Privacy policy.

Privacy Policy and Notice of Privacy Practices for Rigby Dental, P.C.

Effective Date: May 16, 2025

At Rigby Dental, P.C., we are committed to protecting your privacy and safeguarding your personal and health information in compliance with the Health Insurance Portability and Accountability Act (HIPAA), the Colorado Privacy Act (CPA), and other applicable federal and state laws. This Privacy Policy, which also serves as our HIPAA Notice of Privacy Practices (NPP), explains how we collect, use, disclose, and protect your information, including data submitted through forms on our website ([website URL]). By using our website or providing your information, you acknowledge that you have received and understand this policy.

1. Information We Collect

We collect the following types of information:

a. Protected Health Information (PHI)

When you complete forms on our website (e.g., contact forms, appointment requests, or patient intake forms), we may collect Protected Health Information (PHI), which includes any information that can identify you and relates to your health, healthcare, or payment for healthcare services, as defined by HIPAA. This may include:

  • Contact Information: Name, email address, phone number, and mailing address.

  • Health Information: Dental or medical history, symptoms, or treatment preferences provided in forms.

  • Billing Information: Insurance details or payment information, if applicable.

  • Other Information: Additional details you voluntarily provide, such as preferences or comments.

b. Personal Data (Non-PHI)

Under the Colorado Privacy Act (CPA), we may collect other personal data that is not PHI, such as:

  • Preferences: Communication or appointment preferences.

  • Contact Details: If provided separately from PHI.

c. Non-Personal Information

We collect non-identifiable data, such as:

  • Website Usage Data: IP address, browser type, device information, pages visited, and time spent on our website.

  • Cookies and Tracking Technologies: We use cookies to enhance your experience, analyze website performance, and deliver personalized content. You can manage cookie preferences through your browser settings or our cookie consent tool (see Section 8).

2. How We Use Your Information

We use your information, including PHI and personal data, for the following purposes:

  • Treatment: To schedule appointments, communicate about your dental care, or coordinate with other healthcare providers (with your authorization, if required).

  • Payment: To process insurance claims or payments for services, if applicable.

  • Healthcare Operations: To improve services, train staff, or conduct quality assessments (e.g., patient satisfaction surveys).

  • Communication: To respond to inquiries, send appointment reminders, or provide information about our services.

  • Marketing: To send promotional materials or newsletters, with your explicit consent as required by HIPAA and the CPA.

  • Legal Compliance: To comply with HIPAA, the CPA, Colorado state laws, or other legal obligations.

We will only use or disclose your PHI as permitted by HIPAA and will obtain your authorization for uses or disclosures not covered by this policy, unless permitted by law. For personal data under the CPA, we will process it in accordance with your consent or other lawful bases.

3. How We Disclose Your Information

We do not sell, rent, or share your PHI or personal data for commercial purposes, except as permitted by law. Disclosures may occur as follows:

a. HIPAA-Permitted Disclosures

Under HIPAA, we may disclose PHI without your authorization for:

  • Treatment: Sharing PHI with other healthcare providers (e.g., specialists or labs) involved in your care.

  • Payment: Submitting claims to your insurance provider or coordinating billing.

  • Healthcare Operations: Activities such as quality improvement, audits, or staff training.

b. Disclosures to Business Associates

We may share PHI with Business Associates (e.g., appointment scheduling software providers, billing services, or IT vendors) who perform services on our behalf. All Business Associates sign a Business Associate Agreement (BAA) to safeguard PHI in compliance with HIPAA.

c. Other Disclosures

We may disclose PHI or personal data:

  • With Your Authorization: For purposes not covered by this policy, such as sharing PHI with family members or for marketing, with your written consent.

  • As Required by Law: To comply with court orders, subpoenas, or public health reporting requirements (e.g., reporting communicable diseases under Colorado law).

  • For Public Safety: To prevent serious threats to your health or safety or that of others.

  • De-Identified Data: We may use or share de-identified data that cannot be linked to you, as permitted by HIPAA and the CPA.

d. Colorado Privacy Act (CPA) Considerations

Under the CPA, we do not engage in targeted advertising or profiling using your personal data without your consent. We also do not sell your personal data, as defined by the CPA.

4. Your Rights Regarding Your Information

You have the following rights under HIPAA and the Colorado Privacy Act (CPA):

a. HIPAA Rights (for PHI)

  • Access: Request to inspect or receive a copy of your PHI in our Designated Record Set (e.g., medical or billing records). We may charge a reasonable fee for copies, as permitted by Colorado law.

  • Amendment: Request corrections to inaccurate or incomplete PHI. We may deny the request in certain cases (e.g., if the information is accurate).

  • Accounting of Disclosures: Request a list of certain disclosures of your PHI made in the past six years (excluding disclosures for treatment, payment, or healthcare operations).

  • Restriction: Request restrictions on certain uses or disclosures of your PHI (e.g., to your insurance provider). We are not required to agree but will consider your request.

  • Confidential Communications: Request alternative methods or locations for communications (e.g., a different phone number).

  • Copy of this Notice: Receive a paper or electronic copy of this Privacy Policy/NPP.

b. CPA Rights (for Personal Data)

  • Access: Confirm whether we process your personal data and request a copy of it.

  • Correction: Request corrections to inaccurate personal data.

  • Deletion: Request deletion of your personal data, subject to legal retention requirements (e.g., HIPAA medical record retention).

  • Opt-Out: Opt out of the sale of personal data, targeted advertising, or profiling (note: we do not engage in these activities without consent).

  • Portability: Request your personal data in a portable, machine-readable format.

To exercise these rights, submit a written request to our Privacy Officer at [insert contact email/phone number]. We will respond to HIPAA requests within 30 days (or 60 days with an extension) and CPA requests within 45 days (or 90 days with an extension), as required by law. We may deny requests in accordance with HIPAA or CPA exemptions (e.g., for medical records required by law).

5. Data Security

We implement HIPAA-compliant and CPA-compliant safeguards to protect your PHI and personal data:

  • Physical Safeguards: Secure storage of physical records and restricted access to our facilities.

  • Technical Safeguards: Encryption of PHI during transmission (e.g., via SSL/TLS) and storage, access controls, and regular security audits.

  • Administrative Safeguards: Staff training on HIPAA and CPA compliance, written policies and procedures, and incident response plans.

In the event of a data breach, we will notify affected individuals and, if required, the U.S. Department of Health and Human Services (HHS) and/or the Colorado Attorney General, as mandated by HIPAA and the CPA.

6. Retention of Information

We retain PHI and personal data in accordance with HIPAA, Colorado law, and our internal policies:

  • Medical Records: Under Colorado law (C.R.S. § 25-1-802), we retain adult patient records for 7 years from the last date of treatment and pediatric records for 7 years after the patient reaches age 18. Certain records (e.g., for public health) may be retained longer.

  • Other Personal Data: Retained only as long as necessary for the purposes outlined in this policy or as required by the CPA.

When data is no longer needed, we securely destroy or de-identify it in compliance with HIPAA and CPA standards.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your website experience. In compliance with the CPA, we provide a cookie consent tool (accessible on our website) allowing you to opt out of non-essential cookies (e.g., for analytics or marketing). You can also manage cookies through your browser settings, though this may affect website functionality.

8. Third-Party Links

Our website may link to third-party websites (e.g., insurance portals or educational resources). We are not responsible for their privacy practices. Review their policies before sharing information.

9. Children’s Privacy

Our website is not intended for individuals under 13. We do not knowingly collect PHI or personal data from children without verifiable parental consent, as required by the Children’s Online Privacy Protection Act (COPPA), HIPAA, and the CPA. Contact us if you believe we have collected such data.

10. International Users

Our website and services are operated in Colorado, United States. If you are located outside the U.S., your data may be transferred to and processed in the U.S., where HIPAA, the CPA, and other U.S. laws apply. By using our website, you consent to this transfer.

11. Complaints

If you believe your privacy rights have been violated, you may:

  • File a complaint with our Privacy Officer at [insert contact email/phone number].

  • File a HIPAA complaint with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR):
    200 Independence Avenue, S.W., Washington, D.C. 20201
    Phone: (800) 368-1019
    Website: www.hhs.gov/ocr

  • File a CPA complaint with the Colorado Attorney General:
    Website: coag.gov/file-complaint

We will not retaliate against you for filing a complaint.

12. Changes to This Privacy Policy

We may update this Privacy Policy/NPP to reflect changes in our practices, HIPAA, the CPA, or other legal requirements. We will notify you of material changes by posting the updated policy on our website with a revised “Effective Date” and, if required by HIPAA, providing direct notice (e.g., via email or at your next visit). Review this policy periodically.

13. Contact Us

For questions, requests, or complaints about this Privacy Policy/NPP or our data practices, contact our Privacy Officer:

Rigby Dental, P.C.
2190 Academy Cir

Colorado Springs, CO 80909

719-596-3939
rigbydds@aol.com
rigbysmile.com