Privacy Policy

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Comprehensive Dental Implant Center ("we," "us," "our," or the "Practice") is committed to protecting your privacy and the confidentiality of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at nvimplantcenter.com, contact our office, or receive dental care at our practice.

Our Practice is a Health Insurance Portability and Accountability Act (HIPAA) covered entity. We are required by law to maintain the privacy of your Protected Health Information (PHI), provide you with notice of our legal duties and privacy practices, notify you following a breach of unsecured PHI, and abide by the terms of this Notice currently in effect.

Information We Collect

Protected Health Information (PHI)

When you become a patient of our Practice, we collect Protected Health Information necessary to provide you with quality dental care. This includes:

• Personal identifiers such as your name, address, telephone number, email address, date of birth, and Social Security number
• Medical and dental history, including current medications, allergies, and existing health conditions
• Dental examination findings, diagnoses, treatment plans, and clinical notes
• X-rays, photographs, and other diagnostic images
• Insurance information and billing records
• Emergency contact information

Information Collected Through Our Website

When you visit our website or submit information through our online forms, we may collect:

• Contact information you provide, including name, email address, and telephone number
• Appointment preferences and scheduling requests
• Health-related information you voluntarily provide in contact forms or appointment requests
• Technical data including IP address, browser type, device information, and pages visited
• Information collected through cookies and similar tracking technologies

Information Collected via Telephone

When you call our office, we use CallRail call tracking technology to improve our services. CallRail is HIPAA-compliant and has executed a Business Associate Agreement with our Practice. Calls may be recorded for quality assurance, training, and compliance purposes. By calling our office, you consent to call recording. If you do not wish to be recorded, please inform our representative at the beginning of your call.

How We Use Your Information

Uses and Disclosures That Do Not Require Your Authorization

Under HIPAA, we may use and disclose your PHI without your written authorization for the following purposes:

Treatment

We may use and disclose your PHI to provide, coordinate, and manage your dental care. This includes sharing information with other healthcare providers involved in your treatment, such as specialists, laboratories, or your primary care physician.

Payment

We may use and disclose your PHI to bill and collect payment for your dental services. This includes providing information to your dental insurance company, submitting claims, and verifying coverage eligibility.

Healthcare Operations

We may use and disclose your PHI for activities that support the operation of our Practice, including quality improvement, staff training, compliance audits, and business management.

Other Permitted Uses Without Authorization

We may also use or disclose your PHI without authorization as required or permitted by law, including for:

• Public health activities, such as reporting communicable diseases
• Health oversight activities by government agencies
• Judicial and administrative proceedings pursuant to valid court orders
• Law enforcement purposes as required by law
• Preventing or reducing serious threats to health or safety
• Workers' compensation claims as permitted by law
• Coroners, medical examiners, and funeral directors as permitted by law

Uses and Disclosures Requiring Your Written Authorization

We will obtain your written authorization before using or disclosing your PHI for purposes other than those described above. Uses and disclosures requiring authorization include:

• Marketing communications (except face-to-face communications and promotional gifts of nominal value)
• Sale of your PHI
• Most uses and disclosures of psychotherapy notes (if applicable)
• Any use or disclosure not described in this Notice

You may revoke any authorization you provide at any time by submitting a written revocation to our Privacy Officer. Revocation will not affect any uses or disclosures made before we received your revocation.

Your Rights Regarding Your Health Information

Under HIPAA and applicable Nevada law, you have the following rights regarding your PHI:

Right to Access

You have the right to inspect and obtain a copy of your dental records and other PHI maintained by our Practice. We will provide the requested information within 30 days of your request. A reasonable fee may be charged for copying costs. Under Nevada law (NRS 629.061), we cannot withhold your records due to an outstanding balance.

Right to Request Amendment

You have the right to request that we amend your PHI if you believe it is incorrect or incomplete. We may deny your request in certain circumstances, such as if the information was not created by our Practice or if we determine the information is accurate.

Right to Accounting of Disclosures

You have the right to request a list of certain disclosures we have made of your PHI during the six years prior to your request. This accounting will not include disclosures made for treatment, payment, or healthcare operations, or disclosures you authorized.

Right to Request Restrictions

You have the right to request restrictions on how we use or disclose your PHI for treatment, payment, or healthcare operations. We are not required to agree to your request unless you are requesting that we not disclose PHI to your health plan for services you paid for in full out of pocket.

Right to Confidential Communications

You have the right to request that we communicate with you about your health information in a specific way or at a specific location. For example, you may request that we contact you only at your work telephone number or send correspondence to an alternate address.

Right to Paper Copy

You have the right to receive a paper copy of this Notice of Privacy Practices upon request, even if you previously agreed to receive it electronically.

Right to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with our Practice or with the U.S. Department of Health and Human Services, Office for Civil Rights. We will not retaliate against you for filing a complaint.

To file a complaint with our Practice, contact our Privacy Officer at the address listed below. To file a complaint with HHS, visit www.hhs.gov/hipaa/filing-a-complaint or write to:

Cookies and Tracking Technologies

What Are Cookies

Cookies are small text files stored on your device when you visit our website. They help us improve your browsing experience and understand how visitors interact with our site.

Technologies We Use

Google Analytics 4

We use Google Analytics 4, a web analytics service provided by Google LLC, to understand how visitors use our website. Google Analytics collects information such as how often users visit our site, what pages they visit, and what other sites they used prior to coming to our site. This information helps us improve our website and services.

Google Analytics collects the IP address assigned to you on the date you visit our site, along with browser type, device information, and browsing behavior. We have enabled IP anonymization to mask the last portion of your IP address. Google Analytics does not collect any Protected Health Information.

Important: We do not use Google Analytics on pages where you submit health-related information or Protected Health Information. Google does not sign Business Associate Agreements for Google Analytics, and therefore this technology is only used on general informational pages of our website.

You may opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Google Search Console

We use Google Search Console to monitor our website's presence in Google search results. This service collects aggregated, anonymized data about search queries that lead visitors to our site.

CallRail Call Tracking

We use CallRail for call tracking and lead attribution. CallRail is HIPAA-compliant and has executed a Business Associate Agreement with our Practice. Call tracking allows us to understand how patients find our Practice and improve our marketing effectiveness. CallRail may use cookies to attribute website visits to subsequent phone calls.

Embedded Maps

Our website embeds Google Maps to help you locate our office. Google may collect information when you interact with the embedded map. Please review Google's Privacy Policy for more information.

Types of Cookies

• Essential Cookies: Necessary for basic website functionality, security, and session management
• Analytics Cookies: Help us understand how visitors interact with our website
• Functionality Cookies: Remember your preferences and settings

Managing Cookies

Most web browsers allow you to manage cookies through browser settings. You can typically set your browser to refuse cookies or delete cookies that have already been set. Please note that disabling cookies may affect certain features of our website.

Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals to websites. Because there is no universally accepted standard for how to respond to DNT signals, our website does not currently respond to DNT browser signals. However, you may exercise your opt-out choices as described in this policy.

Third-Party Service Providers

We work with trusted third-party service providers who assist us in operating our Practice and website. These providers may have access to your personal information or PHI only to perform specific tasks on our behalf and are obligated to protect your information.

Business Associates

For services involving access to PHI, we enter into Business Associate Agreements as required by HIPAA. These agreements require our business associates to appropriately safeguard your PHI, limit its use and disclosure, and notify us of any breaches.

Categories of Service Providers

• Dental laboratories and imaging centers
• Practice management and electronic health record systems
• Insurance billing and claims processing services
• Appointment scheduling and reminder services
• Website hosting and maintenance providers
• Call tracking services (CallRail)
• Analytics providers (Google Analytics)

Social Media

Our website may contain links to our social media pages on Facebook, Instagram, LinkedIn, YouTube, Pinterest, and X (formerly Twitter). These platforms have their own privacy policies that govern information collected when you visit or interact with their services. We encourage you to review their privacy policies before engaging with our social media content.

Data Security

We implement administrative, technical, and physical safeguards designed to protect your personal information and PHI from unauthorized access, use, or disclosure. Our security measures include:

• Encryption of electronic PHI in transit and at rest
• Secure, password-protected access to patient records
• Regular security risk assessments
• Staff training on privacy and security policies
• Physical safeguards for paper records and equipment
• Secure disposal of records containing personal information
• Access controls limiting PHI access to authorized personnel

While we strive to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your information transmitted to or stored by our Practice.

Data Retention

We retain your dental records and PHI in accordance with HIPAA, Nevada law, and professional standards. Generally, we retain patient records for at least six years following the date of last treatment, as required by HIPAA. Under Nevada law (NRS 629.051), records may be retained for a minimum of five years; however, we follow the longer federal retention period.

Special Rule for Minors: Under Nevada law, dental records for patients under age 23 cannot be destroyed until after the patient turns 23 and records have been retained for at least five years.

As required by Nevada law, we post a notice in our office informing patients that records may be destroyed after the applicable retention period. New patients receive a written statement regarding our records retention policy.

Website analytics data and non-PHI information is retained for a reasonable period necessary to fulfill the purposes described in this policy, after which it is deleted or anonymized.

Breach Notification

In the event of a breach of unsecured PHI, we will notify affected individuals in accordance with HIPAA and Nevada law. Notification will be made without unreasonable delay and no later than 60 calendar days following discovery of the breach.

Breach notifications will include a description of the breach, the types of information involved, steps you should take to protect yourself, what we are doing to investigate and mitigate harm, and contact information for questions.

We will also notify the U.S. Department of Health and Human Services and, if required, notify prominent media outlets serving the affected area.

Rights for California Residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) regarding personal information that is not Protected Health Information.

Important: Information protected by HIPAA and the California Confidentiality of Medical Information Act (CMIA) is exempt from CCPA/CPRA requirements. This exemption covers most information our dental practice collects about patients for treatment, payment, and healthcare operations.

For non-exempt information (such as website analytics data and marketing information), California residents have the following rights:

• Right to Know: Request disclosure of what personal information we collect, use, and disclose
• Right to Delete: Request deletion of personal information we have collected
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt-out of the sale or sharing of personal information for cross-context behavioral advertising
• Right to Limit: Limit use and disclosure of sensitive personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

We do not sell personal information as defined by the CCPA. If our practices change, we will update this policy and provide the required opt-out mechanisms.

To exercise your California privacy rights, contact us using the information provided in the Contact Information section below. We will respond to verifiable consumer requests within 45 days.

Rights for Nevada Residents

Under Nevada law (NRS 603A.300-360), Nevada residents may have certain rights regarding the sale of covered information collected online. However, as a HIPAA-covered entity, our Practice is exempt from these requirements to the extent we handle information subject to HIPAA.

We do not sell your personal information. If you have questions about our data practices or wish to submit a request regarding your Nevada privacy rights, please contact us at the address provided below.

Nevada Data Breach Notification: Under NRS 603A.220, if we experience a breach of security involving your personal information, we will notify you in the most expedient time possible and without unreasonable delay. Nevada residents may also file complaints regarding data breaches with the Nevada Attorney General at: [email protected]

Marketing Communications and Opt-Out

Email Communications

We comply with the CAN-SPAM Act for all commercial email communications. If you receive marketing or promotional emails from our Practice and wish to opt out, you may:

• Click the "unsubscribe" link included in any marketing email
• Contact our office directly to request removal from marketing lists

We will honor your opt-out request within 10 business days. Please note that opting out of marketing communications will not affect transactional or relationship communications, such as appointment reminders or treatment follow-up messages.

Telephone and SMS Communications

We comply with the Telephone Consumer Protection Act (TCPA) for telephone and text message communications. If you provide your mobile phone number, you consent to receive healthcare-related calls and text messages, including appointment reminders, treatment follow-up communications, and practice updates.

You may opt out of text message communications at any time by replying "STOP" to any message or by contacting our office. Message frequency varies; message and data rates may apply.

We do not send marketing text messages without your prior express written consent.

Children's Privacy

Our website is not directed to children under the age of 13. We do not knowingly collect personal information online from children under 13 without parental consent. If you are a parent or guardian and believe your child has provided personal information through our website without your consent, please contact us immediately so we can take appropriate action.

For dental treatment purposes, we collect health information about minor patients with the consent and involvement of their parent or legal guardian, in accordance with HIPAA and Nevada law.

International Visitors

Our Practice is located in Henderson, Nevada, United States, and our services are intended for residents of the Las Vegas and Henderson, Nevada area. This website is not intended for visitors from outside the United States. If you access our website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where privacy laws may differ from those in your country of residence.

Changes to This Privacy Policy

We reserve the right to change or update this Privacy Policy at any time. If we make material changes to how we handle your PHI, we will post a revised Notice of Privacy Practices in our office and on our website, and we will provide you with a copy of the revised Notice upon your next visit or upon request.

We will not use or disclose your PHI in a manner materially different from what is stated in the Notice in effect at the time the information was collected without your written authorization.

Changes to this Privacy Policy for non-PHI website information are effective when posted on this page. The "Last Updated" date at the top of this policy indicates when changes were last made.

Contact Information

If you have questions about this Privacy Policy, wish to exercise any of your privacy rights, or have concerns about our privacy practices, please contact our Privacy Officer:

For complaints regarding violations of your HIPAA privacy rights, you may also contact: