Privacy Policy & HIPAA Notice of Privacy Practices

1. HIPAA Notice of Privacy Practices — Summary

2. How We Use Your Protected Health Information

We use and disclose your PHI for the following primary purposes without requiring your specific authorization:

🦷 Treatment

We use your PHI to provide, coordinate, and manage your dental care. For example, Dr. Chakrapani Nannapaneni may share relevant records with a specialist (oral surgeon, periodontist, orthodontist) when referring you for additional care, or with a dental lab fabricating a crown, retainer, or other appliance based on your impressions or iTero 3D scan data.

💳 Payment

We use your PHI to bill and receive payment from you, your insurance plan, or other payers. This may include sharing information with Delta Dental, MetLife, Cigna, Aetna, United Healthcare, Blue Cross Blue Shield, Humana, Guardian, CareCredit, or other insurance carriers and financing providers to verify coverage, obtain prior authorization, and process claims.

⚙️ Healthcare Operations

We use your PHI for internal operations including: quality improvement, staff training and supervision, auditing clinical records, business planning, and evaluating the performance of our dental team. For example, reviewing x-rays or treatment records to ensure Dr. Nannapaneni's care meets evidence-based standards.

📅 Appointment Reminders

We may contact you by phone, text, or email to remind you of upcoming appointments or to follow up after a procedure. You may request we use a different contact method or number. If we leave a voicemail or send a text, we will use only the minimum necessary information (your name, the appointment date and time, and our phone number).

💊 Treatment Alternatives & Health Benefits

We may contact you to describe treatment alternatives or other dental services and benefits that may be of interest to you. For example, following up on a cosmetic consultation or reminding you that a recommended restorative procedure is still pending.

3. When We Share Your Information

✅ Disclosures Not Requiring Your Authorization

Federal law permits or requires us to disclose your PHI in the following situations without your written authorization:

• As required by law — court orders, subpoenas, or other legal processes
• Public health activities — reporting communicable diseases, injuries, or adverse events to public health authorities as required by law
• Victims of abuse, neglect, or domestic violence — to government authorities as permitted or required by law
• Health oversight activities — audits, investigations, or inspections by the Texas State Board of Dental Examiners or the U.S. Department of Health & Human Services (HHS)
• Judicial and administrative proceedings — in response to a court order or subpoena
• Law enforcement — under limited circumstances as required by law (e.g., identifying a suspect, reporting certain wounds)
• Coroners, medical examiners, and funeral directors — to identify a deceased person or determine cause of death
• Organ and tissue donation — as authorized by law
• Research — only when a privacy board or IRB has approved the use
• Serious threats to health or safety — to prevent or lessen a serious and imminent threat to a person or the public
• Workers' compensation — as authorized by Texas workers' compensation laws
• Military and veterans — as required by applicable military command authorities
• Business Associates — to service providers (billing companies, IT vendors, dental labs, cloud storage) who have signed a HIPAA Business Associate Agreement (BAA) with us
• Breach notification — to affected individuals, HHS, and the media (if required) in the event of a breach of your unsecured PHI

✍️ Uses and Disclosures Requiring Your Written Authorization

Most other uses and disclosures of your PHI — beyond treatment, payment, and operations — require your written authorization before we can proceed. This includes:

• Most disclosures of PHI for marketing purposes
• Sale of your PHI
• Disclosure of psychotherapy notes (if applicable)
• Sharing records with family members (unless you have previously designated them, or they are present during the appointment)
• Any other use not described in this Notice

You may revoke a written authorization at any time by notifying us in writing, except to the extent we have already taken action in reliance on it.

4. Your Rights as a Patient Important

Under HIPAA, you have the following rights regarding your Protected Health Information. To exercise any right, contact our front desk at (972) 276-4888 or info@friscodentalhub.com.

5. Our Legal Duties

Frisco Dental Hub is required by law to:

• Maintain the privacy and security of your Protected Health Information
• Provide you with this Notice of our privacy practices
• Follow the terms of the Notice currently in effect
• Notify you in the event of a breach of your unsecured PHI
• Not use or disclose your PHI except as described in this Notice or as otherwise permitted by law
• Train all workforce members on HIPAA privacy and security requirements
• Enter into Business Associate Agreements with all vendors who handle PHI on our behalf
• Implement reasonable and appropriate administrative, physical, and technical safeguards to protect electronic PHI (ePHI)

We reserve the right to change the terms of this Notice and to make the new Notice effective for all PHI we maintain. We will post the current Notice in our office and on our website. You may request a copy of any revised Notice from our front desk.

6. Website Privacy Policy

This section describes how we handle information collected through www.friscodentalhub.com — separate from (but consistent with) our HIPAA obligations as a dental practice.

📥 Information We Collect on the Website

Information you provide directly: When you submit a contact form, book a consultation, or call us from the website, you may provide your name, phone number, email address, and optional details about your dental concern. We treat all information submitted on the website as private and use it solely to respond to your inquiry and provide care.

Automatically collected information: Like most websites, our server and analytics tools automatically collect certain non-personal technical data when you visit: IP address (anonymized where possible), browser type and version, pages viewed, referring website, date and time of visit, and approximate geographic location (city/region level).

We do not collect: Social Security numbers, financial account numbers, credit card numbers, or sensitive personal data through the website. Payment information is handled by third-party processors (CareCredit, etc.) under their own privacy policies.

🔧 How We Use Website Information

• Responding to appointment requests and contact form submissions
• Communicating with prospective and current patients about dental services
• Improving website content, navigation, and performance based on aggregate analytics data
• Complying with legal obligations
• Investigating and preventing fraud or security incidents

We do not sell, rent, or trade your name, contact information, or any personally identifiable information to third parties for their marketing purposes.

🤝 Third-Party Service Providers

We may share limited technical data with trusted service providers who help us operate our website and communicate with patients — including web hosting, email delivery, and analytics platforms. These providers are contractually obligated to use data only on our behalf and to maintain appropriate security measures.

Any provider who may handle PHI has signed a HIPAA Business Associate Agreement (BAA) with us. Any analytics tracking is configured to anonymize IP addresses and not to collect PHI.

7. Cookies & Analytics

Our website may use cookies — small text files stored in your browser — to improve your experience. We use a limited set:

• Session cookies — temporary, expire when you close your browser; used for basic site functionality such as form session persistence
• Analytics cookies — if we use Google Analytics or a similar tool, these track aggregate, anonymized page-view and visit data. We configure analytics to anonymize IP addresses and not collect PHI
• Preference cookies — if present, remember non-sensitive preferences like your language or accepted terms

We do not use advertising cookies, retargeting pixels, or behavioral profiling trackers. You may disable cookies entirely in your browser settings — most of our website will remain functional, though some features may work less smoothly.

Google Analytics: If we use Google Analytics, it operates under Google's Privacy Policy. You may opt out of Google Analytics tracking using the Google Analytics Opt-Out Browser Add-on.

8. Children's Privacy (COPPA)

We provide dental care to patients of all ages, including children under 13. However, our website is not directed at children under 13, and we do not knowingly collect personal information from children under 13 through the website without verifiable parental consent.

All health information for pediatric patients is protected under HIPAA. For children under 18, a parent or legal guardian generally has the right to access the child's dental records and make decisions about disclosures. As children approach adulthood, we will work with families and the patient to ensure appropriate privacy protections are in place.

If you believe a child under 13 has provided personal information through our website without parental consent, please contact us at info@friscodentalhub.com and we will promptly remove that information.

9. Data Security

We implement administrative, physical, and technical safeguards appropriate to the sensitivity of the information we maintain — consistent with HIPAA Security Rule requirements for electronic PHI (ePHI):

• Administrative safeguards — staff HIPAA training, access controls (employees see only the PHI necessary for their role), security incident response procedures
• Physical safeguards — restricted access to areas where PHI is stored, secure disposal of paper records, workstation security policies
• Technical safeguards — encrypted data transmission (HTTPS/SSL on website), password-protected dental management software, audit logs for ePHI access
• Business Associate Agreements — all vendors with potential PHI access have signed BAAs

No method of transmission over the internet or electronic storage is 100% secure. While we use commercially reasonable means to protect your information, we cannot guarantee absolute security. If you have reason to believe your information has been compromised, contact us immediately at (972) 276-4888.

10. Texas Law & Additional State Protections

In addition to federal HIPAA requirements, we comply with applicable Texas state law regarding health information privacy, including:

• Texas Health & Safety Code Chapter 181 (Texas Medical Records Privacy Act) — Texas law may provide additional or different protections for certain categories of health information. Where Texas law is more protective than HIPAA, we follow the more protective Texas standard
• Texas Occupations Code § 258 — dental practice regulations administered by the Texas State Board of Dental Examiners
• Texas Insurance Code — provisions relating to health plan disclosures and insurance claims processing
• Texas Business & Commerce Code Chapter 521 — data breach notification obligations to Texas residents

Under Texas law, patients have the right to request restrictions on disclosure of health information beyond what HIPAA provides. For more information, contact us directly or consult the Texas State Board of Dental Examiners at www.tsbde.texas.gov.

11. Changes to This Policy

We reserve the right to modify this Privacy Policy and HIPAA Notice at any time. When we make material changes, we will:

• Update the Effective Date at the top of this page
• Post the updated Notice in our waiting room and operatory
• Make the updated Notice available on this website
• Provide a paper copy on request at your next appointment

Changes to the HIPAA Notice are effective for all PHI we maintain — not just PHI created or received after the new Notice's effective date. We encourage you to review this page periodically.

12. Contact Us & How to File a Complaint

📞 Questions About This Notice

If you have questions about this Privacy Policy or our HIPAA practices, or to exercise any of your patient rights, contact our Privacy Contact:

⚖️ Right to File a Complaint — Two Paths

If you believe Frisco Dental Hub has violated your privacy rights, you have the right to file a complaint. We will not retaliate against you for filing a complaint. There are two ways to complain: