Privacy Policy
PRIVACY POLICY
STUDIO SMILES OF POWAY
Effective Date: January 1, 2025
Last Updated: December 10, 2025
PRACTICE INFORMATION
Studio Smiles of Poway
15525 Pomerado Rd, Suite D5
Poway, CA 92064
Phone: (858) 385-9188
Email: [email protected]
Website: https://studiosmilesofpoway.com
TABLE OF CONTENTS
HIPAA Notice of Privacy Practices
California Privacy Rights (CCPA/CPRA)
SMS/Text Messaging Privacy (A2P 10DLC Compliance)
Cookies and Tracking Technologies
Third-Party Links and Services
Changes to This Privacy Policy
1. INTRODUCTION
Studio Smiles of Poway (“we,” “us,” “our,” or “Studio Smiles”) is committed to protecting the privacy and security of your personal information and protected health information (PHI). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you:
Visit our website (https://studiosmilesofpoway.com)
Visit our dental practice in person
Communicate with us via phone, email, text message, or other means
Use our patient portal or other digital services
Receive dental care and related services from us
This Privacy Policy complies with:
Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule (45 CFR Parts 160 and 164)
California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA)
Telephone Consumer Protection Act (TCPA) and A2P 10DLC messaging requirements
California Business and Professions Code and dental practice regulations
Other applicable federal and state privacy laws
By accessing our website, receiving our services, or providing us with your information, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.
2. SCOPE OF THIS PRIVACY POLICY
2.1 What This Policy Covers
This Privacy Policy covers:
Personal information and PHI collected at our dental practice
Information collected through our website and digital platforms
Communications via email, phone, text message, and mail
Patient portal and online appointment scheduling systems
Payment processing and billing information
2.2 What This Policy Does NOT Cover
This Privacy Policy does not apply to:
Information collected by third-party websites or services linked from our site
Employment records of our staff members (covered by separate policies)
De-identified or aggregated data that cannot reasonably identify an individual
3. INFORMATION WE COLLECT
3.1 Protected Health Information (PHI)
Under HIPAA, we collect PHI necessary to provide dental care and related services, including:
Demographic Information:
Full name, date of birth, gender
Address, phone number(s), email address
Social Security Number (when required for billing/insurance)
Emergency contact information
Insurance information and policy numbers
Health Information:
Medical and dental history
Current medications and allergies
Treatment records, diagnoses, and procedures
X-rays, photographs, and diagnostic images
Lab results and test findings
Treatment plans and clinical notes
Prescription records
Billing and payment information
3.2 Non-PHI Personal Information
We also collect non-health-related personal information, including:
Website Usage Data:
IP address and device identifiers
Browser type and version
Operating system
Pages visited and time spent on pages
Referring website addresses
Search terms used to find our website
Cookie and tracking data (see Section 9)
Communication Information:
Email correspondence
Phone call logs and recordings (with notice)
Text message communications
Appointment reminders and confirmations
Marketing communications preferences
Transaction Information:
Payment card information (processed securely by third-party processors)
Billing addresses
Transaction history
Insurance claim information
3.3 Information Collected Automatically
When you visit our website, we automatically collect certain information through:
Cookies: Small text files stored on your device
Web beacons: Electronic images embedded in web pages or emails
Analytics tools: Google Analytics and similar services
Session replay tools: For user experience improvement (anonymized)
3.4 Information from Third Parties
We may receive information about you from:
Insurance companies: Coverage verification, claims processing
Referring dentists or specialists: Medical/dental history, treatment records
Dental laboratories: For custom prosthetics and appliances
Payment processors: Transaction verification
Public records: When required for legal compliance
4. HOW WE USE YOUR INFORMATION
4.1 Uses of Protected Health Information (PHI)
Under HIPAA, we use your PHI for:
Treatment:
Providing, coordinating, and managing your dental care
Consultations with other healthcare providers
Referrals to dental specialists
Emergency treatment
Payment:
Billing and collecting payment for services
Processing insurance claims
Determining coverage eligibility
Collections activities for unpaid balances
Healthcare Operations:
Quality assessment and improvement activities
Training dental students and staff
Credentialing and peer review
Business planning and management
Legal and compliance activities
Patient satisfaction surveys
Other Permitted Uses:
Appointment Reminders: Via phone, email, text message, or mail
Treatment Alternatives: Information about treatment options
Health-Related Benefits: Information about services we offer
Legal Requirements: When required by law, court order, or regulatory authority
Public Health Activities: Reporting diseases, injuries, vital events
Workers’ Compensation: When required for workers’ comp claims
4.2 Uses of Non-PHI Personal Information
We use non-health personal information for:
Website and Service Improvement:
Analyzing website traffic and user behavior
Improving website functionality and user experience
Developing new features and services
Troubleshooting technical issues
Communications:
Responding to your inquiries and requests
Providing customer service
Sending appointment confirmations and reminders
Sending administrative information about our practice
Marketing (with your consent):
Sending promotional emails about our services
Providing information about special offers
Sharing educational content about oral health
Sending practice newsletters
Business Operations:
Preventing fraud and abuse
Complying with legal obligations
Enforcing our terms and conditions
Protecting our rights and property
5. HOW WE SHARE YOUR INFORMATION
5.1 Disclosure of Protected Health Information
We may disclose your PHI without your authorization to:
Business Associates:
Billing companies and payment processors
Insurance claims processors
Dental laboratories
IT service providers and data storage companies
Legal and accounting professionals
All business associates are required to sign HIPAA-compliant Business Associate Agreements (BAAs) protecting your PHI.
Other Healthcare Providers:
Dentists and specialists to whom we refer you
Your primary care physician (with your consent)
Emergency responders when necessary
Insurance Companies:
For eligibility verification
Claims processing and payment
Utilization review and pre-authorization
Legal and Regulatory Requirements:
In response to court orders, subpoenas, or legal process
To government agencies for oversight and audits
For public health and safety purposes
To report abuse, neglect, or domestic violence (as required by law)
For law enforcement purposes when required
Family and Friends:
To family members or friends you have identified as involved in your care (with your permission)
In emergency situations when you are unable to provide consent
5.2 Disclosure of Non-PHI Personal Information
We may share non-health personal information with:
Service Providers:
Website hosting and maintenance providers
Email marketing platforms (e.g., Mailchimp, Constant Contact)
SMS/text messaging services (compliant with A2P 10DLC)
Analytics providers (e.g., Google Analytics)
CRM and practice management software providers
Advertising platforms (e.g., Google Ads, Facebook)
Legal Compliance:
To comply with applicable laws and regulations
To respond to legal requests and prevent fraud
To protect our rights and property
5.3 We Do NOT Sell Your Personal Information
Studio Smiles of Poway does not sell, rent, or trade your personal information or PHI to third parties for monetary or other valuable consideration. This includes:
No selling of patient lists to marketers
No sharing PHI for third-party marketing without your explicit authorization
No selling contact information to data brokers
6. HIPAA NOTICE OF PRIVACY PRACTICES
This section serves as our official HIPAA Notice of Privacy Practices as required by 45 CFR § 164.520.
6.1 Our Legal Duty
We are required by law to:
Maintain the privacy and security of your PHI
Provide you with this Notice of our legal duties and privacy practices
Follow the terms of the Notice currently in effect
Notify you if we are unable to agree to a requested restriction
Accommodate reasonable requests to communicate health information by alternative means or locations
6.2 Your Rights Regarding Your PHI
Right to Access:
You have the right to inspect and obtain a copy of your PHI in our medical and billing records. To request access:
Submit a written request to our Privacy Officer
We may charge a reasonable, cost-based fee for copies
We will respond within 30 days (with one 30-day extension if needed)
Right to Amend:
If you believe your PHI is incorrect or incomplete, you may request an amendment by:
Submitting a written request with the reason for the amendment
We may deny your request if the information is accurate and complete
Right to an Accounting of Disclosures:
You have the right to receive a list of certain disclosures we made of your PHI. This does not include disclosures for treatment, payment, or healthcare operations.
Right to Request Restrictions:
You have the right to request restrictions on how we use or disclose your PHI. We are not required to agree to your request except in the following case:
If you pay out-of-pocket in full for a service, you can request that we not disclose PHI related to that service to your health insurance plan for payment or healthcare operations.
Right to Request Confidential Communications:
You may request that we communicate with you about your PHI by alternative means or at alternative locations (e.g., send mail to a P.O. Box instead of home address).
Right to a Paper Copy of This Notice:
You have the right to a paper copy of this Notice at any time, even if you previously agreed to receive the Notice electronically.
Right to Be Notified of a Breach:
We will notify you if your unsecured PHI is breached in a manner required by law.
6.3 How to Exercise Your Rights
To exercise any of your rights under HIPAA, please contact:
Privacy Officer
Studio Smiles of Poway
15525 Pomerado Rd, Suite D5
Poway, CA 92064
Phone: (858) 385-9188
Email: [email protected]
6.4 Complaints
If you believe your privacy rights have been violated, you may file a complaint with:
Studio Smiles of Poway Privacy Officer:
Address: 15525 Pomerado Rd, Suite D5, Poway, CA 92064
Phone: (858) 385-9188
Email: [email protected]
U.S. Department of Health and Human Services:
Office for Civil Rights
Region IX
90 7th Street, Suite 4-100
San Francisco, CA 94103
Phone: (800) 368-1019
TTY: (800) 537-7697
Website: https://www.hhs.gov/ocr/privacy/hipaa/complaints/
You will not be retaliated against for filing a complaint.
6.5 Changes to This Notice
We reserve the right to change this Notice and make the new provisions effective for all PHI we maintain. If we make material changes, we will:
Post the revised Notice in our office
Make the revised Notice available on our website
Provide you with a copy upon request
7. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)
7.1 Application of CCPA/CPRA
This section applies to California residents and provides additional privacy rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).
Note: PHI covered by HIPAA is generally exempt from CCPA/CPRA. However, personal information not covered by HIPAA (e.g., website usage data, marketing preferences) is subject to CCPA/CPRA.
7.2 Categories of Personal Information Collected
In the past 12 months, we have collected the following categories of personal information from California residents:
Category Examples Collected Identifiers Name, address, email, phone, IP address YES Personal Information (Cal. Civ. Code § 1798.80) Name, address, telephone, insurance policy number YES Protected Classification Characteristics Age, gender, medical conditions YES (for treatment purposes) Commercial Information Purchase history, payment information YES Biometric Information Facial images, dental impressions YES (for treatment purposes) Internet/Network Activity Browsing history, website interactions YES Geolocation Data Physical location (approximate based on IP) YES Sensory Information Audio/video recordings of consultations YES (with notice) Professional/Employment Information Employer information (for insurance) YES Inferences Preferences, characteristics, behavior YES Sensitive Personal Information Health information, account login credentials YES
7.3 Purposes for Collection and Use
We collect and use personal information for the purposes described in Section 4 of this Privacy Policy, including:
Providing dental care services
Processing payments and insurance claims
Website operation and improvement
Marketing and communications (with consent)
Legal compliance
7.4 Sources of Personal Information
We collect personal information from:
Directly from you (forms, website, communications)
Automatically through cookies and analytics
Third parties (insurance companies, referring dentists, payment processors)
7.5 Sharing of Personal Information
We share personal information with the categories of third parties described in Section 5, including:
Service providers and business associates
Insurance companies and billing services
Dental laboratories and specialists
Government agencies (when required by law)
We do not “sell” or “share” personal information as defined by CCPA/CPRA for cross-context behavioral advertising.
7.6 Your California Privacy Rights
California residents have the following rights:
Right to Know:
What personal information we collect, use, disclose, and sell
Categories of sources from which we collect personal information
Business or commercial purposes for collecting personal information
Categories of third parties with whom we share personal information
Right to Access:
Request a copy of the specific pieces of personal information we collected about you in the past 12 months
Right to Delete:
Request deletion of your personal information (subject to legal exceptions)
Right to Correct:
Request correction of inaccurate personal information
Right to Opt-Out of Sale/Sharing:
While we do not sell personal information, you can opt-out of any sharing for targeted advertising
Right to Limit Use of Sensitive Personal Information:
Request that we limit the use of sensitive personal information to purposes necessary to perform services
Right to Non-Discrimination:
You will not receive discriminatory treatment for exercising your privacy rights
7.7 How to Exercise Your California Rights
To exercise your California privacy rights:
Online: Visit our website at https://studiosmilesofpoway.com/privacy-request
Phone: Call (858) 385-9188
Email: [email protected]
Mail: Studio Smiles of Poway, ATTN: Privacy Officer, 15525 Pomerado Rd, Suite D5, Poway, CA 92064
Verification Process:
To protect your privacy, we will verify your identity before processing requests by:
Matching information you provide with information in our records
Requesting additional documentation if needed
Authorized Agents:
You may designate an authorized agent to make requests on your behalf by:
Providing written authorization signed by you
Verifying your identity and the agent’s authority
Response Timeline:
We will respond to verifiable requests within 45 days (with one 45-day extension if needed)
We will notify you if we cannot complete your request and explain why
7.8 California “Shine the Light” Law
Under California Civil Code Section 1798.83, California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. As stated in this policy, we do not share personal information with third parties for their direct marketing purposes.
8. SMS/TEXT MESSAGING PRIVACY (A2P 10DLC COMPLIANCE)
8.1 Text Messaging Program
Studio Smiles of Poway offers text messaging services for appointment reminders, confirmations, health information, and other communications related to your dental care. By providing your mobile phone number and opting in to our text messaging program, you consent to receive text messages from us.
8.2 A2P 10DLC Compliance
Our text messaging program complies with Application-to-Person 10-Digit Long Code (A2P 10DLC) regulations and industry standards for business SMS messaging.
8.3 Types of Text Messages
You may receive the following types of text messages:
Appointment-Related (Transactional):
Appointment reminders
Appointment confirmations
Appointment cancellation notifications
Rescheduling requests
Pre-appointment instructions
Healthcare Information (Transactional):
Treatment plan information
Pre-operative and post-operative care instructions
Prescription reminders
Lab results notifications (non-detailed)
Emergency office closures
Administrative (Transactional):
Payment reminders
Insurance claim updates
Forms or documentation requests
Patient portal notifications
Marketing (with explicit opt-in):
Special offers and promotions
Educational content about oral health
Practice newsletters and updates
8.4 Consent and Opt-In
Initial Consent:
You provide express written consent by checking a box, signing a form, or replying “YES” to an opt-in request
Consent is specific to the types of messages you will receive
Consent is not a condition of receiving dental services from Studio Smiles
Confirming Consent:
We will send a confirmation message when you first opt-in
You can verify your subscription status at any time
8.5 Message Frequency and Charges
Frequency:
Appointment reminders: Varies based on scheduled appointments (typically 1-3 per appointment)
Healthcare information: As needed for your treatment
Marketing messages: Maximum 4 per month (if opted in)
Charges:
Message and data rates may apply from your mobile carrier
Studio Smiles does not charge for text messages
Check with your mobile carrier regarding your plan’s rates
Supported Carriers:
All major U.S. carriers are supported
Carrier is not liable for delayed or undelivered messages
8.6 Opt-Out and Unsubscribe
How to Opt-Out:
Reply STOP, UNSUBSCRIBE, CANCEL, END, or QUIT to any text message
Call us at (858) 385-9188 to opt-out
Email [email protected] with your request
Update preferences in your patient portal
Effect of Opting Out:
You will receive one final confirmation message
You will no longer receive marketing messages
You may still receive transactional messages necessary for your care unless you specifically request otherwise
You can opt back in at any time
8.7 Data Collection and Use for Text Messaging
Information Collected:
Mobile phone number
Opt-in/opt-out status and date
Message delivery status
Responses to text messages
How We Use This Information:
To send you requested text messages
To maintain opt-in/opt-out records
To improve our text messaging service
To comply with telecommunications regulations
8.8 SMS Data Sharing
No Sharing for Marketing:
We do not share your mobile phone number or SMS opt-in consent data with:
Third parties for their marketing purposes
Affiliates for marketing purposes
Data brokers or list services
Sharing with Service Providers:
We share your mobile phone number with our SMS service provider solely to deliver text messages on our behalf. Our SMS provider is contractually obligated to:
Use your information only for providing SMS services
Not share your information with other third parties
Comply with all applicable privacy and telecommunications laws
Maintain appropriate security measures
8.9 Help and Support
For Help:
Reply HELP to any text message
Call (858) 385-9188
Email [email protected]
Customer Care Hours:
Tuesday-Friday: 9 AM - 6 PM Pacific Time
Saturday: 9 AM - 2 PM Pacific Time
Sunday & Monday: Closed
9. COOKIES AND TRACKING TECHNOLOGIES
9.1 What Are Cookies
Cookies are small text files placed on your device when you visit our website. We use cookies and similar tracking technologies to improve your experience, analyze website usage, and deliver personalized content.
9.2 Types of Cookies We Use
Essential Cookies (Always Active):
Session management and authentication
Security and fraud prevention
Website functionality
GDPR/privacy banner preferences
Analytics Cookies:
Google Analytics (measures website traffic and user behavior)
Tracks pages visited, time on site, bounce rate
Helps us understand how visitors use our website
Marketing Cookies (with consent):
Google Ads conversion tracking
Facebook Pixel
Retargeting/remarketing cookies
Tracks ad performance and user interactions
Preference Cookies:
Language preferences
Accessibility settings
Form autofill data
9.3 Third-Party Cookies
Our website may include cookies from third parties:
Google Analytics: Tracks website usage
Google Ads: Conversion tracking and remarketing
Facebook: Social media integration and advertising
YouTube: Embedded videos
9.4 Your Cookie Choices
Browser Settings:
Most browsers allow you to block or delete cookies
Browser settings: Chrome, Firefox, Safari, Edge all have cookie controls
Note: Blocking cookies may affect website functionality
Opt-Out Tools:
Google Analytics Opt-Out: https://tools.google.com/dlpage/gaoptout
Network Advertising Initiative: http://www.networkadvertising.org/choices/
Digital Advertising Alliance: http://www.aboutads.info/choices/
Do Not Track:
Some browsers offer “Do Not Track” signals
Our website does not currently respond to Do Not Track signals
9.5 Cookie Duration
Session cookies: Deleted when you close your browser
Persistent cookies: Remain on your device for a set period (typically 30 days to 2 years)
10. DATA SECURITY
10.1 Our Security Commitment
We implement administrative, physical, and technical safeguards to protect your personal information and PHI from unauthorized access, use, disclosure, alteration, or destruction.
10.2 Technical Safeguards
Encryption:
All data transmitted to/from our website uses SSL/TLS encryption (HTTPS)
PHI stored electronically is encrypted at rest using AES-256 encryption
Email communications containing PHI are encrypted
Access Controls:
Role-based access controls (RBAC) limit employee access to PHI
Unique user IDs and strong password requirements
Multi-factor authentication (MFA) for system access
Automatic logout after inactivity
Network Security:
Firewall protection
Intrusion detection and prevention systems
Regular security patches and software updates
Virtual private network (VPN) for remote access
Audit Logs:
Electronic audit trails track all PHI access
Regular review of access logs
Monitoring for suspicious activity
10.3 Physical Safeguards
Secured office premises with alarm systems
Locked filing cabinets for paper records
Controlled access to areas containing PHI
Visitor sign-in procedures
Clean desk policy
Secure disposal of documents (shredding)
10.4 Administrative Safeguards
Policies and Procedures:
Written privacy and security policies
Incident response plan
Breach notification procedures
Business associate agreements with vendors
Employee Training:
Annual HIPAA privacy and security training
Role-specific training on PHI handling
Security awareness training
Confidentiality agreements
Risk Management:
Regular risk assessments
Vulnerability scanning
Penetration testing (annually)
Third-party security audits
10.5 Payment Security
We do not store complete credit card numbers on our systems
Payment processing handled by PCI-DSS compliant processors
Tokenization of payment data
10.6 Limitations
While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security of your information. In the event of a data breach, we will notify affected individuals as required by law.
11. DATA RETENTION
11.1 How Long We Keep Your Information
Protected Health Information:
We retain your dental records and PHI in accordance with:
California law: Minimum 7 years from date of last treatment
For minors: Until the patient turns 25 years old (minimum)
Federal requirements: As required by specific programs or regulations
Billing and Payment Records:
Retained for 7 years after final payment or insurance claim resolution
May be retained longer if required for legal proceedings
Website and Marketing Data:
Analytics data: 26 months (Google Analytics default)
Marketing email preferences: Until you opt-out
Cookie data: Per cookie duration (see Section 9)
Text Messaging Records:
Opt-in/opt-out records: Maintained for compliance purposes
Message logs: Retained per telecommunications regulations
11.2 Destruction of Records
When retention periods expire and we no longer have a legal basis to retain information:
Paper records: Securely shredded or incinerated
Electronic records: Securely deleted using data sanitization methods
Backup systems: Removed according to backup retention schedules
11.3 Exceptions
We may retain information beyond standard periods when:
Required by law or court order
Necessary for ongoing legal proceedings
Needed to establish, exercise, or defend legal claims
Required for regulatory compliance
12. YOUR PRIVACY RIGHTS
12.1 Rights Under HIPAA
(See Section 6.2 for detailed HIPAA rights)
12.2 Rights Under CCPA/CPRA
(See Section 7.6 for detailed California rights)
12.3 General Privacy Rights
Right to Access Your Information:
Request to review personal information we hold about you
Right to Correction:
Request correction of inaccurate information
Right to Deletion:
Request deletion of your information (subject to legal retention requirements)
Right to Opt-Out:
Opt-out of marketing emails
Opt-out of text messages
Opt-out of tracking cookies
Right to Restrict Processing:
Limit how we use certain information
Right to Object:
Object to certain uses of your information
Right to Data Portability:
Request a copy of your information in a portable format
Right to Withdraw Consent:
Withdraw previously given consent at any time
12.4 How to Exercise Your Rights
Contact our Privacy Officer:
Mail:
Studio Smiles of Poway
ATTN: Privacy Officer
15525 Pomerado Rd, Suite D5
Poway, CA 92064
Phone: (858) 385-9188
Email: [email protected]
Online: https://studiosmilesofpoway.com/privacy-request
Response Time:
HIPAA requests: 30 days (with 30-day extension if needed)
CCPA requests: 45 days (with 45-day extension if needed)
13. CHILDREN’S PRIVACY
13.1 Children Under 13
Our website is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13 through our website without parental consent.
13.2 Pediatric Dental Patients
We provide dental care to children as part of our family dentistry practice. When treating pediatric patients:
We obtain consent from parents or legal guardians
PHI is maintained in accordance with HIPAA and California law
Parents/guardians have the right to access their child’s dental records
At age 18, patients gain full control over their records
13.3 Parental Rights
Parents or legal guardians of patients under 18 have the right to:
Access their child’s dental records
Request amendments to records
Receive notice of privacy practices
Request restrictions on disclosures
File complaints regarding privacy concerns
14. THIRD-PARTY LINKS AND SERVICES
14.1 External Links
Our website may contain links to third-party websites (e.g., insurance companies, dental associations, health information resources). We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies.
14.2 Third-Party Service Providers
We use third-party service providers who may process your information on our behalf:
Practice Management Software: Eaglesoft, Dentrix, or similar
Payment Processing: Square, Stripe, or similar
Email Marketing: Mailchimp, Constant Contact, or similar
SMS Messaging: Twilio, EZ Texting, or similar
Website Hosting: AWS, GoDaddy, or similar
Analytics: Google Analytics
Appointment Scheduling: Zocdoc, SimplePractice, or similar
All service providers are contractually required to:
Maintain appropriate security measures
Use information only for specified purposes
Comply with applicable privacy laws
Sign Business Associate Agreements (for PHI)
14.3 Social Media
We maintain profiles on social media platforms (Facebook, Instagram, etc.). Information you post on our social media pages is subject to those platforms’ privacy policies.
Important: Do not post PHI or sensitive personal information on social media.
15. INTERNATIONAL DATA TRANSFERS
15.1 U.S.-Based Operations
Studio Smiles of Poway is located in the United States and primarily serves patients in California. Your information is stored and processed in the United States.
15.2 International Visitors
If you access our website from outside the United States, please be aware that:
Your information may be transferred to and processed in the United States
U.S. privacy laws may differ from those in your country
By using our website, you consent to the transfer of your information to the U.S.
16. CHANGES TO THIS PRIVACY POLICY
16.1 Right to Modify
We reserve the right to modify this Privacy Policy at any time. Changes will be effective upon posting to our website.
16.2 Notice of Material Changes
If we make material changes to this Privacy Policy, we will:
Post the updated policy on our website with a new “Last Updated” date
Post a notice on our homepage for 30 days
Send email notification to patients who provided email addresses (if required by law)
Provide a copy at your next visit to our office
16.3 Continued Use
Your continued use of our website or services after changes are posted constitutes acceptance of the updated Privacy Policy.
16.4 Version History
Version 1.0 - January 1, 2025 - Initial publication
17. CONTACT INFORMATION
17.1 Privacy Officer
For questions about this Privacy Policy, to exercise your privacy rights, or to file a complaint:
Studio Smiles of Poway - Privacy Officer
15525 Pomerado Rd, Suite D5
Poway, CA 92064
Phone: (858) 385-9188
Email: [email protected]
Website: https://studiosmilesofpoway.com
Office Hours:
Tuesday - Friday: 9:00 AM - 6:00 PM
Saturday: 9:00 AM - 2:00 PM
Sunday & Monday: Closed
17.2 Regulatory Authorities
You may also contact:
For HIPAA Complaints:
U.S. Department of Health and Human Services
Office for Civil Rights, Region IX
90 7th Street, Suite 4-100
San Francisco, CA 94103
Phone: (800) 368-1019
Website: https://www.hhs.gov/ocr/privacy/hipaa/complaints/
For California Privacy Complaints:
California Privacy Protection Agency
2101 Arena Boulevard
Sacramento, CA 95834
Phone: (916) 445-1254
Website: https://cppa.ca.gov
For FTC Complaints:
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580
Phone: (877) 382-4357
Website: https://www.ftc.gov
For TCPA/SMS Complaints:
Federal Communications Commission
Consumer & Governmental Affairs Bureau
445 12th Street SW
Washington, DC 20554
Phone: (888) 225-5322
Website: https://www.fcc.gov/consumers
ACKNOWLEDGMENT
By using our services, visiting our website, or providing us with your personal information, you acknowledge that:
You have read and understood this Privacy Policy
You consent to the collection, use, and disclosure of your information as described herein
You understand your rights under HIPAA, CCPA/CPRA, and other applicable laws
You may withdraw consent or opt-out of certain uses at any time by contacting us
For patients receiving treatment: You will be asked to sign an acknowledgment that you received our HIPAA Notice of Privacy Practices at your first visit or when material changes are made.
© 2025 Studio Smiles of Poway. All Rights Reserved.
Last Updated: January 1, 2025
Effective Date: January 1, 2025
Version: 1.0
APPENDIX A: DEFINITIONS
Business Associate: A person or entity that performs functions or activities on behalf of Studio Smiles that involve the use or disclosure of PHI.
Covered Entity: A health plan, healthcare clearinghouse, or healthcare provider (like Studio Smiles) that transmits health information electronically.
De-Identified Information: Health information that does not identify an individual and for which there is no reasonable basis to believe it can be used to identify an individual.
Disclosure: The release, transfer, provision of access to, or divulging in any manner of information outside the entity holding the information.
Electronic Protected Health Information (ePHI): PHI that is created, stored, transmitted, or received in electronic form.
Marketing: A communication about a product or service that encourages recipients to purchase or use the product or service (with certain exceptions).
Personal Information: Information that identifies, relates to, describes, or could reasonably be linked with a particular California resident or household.
Protected Health Information (PHI): Individually identifiable health information transmitted or maintained in any form or medium by a covered entity or business associate, excluding certain education and employment records.
Sensitive Personal Information: Personal information that reveals social security number, driver’s license number, precise geolocation, racial or ethnic origin, religious beliefs, health information, sex life, or sexual orientation.
Treatment: The provision, coordination, or management of healthcare and related services, including consultations between healthcare providers and referrals.
Use: The sharing, employment, application, utilization, examination, or analysis of information within Studio Smiles.
This Privacy Policy is compliant with:
✅ HIPAA Privacy Rule (45 CFR Parts 160 and 164)
✅ HIPAA Security Rule (45 CFR Part 164, Subpart C)
✅ California Consumer Privacy Act (CCPA) as amended by CPRA
✅ A2P 10DLC SMS messaging requirements
✅ Telephone Consumer Protection Act (TCPA)
✅ CAN-SPAM Act
✅ California Business and Professions Code
✅ California Confidentiality of Medical Information Act (CMIA)
✅ FTC Act and regulations
For questions or concerns, please contact our Privacy Officer at (858) 385-9188 or [email protected]
BrightBridge Dental
15525 Pomerado Rd, Suite D5
Poway, CA 92064
Phone: (858) 385-9188
Email: [email protected]
Office Hours
Tuesday: 9 AM – 6 PM
Wednesday: 9 AM – 6 PM
Thursday: 9 AM – 6 PM
Friday: 9 AM – 6 PM
Saturday: 9 AM – 2 PM
Sunday & Monday: Closed
© 2025 Studio Smiles of Poway. All Rights Reserved.