Privacy Policy and Notice of Privacy Practices

Fort Bend Pediatric Dentistry PLLC (dba Creative Smiles and Kidzone Dental)
 Effective Date: September 24, 2025

Introduction

Fort Bend Pediatric Dentistry PLLC, doing business as Creative Smiles and Kidzone Dental (the “Practice”), is committed to protecting the privacy and confidentiality of your health information. This Privacy Policy and Notice of Privacy Practices describes how we safeguard your Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its regulations, guidance from the U.S. Department of Health & Human Services (HHS), the Americans with Disabilities Act (ADA), and applicable Texas state laws. We are required by law to maintain the privacy of your health information and to provide you with this notice of our legal duties and privacy practices. PHI includes any individually identifiable information about your past, present, or future health or payment for health care. Please review this notice carefully. If you have any questions, you may contact us using the information at the end of this notice.

Our Legal Duties and Responsibilities

  • Compliance with Law: The Practice is obligated by federal law (HIPAA) to keep your identifiable health information private and secure and to abide by the terms of this notice. We also follow all other applicable laws and regulations (including HHS privacy rules and Texas state privacy laws) that provide equal or greater protection than HIPAA.
  • Notice Distribution: A copy of this Notice of Privacy Practices is available on our website and in our office, as required by law. You have the right to receive a paper copy of this notice at any time upon request, even if you have agreed to receive it electronically.
  • Changes to Privacy Practices: We reserve the right to change our privacy practices and the terms of this notice if laws or internal policies change. Any changes will apply to all PHI we maintain (including information we already have). If we make material changes, we will update this notice and post the new notice prominently in our office and on our website. The effective date of the notice will always be indicated at the top. You may request a copy of the current notice at any time.
  • Safeguards and Minimum Necessary: We implement reasonable administrative, technical, and physical safeguards to protect your PHI against unauthorized access or disclosure. Additionally, we follow HIPAA’s “minimum necessary” rule, using or disclosing only the minimum amount of information needed for the intended purpose (except for uses or disclosures for treatment, or as required by law).
  • Personal Representatives: We will treat your legally authorized personal representative (such as a parent of a minor patient or a person with a healthcare power of attorney) the same as we would treat you with respect to your PHI, in accordance with HIPAA and state law.
  • Our Staff and Business Associates: All members of our workforce are trained on our privacy and security procedures and are required to protect your PHI. In addition, we may share your information with certain outside companies or contractors who help us operate our practice – known as “business associates.” For example, we use a third-party application called DentTracks (DentComm module) to manage appointment scheduling and send appointment reminders via phone, SMS (text message), and email. Whenever we share PHI with a business associate to perform services on our behalf, we have a written agreement in place requiring them to safeguard your information in compliance with HIPAA. Business associates are held to the same strict standards and legal penalties under HIPAA for protecting your privacy.

How We May Use and Disclose Your Health Information Without Your Authorization

Under HIPAA, we are allowed to use and disclose your PHI for certain key purposes without obtaining your written authorization. The following categories describe the different ways we may use or share your information without your express permission, as permitted or required by law. For any other purpose not described in this notice, we will seek your written authorization first (see “Uses and Disclosures Requiring Your Authorization” below).

  • Treatment: We use and disclose your health information to provide, coordinate, and manage your dental care and any related services. This includes sharing information, as needed, with other dentists, doctors, specialists, or healthcare providers involved in your care. For example, our dentist may consult with your physician or refer you to a specialist and share relevant medical information such as x-rays or treatment plans to facilitate your treatment. We may also contact you to schedule or remind you of appointments as part of your treatment.
  • Payment: We may use and disclose your PHI to obtain payment for services we provide to you. This can include billing you, your insurance company, or a third-party payer. For example, we will submit claims to your dental or medical insurance plan with details of your procedures so we can be paid. We may also disclose information to verify coverage, obtain prior authorization, or determine benefits. In addition, we may use or share necessary information to collect unpaid amounts you owe for services – either ourselves or through a collection agency or our attorneys. For instance, if you fail to pay your bill, we may send relevant billing information to a collections firm or legal counsel to pursue payment. We will only disclose the minimum information necessary for these purposes.
  • Healthcare Operations: We use and disclose PHI for our internal business operations in order to run our practice efficiently and ensure quality care. These healthcare operations include activities such as:
      • Quality assessment and improvement, and clinical protocol development
      • Training and evaluating staff performance and qualifications
      • Licensing, accreditation, and credentialing activities
      • Conducting audits and compliance reviews
      • Business planning, management, and general administrative activities
      • Customer service and resolving grievances
  • Legal services and risk management: This means we may use or disclose your information as needed for the Practice’s management and defense of legal matters. For example, if you initiate a lawsuit or regulatory claim against us, or if we need to pursue a claim against you, we may use and disclose relevant PHI in our defense or in the process of seeking a legal remedy. HIPAA expressly permits us to use/disclose PHI as part of our health care operations in the course of litigation or other legal proceedings to which we are a party. In such cases we will limit the information to what is necessary for the purpose and, when appropriate, ensure protective measures (such as a court protective order) are in place.
  • Appointment Reminders & Health-Related Communications: We may use your contact information to communicate with you about appointments and health services. For example, we may call you or send you reminders via voicemail, postal mail, email, or text message about upcoming dental appointments or periodic check-ups. We may also follow up with you after a visit or inform you of treatment alternatives, post-treatment instructions, or other health services that may benefit you. These communications are considered part of our healthcare operations and treatment of you. We will limit the amount of medical details included in messages to the minimum necessary (often just your name, the appointment date/time and our practice name or a callback number) to protect your privacy. Please note: If you prefer not to be contacted with appointment reminders or certain messages by a particular method (for example, no texts or no voicemails), you have the right to request a different method of communication as described in the “Confidential Communications” section below, and we will accommodate reasonable requests.
  • Third-Party Services: In providing appointment reminders and other services, we may utilize third-party platforms or software (such as DentTracks “DentComm” communication module) to automate calls, texts, or emails. These communications may come directly from our office or via such a platform on our behalf. Any third-party service we use for these purposes is a Business Associate of the Practice and is contractually required to protect your information and use it only for the services we’ve requested, in compliance with HIPAA. We will ensure that such providers implement safeguards for your data.
  • Emergencies or Incapacity: If you are experiencing an emergency or are unable to communicate (for example, you are unconscious), we may share information with other healthcare providers or a family member to make sure you get the appropriate care. We will use our professional judgment to decide what disclosures are in your best interest in such emergency circumstances, and we will only share information that is directly relevant to your care or your immediate needs.
  • Family, Friends, and Caregivers Involved in Your Care: If you do not object, we may share limited PHI with a family member, personal representative, or other person involved in your care or payment for your care. For example, if a parent, guardian, or caregiver accompanies you to treatment, we might discuss your treatment in their presence or allow them to help pick up prescriptions or medical supplies. We will only disclose information directly relevant to their involvement. If you do not want us to share information with a particular person (e.g., a certain family member), please notify us and we will honor that request to the extent permitted by law.
  • Incidental Disclosures: Despite strict safeguards, incidental disclosures of PHI might occur as a byproduct of otherwise permitted uses/disclosures. For example, other patients in the treatment area might overhear a brief conversation between you and our staff, or someone may glimpse your name on a sign-in sheet. We will make reasonable efforts to limit such incidental disclosures, but note that they are permitted by law as long as we’ve applied appropriate privacy safeguards. Rest assured, we take precautions (like speaking quietly when needed and using privacy barriers) to minimize incidental exposure of your information.
  • Public Health Activities: We may disclose PHI for public health purposes as required or authorized by law. This includes reporting health information to: public health authorities for preventing or controlling disease, injury or disability; reporting vital events such as births and deaths; reporting suspected abuse or neglect of children or vulnerable adults to appropriate agencies; reporting reactions to medications or problems with medical products to the U.S. Food and Drug Administration (FDA); or notifying people of recalls of products they may be using. Any such disclosure will be made only to proper authorities and in accordance with applicable laws.
  • Health Oversight Activities: We may disclose PHI to governmental agencies and oversight authorities responsible for monitoring the health care system, government benefit programs, or civil rights laws. For example, information may be shared with agencies like the U.S. Department of Health and Human Services if required for an audit or investigation into our compliance with privacy laws, or with state dental boards during licensure or disciplinary proceedings. These disclosures are either required or permitted by law and may be necessary for oversight of the health care system and compliance with standards.
  • Required by Law and Legal Compliance: We will disclose your PHI whenever we are required to do so by federal, state, or local law. For instance, we may share information in response to a court order, subpoena, or other lawful process in judicial and administrative proceedings. If we receive a subpoena or legal request for your information without your authorization, we will only disclose your PHI if we are satisfied that the request meets legal requirements (such as showing proof that you have been notified or that an appropriate protective order is in place). Additionally, we may disclose PHI to a law enforcement official for law enforcement purposes in certain circumstances, such as: to report certain injuries or crimes; to comply with a court-ordered warrant or subpoena; to assist in identifying or locating a suspect, fugitive, material witness, or missing person; or to report criminal activity on our premises. These disclosures will be made only as permitted or mandated by law, and we will limit the information to what is necessary for the law enforcement purpose.
  • Serious Threats to Health or Safety: We may use or disclose PHI when necessary to prevent a serious and imminent threat to your health or safety or that of another person or the public. Any disclosure would be made only to someone able to help prevent or lessen the threat (for example, disclosing to law enforcement or emergency personnel if you threaten to harm yourself or others). We will only share the information that is needed under the circumstances and will comply with any applicable laws governing such disclosures.
  • Specialized Government Functions: Under certain conditions, HIPAA permits us to disclose PHI to facilitate specific government functions. If you are a member of the U.S. Armed Forces or a veteran, we may release PHI as required by military command authorities for military purposes. We may also share PHI with federal officials for national security and intelligence activities (for example, for the protection of the President or foreign heads of state) or for Department of State purposes such as determining eligibility for certain benefits. Additionally, if you are in the custody of law enforcement or an inmate in a correctional institution, we may disclose PHI to the correctional institution or law enforcement officials as necessary for your health care, the safety and security of the institution, or public safety (consistent with HIPAA and other laws).
  • Workers’ Compensation: We may disclose your health information as authorized by and to the extent necessary to comply with laws relating to workers’ compensation or similar programs. These programs provide benefits for work-related injuries or illness. For example, if you are injured at work and are making a workers’ compensation claim, we might be required to submit treatment information to your employer’s workers’ compensation carrier or state administrators to facilitate your claim. PHI released for workers’ compensation will be limited to what the relevant law or program requires.
  • Organ and Tissue Donation: If you are an organ donor, we may disclose PHI to organizations that handle organ procurement or transplantation (such as an organ donation bank) to facilitate organ, eye, or tissue donation and transplantation, consistent with applicable laws.
  • Medical Examiners and Funeral Directors: In the unfortunate event of your death, we may disclose PHI to a coroner or medical examiner for purposes such as identifying a deceased person or determining cause of death. We may also release relevant information to funeral directors as necessary for them to carry out their duties, for instance to make arrangements.
  • Research: Under certain carefully controlled circumstances, we may use or disclose PHI for medical or dental research purposes. All research projects that propose to access PHI without patient authorization are subject to a special approval process. For example, we may provide PHI to researchers for a study comparing the success of different dental procedures, but only after an Institutional Review Board or privacy board reviews the research proposal and establishes protocols to ensure the privacy of your information. In most cases, your name or direct identifiers will be removed, or we will obtain your specific permission if the researcher will have access to information that identifies you.
  • De-Identified or Summary Information: We are permitted to use or disclose health information that has been “de-identified” in accordance with HIPAA standards (i.e., stripped of all personal identifiers so that it cannot reasonably identify you). Information that is fully de-identified is no longer considered PHI and not subject to this notice. We are also allowed to use “limited data sets” (which exclude most direct identifiers) for certain purposes like research or public health, under a data use agreement. These forms of information help improve healthcare operations and knowledge without compromising individual privacy.

Please Note: For any use or disclosure not described above, we will require your written permission (authorization) before using or sharing your PHI. The next section explains situations that require your authorization and your rights regarding such authorizations.

Uses and Disclosures Requiring Your Authorization

In general, we will not use or disclose your health information for any purpose not covered by the sections above without your voluntary written authorization. Certain uses and disclosures are specifically prohibited or restricted without authorization under HIPAA and other laws. For example:

  • Marketing: We will not use or disclose your PHI for marketing purposes without your written authorization, except in very limited circumstances allowed by law. “Marketing” generally means communications that encourage you to purchase or use a product or service. We may provide you with informational materials about our own treatment services, alternatives, health-related products or services, or small promotional gifts as part of your care coordination – those are allowed and are not considered marketing under HIPAA. However, any communication to you for which we receive financial remuneration from a third party whose product or service is being described requires your prior authorization. In plain terms, we would ask for your written permission before, for instance, using your information to send you a paid advertisement or before recommending another company’s product to you in exchange for compensation. If we ever seek to send you marketing communications beyond permissible treatment or care messages, we will explain the request and obtain your explicit consent. You have no obligation to agree to any such marketing authorization. If you do not grant permission, or if you later revoke it, it will not affect your ability to receive care or benefits from us – we will continue to treat you just the same.
  • Sale of PHI: We will not sell your PHI to any third party without your explicit authorization. “Sale” of PHI (getting paid for providing your health information to someone else) is generally prohibited by law without your consent. We do not engage in such practices. Any situation that would involve remuneration for your PHI would be disclosed to you and require your separate written authorization, and you would have the right to refuse.
  • Psychotherapy Notes: Although it is unlikely we maintain psychotherapy notes (as a dental practice, we typically do not generate mental health therapy notes), HIPAA gives special protections to psychotherapy session notes. We would not use or disclose any psychotherapy notes from counseling sessions without your authorization except in very narrow circumstances permitted by law.
  • Other Uses: Any other use or disclosure of your PHI that is not described in this notice will be made only with your written authorization. Examples might include: participation in certain research studies that require identification; use of your information in media or public relations stories; or disclosures to an outside entity for purposes other than treatment, payment, healthcare operations or the specific exceptions listed above.

Your Written Authorization: If you do authorize us to use or disclose your PHI for a purpose not covered by this notice, you may revoke (cancel) that authorization at any time, in writing. Once we receive your written revocation, we will stop using or disclosing your PHI for that purpose, except to the extent we have already relied on your authorization. For example, if you signed an authorization allowing us to release records to a specialist or to an insurance underwriter, you can later change your mind and revoke that authorization; we will honor the revocation going forward (but we cannot undo any information already released while the authorization was in effect). To revoke an authorization, please send a written notice to our Privacy Officer (contact information is provided at the end of this Notice).

We will never require you to sign an authorization as a condition of receiving treatment, payment, enrollment, or benefits eligibility (except in limited research-related circumstances or if the services are solely for creating information for a third party, in which case we’ll explain those situations). In the event that we ask for your authorization for a use or disclosure, we will provide you with a copy of the signed authorization. Remember, you have the right to refuse to sign an authorization for us to use/disclose your information for a particular purpose. If you choose not to sign, we will not withhold treatment or retaliate in any way; it simply means we cannot use your information for that specific purpose. For instance, if we request your authorization to use your testimonial and photo on our website and you decline, your decision will have no effect on the dental care we provide to you. As noted above, if we ever contact you seeking authorization for marketing communications and you decline, it will not affect your treatment or relationship with us.

Communication via Text Message and Email

We recognize that many patients appreciate the convenience of communication by text (SMS) and email. We offer the option for you to receive appointment reminders, confirmations, recall notices, and other non-sensitive communications via text message or email, in addition to phone calls or mail. However, we take your privacy seriously and want to ensure you are informed about the use of these communication methods.

  • Patient Consent to SMS/Email: By providing us with your mobile phone number and/or email address, you consent to receive communications from us via text message and/or email. This may include (but is not limited to) appointment reminders, scheduling confirmations, notices about treatment or follow-up care, pre-appointment instructions, post-operative check-ins, or general service announcements. These messages are intended to facilitate your care and are not for telemarketing purposes. We will not send you promotional or marketing texts/emails without your explicit authorization as discussed above.
  • Opt-Out Rights: Your consent to receive text or email communications is voluntary. If at any time you prefer not to receive these types of messages, you have the right to opt out or withdraw your consent. You can opt out by notifying us directly (by phone or in writing) or by using any opt-out mechanism provided: for example, replying “STOP” to a text message to discontinue texts, or clicking an “unsubscribe” link in an email (if available). Once we process your opt-out request, we will cease further communications to the applicable phone number or email address (except for communications permitted or required by law, or in case of a treatment emergency). Please note that opting out of all electronic communications may mean you will only receive reminders or notices via phone or mail.
  • Standard Messaging Charges: We do not charge for sending appointment reminders or communications via text or email. However, you are responsible for any message and data rates that your phone service provider may apply for SMS messages. The frequency of messages will vary based on your appointments or treatment schedule (e.g., typically you might get a few messages around the time of scheduling and before appointments). We strive to keep communication at a reasonable level. If you have any questions about your message plan or charges, please contact your carrier.
  • Privacy and Security of Electronic Communications: We make efforts to protect the privacy of information sent via text or email. For instance, we limit the content of these messages to the essentials (such as your first name, appointment date and time, and our practice name or number) and avoid including detailed health information or sensitive personal identifiers in routine reminders. However, text messages and regular emails are not always secure or encrypted. There is some risk that unencrypted messages could be intercepted or read by unauthorized parties (for example, if sent to the wrong number/email or if someone gains access to your device or accounts). By consenting to electronic communications, you acknowledge and accept these security risks. We will not send highly sensitive information (like full medical records, social security numbers, credit card numbers, etc.) via text or unencrypted email unless you have requested it and been informed of the risks. If you have particular privacy concerns, we can discuss alternative methods (such as communication through a secure patient portal, encrypted email, or phone calls).
  • Patient Responsibility: We encourage you to help us protect your privacy by safeguarding your own devices and accounts. For example, if you share an email address or phone with family members or others, be aware that they may see communications we send. You can request that we send communications to a confidential or alternate contact point if needed (see “Confidential Communications” under Patient Rights) and we will accommodate reasonable requests. Also, please promptly inform us if you change your phone number or email address to ensure we are contacting the correct person. We are not responsible for unauthorized access to your PHI that occurs during or after delivery of electronic messages to you (for instance, if someone else opens your text messages or emails), or for any breaches of confidentiality due to your chosen communication method.

By default, when you provide us with your mobile number or email, we will assume that means you consent to communications through those channels, unless you tell us otherwise. If you have any questions or special requests regarding communications (such as preferred methods or restrictions), please inform our staff at any time. Your comfort and privacy in communication are very important to us.

(For patients with disabilities or special communication needs, please see the Accessibility note below in Patient Rights regarding ADA compliance.)

Patient Rights

Federal law (HIPAA) and other regulations give you specific rights regarding your Protected Health Information. We respect your rights and have outlined them below. To exercise any of these rights, you may contact us using the information at the end of this Notice. In some cases, we may ask you to submit your request in writing (and we can provide any required forms). We will respond to your requests within the time frames required by law.

  1. Right to Access Your Health Information – You have the right to inspect and obtain a copy of the health information that we maintain about you, with a few limited exceptions (such as psychotherapy notes or information compiled for legal proceedings). This generally includes medical and billing records in our possession. You may request to see your records and/or get copies, either on paper or in an electronic format. To exercise this right, submit a request to us (we have a simple form you can use, or you can send a letter). We will respond within 30 days of receiving your request (with one possible 30-day extension if needed, in which case we will inform you in writing). If you want an electronic copy and we can readily produce your records electronically, we will do so in your preferred format (for example, PDF via secure email or on a USB drive) whenever feasible. We may charge you a reasonable, cost-based fee as allowed by law to cover copying, postage, or summarizing the information – we will let you know the cost in advance. If we maintain your records in an electronic health record, you also have the right to direct us to send an electronic copy of your PHI to an entity or person of your choice (clearly designate the recipient and address). In certain situations, we may deny your request to inspect or get a copy (for example, if a healthcare provider believes seeing the information could endanger you or someone else). If we deny access, we will give you a written explanation and inform you of any right to have the denial reviewed by an independent licensed healthcare professional. We will do our best to make your information available to you and answer any questions you may have about it.
  2. Right to Request Amendment – If you believe that any health information we have about you is incorrect or incomplete, you have the right to ask us to correct or amend the record. This could include demographic information (like your address or phone number) or clinical information in your chart. Your request must be in writing and should tell us what information you want to change and why. We will respond to your request within 60 days (with one possible 30-day extension if needed). If we agree, we will amend the information in your records and notify you when done. We will also make reasonable efforts to inform others (for example, anyone who received the incorrect information from us) of the change and to include the corrected information in any future disclosures. We may deny your request if we determine that the records are accurate and complete, or if the information was not created by us (unless the creator is no longer available to make the amendment), or in other specific circumstances. If we deny the amendment, we will provide you a written denial explaining the reason. You then have the right to submit a written statement of disagreement, which we will keep with your records. If you submit a statement of disagreement, we also have the right to include a rebuttal statement (which we will provide to you). In any future disclosures of the disputed information, we will include your statement (and any rebuttal) so that your perspective is represented. Remember, even if we accept your request, we do not delete the original record; we will mark it as amended and retain both the old and new information as required by law.
  3. Right to an Accounting of Disclosures – You have the right to get a list (an “accounting”) of certain disclosures we have made of your PHI to outside persons or organizations, other than those disclosures made for routine treatment, payment, and health care operations (as those do not need to be accounted for). Specifically, you can request an accounting of disclosures made up to six (6) years prior to the date of your request, going back no earlier than April 14, 2003 (the compliance date of the HIPAA Privacy Rule). The accounting will include the date of each disclosure, who it was made to (name and, if known, address), a brief description of the information disclosed, and the purpose of the disclosure or the authority under which it was made. Exceptions: The law does not require us to list certain types of disclosures, such as those made: for treatment, payment, or health care operations; to you or your personal representative; pursuant to your specific authorization; incidentally (see above); for certain law enforcement or national security purposes; or as part of a limited data set. The accounting also won’t include disclosures older than six years. If you request an accounting, we will provide it within 60 days (with one 30-day extension if needed). The first accounting in any 12-month period is free. If you request additional accountings within the same 12-month span, we may charge a reasonable fee for the extra lists (we will tell you the cost in advance and give you a chance to withdraw or modify the request to avoid or reduce the fee). To request an accounting, please contact us in writing.
  4. Right to Request Restrictions – You have the right to ask us to place additional restrictions or limitations on the use or disclosure of your PHI beyond what is already allowed by law. For example, you could request that we not disclose information to certain family members or that we not use a particular detail in our operations. We are not required to agree to most voluntary restriction requests, and in many cases we may respectfully decline if we believe the restriction would impede your care or is administratively impracticable. However, if we do agree to a restriction, we will put the agreement in writing and abide by it (except in emergency situations or as otherwise required by law). Important: There is one type of restriction that we must comply with by law: If you (or someone on your behalf other than an insurer) pay in full, out-of-pocket for a specific health care item or service, you have the right to request that we do not disclose information about that specific item or service to your health plan for payment or healthcare operations purposes. We will honor this requested restriction as long as the service is fully paid by you (or another person). For instance, if you pay out-of-pocket for a dental procedure because you don’t want your insurance to know about it, and you request that we not bill or inform the insurance, we will comply with that request. Aside from this required restriction, other requests will be considered on a case-by-case basis. To request any restriction, you should contact us and clearly describe the restriction you want and to whom it applies. We will let you know if we accept or deny your restriction. If we accept, we will abide by it unless the restricted PHI is needed to provide you emergency treatment or the restriction is terminated by you or us (you will be informed if we need to terminate a restriction, which we would only do going forward, not retroactively).
  5. Right to Request Confidential Communications – You have the right to request that we communicate with you about your health matters in a certain way or at a certain location for confidentiality reasons. For example, you may ask that we contact you only at work and not at home, or that we send mail to a different address, or that we communicate with you by email instead of by phone, or vice versa. You do not need to give a reason for your request, but your request must specify the alternative communication method or location that you prefer. We will accommodate all reasonable requests for confidential communications. We will not ask you to justify the request, but we may ask you to clarify how any additional costs should be handled (for instance, if mailing to a different address incurs postage costs, or if using a courier or encrypted email service is necessary). Our primary goal is to ensure that you receive information in the manner that best protects your privacy. If, for example, you are in a situation where you do not want family members to know you are receiving our services, we can send communications to an alternate address or phone of your choosing. Similarly, if you prefer we not communicate by text or email, you can request that and we will use phone or postal mail instead. To make a confidential communication request, simply inform us (preferably in writing) what method or location you would like us to use. We will not refuse a reasonable request. Once we accommodate a request, we will communicate with you per that arrangement until you tell us otherwise.
  6. Right to Notification of a Breach – We take extensive measures to protect your PHI, but in the event of a breach of unsecured PHI (meaning an unauthorized use or disclosure of your health information that compromises its privacy or security), you have the right to be notified. If we discover a reportable breach has occurred, we will notify you without unreasonable delay and within any timeframe required by law (no later than 60 days after discovery, under federal law). The notification will include a description of what happened and what information was involved, steps you should take to protect yourself, what we are doing to investigate and mitigate the issue, and our contact information for further inquiries. We will provide this notice in writing (by mail or email, if you have agreed to electronic notice). We will also fulfill any reporting obligations to HHS and, if required, media outlets, in accordance with the Breach Notification Rule. Please rest assured we work hard to prevent breaches, but we want you to know this right for your awareness.
  7. Right to a Paper Copy of This Notice – You have the right to a paper (hard) copy of this Privacy Policy/Notice of Privacy Practices at any time, even if you have opted to receive it electronically. If you originally received this notice by email or through our website, you can still ask for a paper copy. We will provide it promptly and free of charge. Simply contact our office or ask at the front desk during your visit. You may also download or print a copy from our website, but we are happy to provide one for you in person or by mail upon request.
  8. Right to File a Complaint (and Freedom from Retaliation) – If you believe your privacy rights have been violated, or if you have a concern about our privacy practices, you have the right to file a complaint. You can complain directly to us (the Practice) and/or to the U.S. Department of Health and Human Services (HHS), Office for Civil Rights. To file a complaint with us, you may contact our Privacy Officer (or office manager) using the contact information below. We request that you provide as much detail as possible about your concern so we can investigate thoroughly. We take all complaints seriously and will respond in writing. You will not be penalized or retaliated against for filing a complaint. We strictly prohibit any intimidation, threats, coercion, discrimination, or other retaliatory actions against individuals who exercise their privacy rights or lodge a complaint. If you prefer to file a complaint with the government, you can send it to the HHS Office for Civil Rights. You may submit a written complaint to:
     U.S. Department of Health & Human Services – Office for Civil Rights
     200 Independence Avenue, S.W.
     Washington, D.C. 20201
     Phone: (877) 696-6775
     Website: hhs.gov/hipaa/filing-a-complaint or email [email protected]

You generally should file any complaint within 180 days of when you knew of the issue, but if you have questions the Office for Civil Rights can provide guidance. Again, we support your right to privacy and welcome the opportunity to address any issues without fear of retribution. Your feedback can only help us improve.

Accessibility and Non-Discrimination (ADA Compliance)

We are dedicated to treating all patients with dignity and respect, and we do not discriminate on the basis of race, color, national origin, age, sex, disability, religion, or any other protected characteristic. In particular, consistent with the Americans with Disabilities Act (ADA) and other laws, our Practice strives to ensure that persons with disabilities have equal access to our services and information. We will provide reasonable accommodations and auxiliary aids/services to patients or companions with disabilities to facilitate effective communication and full enjoyment of our dental services. For example, we can arrange for sign language interpreter services for patients who are deaf or hard of hearing, provide written information in large print or other alternative formats for patients with vision impairments, or allow the use of assistive devices. The goal is to communicate with patients with vision, hearing, or speech disabilities in a manner that is equally as effective as communications with others. If you have any special needs (e.g. require an interpreter, need documents in Braille or another language, need extra assistance during your visit, etc.), please notify our staff in advance or at your appointment. We will make all reasonable efforts to accommodate such requests. This notice can be made available in alternative formats if needed – please contact us for assistance.

Furthermore, our office is physically accessible in accordance with ADA structural guidelines (e.g., wheelchair access). We also train our staff on disability etiquette and effective communication principles. It is our policy to ensure that no individual with a disability is excluded, denied services, or otherwise treated differently due to the absence of appropriate auxiliary aids and services. Your comfort and ability to receive information and care are a priority. If you believe you have been unable to access our services or communications due to a disability, or have been discriminated against in any way, please let us know immediately so we can address the issue. You may also file a grievance or complaint as noted above – we will not retaliate, and we will work with you to resolve the concern.

Questions and Further Information

Contact Office: If you have any questions about this Privacy Policy or how your information may be used and disclosed, or if you want more information about any of the rights or procedures described above, please contact our Privacy Officer. You can also contact us if you need help understanding this notice or if you need someone to explain it in a different language.

Practice Contact Information:
 Fort Bend Pediatric Dentistry PLLC dba Creative Smiles and Kidzone Dental
 Address: 5819 Highway 6, Suite 210, Missouri City, TX 77459
 Phone: 281-499-3275
 Email: [email protected]

You may contact us by phone during our business hours or by mail/email at any time. If you are contacting us to exercise any of your rights (such as requesting copies or an amendment), we may ask you to submit your request in writing for documentation purposes. We are here to address your concerns and ensure your experience with our practice is positive and respectful of your privacy.

Acknowledgment: We will ask you to sign an acknowledgment that you received this Notice of Privacy Practices (typically at your first visit). This acknowledgment is for our records only and does not indicate your consent for any particular use of your information – it simply documents that we provided you with a copy. If you refuse to sign the acknowledgment, we will still provide you treatment, and this will not affect your rights; we will note your refusal in our records as required by HHS guidelines.

Thank you for taking the time to review our Privacy Policy. Maintaining the confidentiality of your health information is fundamental to our relationship. We will continuously work to protect your data while providing high-quality dental care. Your trust is important to us, and we are committed to upholding these privacy practices as part of our pledge to you.