designated record set (e.g., your dental records, billing records). We will generally provide access or copies within 15 working days (as per CMIA; HIPAA is 30 days). We may charge a reasonable, cost-based fee for the costs of copying (e.g., $0.25 per page), mailing, or other supplies. We may deny your request in certain limited circumstances (e.g., if the information was compiled in reasonable anticipation of litigation), and if we do, we will provide you with a written explanation and information about your appeal rights.
  4. Right to Amend Your PHI: If you believe that the PHI we have about you is incorrect or incomplete, you may request that we amend it. We may deny your request if, for example, we did not create the information, the information is not part of the information you are permitted to inspect and copy, or the information is accurate and complete. If we deny your request, we will provide you with a written explanation and information about your appeal rights.
  5. Right to an Accounting of Disclosures: You have the right to request an “accounting” of certain disclosures of your PHI made by us, excluding disclosures made for treatment, payment, healthcare operations, disclosures made directly to you, disclosures you authorized, and certain other disclosures. The accounting will cover disclosures made in the six years prior to your request. We will provide one accounting free of charge within any 12-month period; for additional requests, we may charge a reasonable, cost-based fee.
  6. Right to a Paper Copy of This Notice: You have the right to obtain a paper copy of this Privacy Policy, even if you have agreed to receive it electronically.
  1. Rights Regarding Personal Information (PI) & Sensitive Personal Information (SPI) (CCPA/CPRA for California Residents):

If you are a California resident, you have the following additional rights regarding your Personal Information:

  1. Right to Know: You have the right to request that we disclose to you:
    • The categories of personal information we have collected about you.
    • The categories of sources from which the personal information is collected.
    • The business or commercial purpose for collecting, selling, or sharing personal information.
    • The categories of third parties to whom we disclose personal information.
    • The specific pieces of personal information we have collected about you.
  2. Right to Delete: You have the right to request the deletion of your personal information that we have collected, subject to certain exceptions (e.g., necessary for providing services, completing a transaction, or complying with legal obligations).
  3. Right to Opt-Out of Sale/Sharing: You have the right to opt-out of the “sale” or “sharing” of your personal information (including for cross-context behavioral advertising). As stated, we do not sell or share your PHI or PI, but this right is provided for your awareness. We will not sell or share the personal information of consumers under 16 years of age.
  4. Right to Correct Inaccurate Personal Information: You have the right to request that we correct inaccurate personal information we maintain about you.
  5. Right to Limit Use and Disclosure of Sensitive Personal Information: You can direct us to limit the use and disclosure of your Sensitive Personal Information to only what is necessary to perform the services you requested.
  6. Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights (e.g., by denying goods or services, charging different prices, or providing a different quality of goods or services).

How to Exercise CCPA/CPRA Rights: To exercise your CCPA/CPRA rights, please submit a “verifiable consumer request” to our Privacy Contact (see below). Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. We will need to verify your identity to process your request.

  1. OUR RESPONSIBILITIES
  • We are required by law to maintain the privacy and security of your PHI and PI.
  • We are required to provide you with this Privacy Policy outlining our legal duties and privacy practices.
  • We are required to abide by the terms of this Privacy Policy.
  • We reserve the right to change the terms of this Privacy Policy and make the new provisions effective for all information that we maintain. If we make material changes, we will provide you with a revised notice by posting it in our office, on our website, and/or providing a copy at your next visit.
  • We will notify you if there is a breach of your unsecured PHI or other personal information that requires notification under applicable law.
  • We will not use or disclose your PHI or PI without your authorization, except as described in this policy or as permitted/required by law.
  1. WHAT IS OUR POLICY TOWARD CHILDREN?

We do not knowingly collect personally identifiable information (PHI or PI) from children under the age of 13 without expressed permission from a parent or guardian. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact our Privacy Contact immediately.

  1. TRADEMARK & COPYRIGHT

The contents of this website are protected by United States and International copyright and trademark law. Any unauthorized use or reproduction of this website’s content is prohibited and may subject a violator to civil and criminal penalties. All rights reserved.

  1. PRIVACY POLICY REVISIONS

Our Privacy Policy may change from time to time. Any updates will be posted here on the office website. Please check our site regularly for updates. This policy is effective 09.2023.

  1. HOW TO REACH THE PRIVACY CONTACT & FILE A COMPLAINT

Any questions or comments that relate to this Privacy Policy or if you wish to exercise your rights, may be directed to our Privacy Contact:

Privacy Contact: OC Perfect Smile Attn: Privacy Officer 24953 Paseo De Valencia, #3c, Laguna Hills, CA  92653. (949) 837-7112, OCPerfectSmile@gmail.com

Filing a Complaint: If you believe your privacy rights have been violated, you may file a complaint with us directly by contacting our Privacy Officer. We will not retaliate against you for filing a complaint.

You may also file a complaint with the appropriate government authorities:

  • For HIPAA-related complaints: Secretary of the U.S. Department of Health and Human Services 200 Independence Avenue, S.W. Washington, D.C. 20201 (Or visit the HHS Office for Civil Rights website to file a complaint electronically)
  • For CCPA/CPRA-related complaints: California Attorney General’s Office (You can find information on how to file a complaint on the California Department of Justice website)

Key Differences and Additions from Your Original Draft:

  • Integrated Approach: Explicitly blends HIPAA/CMIA requirements for PHI with CCPA/CPRA requirements for broader PI and SPI, especially concerning website data.
  • Clear Definitions: Defines PHI, PI, and SPI at the beginning for clarity.
  • Detailed Use/Disclosure Categories: Separates uses and disclosures by whether they relate to Treatment, Payment, Healthcare Operations (HIPAA/CMIA permitted) or general business/marketing (CCPA/CPRA considerations).
  • “No Sale/Share” Statement: Clearly states that the office does not “sell” or “share” PHI or PI (as defined by CCPA/CPRA) without explicit authorization, addressing the core CCPA/CPRA right.
  • Specific California Laws: Directly mentions CMIA and its implications (e.g., 15-day record access, typically requiring written authorization for many disclosures unless specifically permitted by law).
  • Expanded Patient Rights:
    • Adds the full suite of CCPA/CPRA rights: Right to Know, Right to Delete, Right to Opt-Out of Sale/Sharing, Right to Correct, Right to Limit SPI Use/Disclosure, and Right to Non-Discrimination.
    • Clarifies the CMIA 15-day timeframe for records access.
  • Security Details: Provides more specific examples of security measures.
  • Data Collection Methods: Expands on how data is collected, including from partners like Smile Generation.
  • Opt-Out Mechanisms: Provides more detailed guidance on how to opt-out of various communications and tracking.
  • Complaint Procedures: Clearly outlines how to file complaints with both the office and relevant federal/state agencies.
  • Legal Disclaimer: Reiterates the importance of seeking legal counsel.

0% APR Financing