WEBSITE PRIVACY POLICY

Radiant Dental Center (“Practice,” “we,” “us,” or “our”), is a dental practice located in San Jose, California. We are committed to protecting the privacy and security of your personal information and your protected health information (“PHI”) in compliance with applicable federal and California state law.

This Privacy Policy describes how we collect, use, disclose, and safeguard information we obtain through this website (the 201cSite201d) and through the provision of dental services. It also describes your rights with respect to your information and how to exercise those rights.

This Policy is governed by, and intended to comply with:

• The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations (45 C.F.R. Parts 160 and 164)

• The Health Information Technology for Economic and Clinical Health Act (HITECH Act)

• The California Confidentiality of Medical Information Act (CMIA), Cal. Civ. Code §§ 56–56.37

• The California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), Cal. Civ. Code §§ 1798.100 et seq.

• The California Online Privacy Protection Act (CalOPPA)

• The Dental Practice Act (Cal. Bus. & Prof. Code §§ 1600 et seq.) and regulations of the Dental Board of California (Title 16, Cal. Code of Regs. §§ 1000 et seq.)

• The Federal Trade Commission Act (FTC Act), 15 U.S.C. § 45

When you interact with our Site or our Practice, we may collect:

• Contact information (name, address, telephone number, email address)

• Date of birth and demographic information

• Dental and medical history, treatment records, and clinical notes

• Dental insurance information and billing details

• Payment and financial information

• Appointment requests and communications submitted through our Site

• Emergency contact information

When you visit our Site, we may automatically collect:

• IP address and general geographic location

• Browser type, operating system, and device identifiers

• Pages visited, referring URLs, and navigation patterns

• Date and time of access

• Cookies and similar tracking technologies (see Section 7)

As a covered entity under HIPAA, we collect and use PHI — including dental records, treatment information, diagnoses, and related billing data — to provide dental care and conduct our business operations. Our use and disclosure of PHI is governed separately by our Notice of Privacy Practices (NPP), which is provided to you at the time of your first visit and available upon request.

We use information collected for the following purposes:

• To provide, coordinate, and manage dental care and treatment Treatment:

• To process insurance claims, collect co-payments, and manage billing Payment:

• For quality improvement, staff training, and practice administration 

Healthcare Operations:

• To schedule, confirm, and remind you of appointments Appointment Management:

• To respond to inquiries submitted through the Site Communications:

• To comply with applicable laws, regulations, and licensing requirements Legal Compliance:

• To analyze usage patterns and enhance the functionality of our Site Site Improvement:

• To protect the rights, property, or safety of patients, staff, or the public Safety:

We will not use your information for any purpose incompatible with the purposes described in this Policy or our NPP without your prior written authorization.

As a HIPAA-covered entity, we may disclose PHI without your written authorization for:

• Treatment by other healthcare providers involved in your care

• Payment activities, including insurance billing and collections

• Healthcare operations, including quality assurance and peer review

• Public health activities required by law

• Reporting to the California Dental Board or other licensing authorities as required

• Judicial and administrative proceedings pursuant to valid court order or subpoena

• Law enforcement purposes as permitted or required by law

• To avert serious threats to health or safety

We may share PHI with third-party "business associates" (e.g., billing companies, IT service providers, laboratory services) who assist us in operating our Practice. All business associates are required to execute a Business Associate Agreement (BAA) with us and are contractually obligated to safeguard your PHI in accordance with HIPAA.

We may share non-PHI website usage data with third-party service providers who assist in operating our Site (e.g., web hosting, analytics). These providers are contractually restricted from using such data for any purpose other than providing services to us.

We do not sell, rent, or lease your personal information or PHI to any third party. Consistent with the CCPA/CPRA, we do not "sell" or "share" personal information for cross-context behavioral advertising.

We will not otherwise disclose your information without your written authorization except as required or permitted by HIPAA, California law, or other applicable federal law.

California residents have the following rights under the CCPA/CPRA and other California law. To exercise any of these rights, see Section 10.

You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, our business purpose for collecting it, and the categories of third parties with whom we share it.

You have the right to request deletion of your personal information, subject to certain exceptions, including our legal obligation to retain records under HIPAA, California dental licensing regulations (which require retention of dental records for a minimum of seven (7) years from the date of service, and for minors, until the patient's 19th birthday or seven years, whichever is later, per Title 16 Cal. Code Regs. § 1007.1), and other applicable law.

You have the right to request correction of inaccurate personal information we maintain about you, subject to verification and any applicable retention requirements.

We do not sell or share personal information as defined by the CCPA/CPRA. Therefore, this right does not apply. However, if our practices change, we will update this Policy and provide an opt-out mechanism.

To the extent we collect "sensitive personal information" as defined by the CPRA (e.g., health information, precise geolocation), we use it only to provide our services and as otherwise permitted by law. We do not use sensitive personal information for purposes beyond those enumerated in Cal. Civ. Code § 1798.121(a).

We will not discriminate against you for exercising any of your privacy rights. We will not deny services, charge different prices, or provide a lower quality of service as a result of your exercising these rights.

In addition to your rights under California law, as a patient you have rights under HIPAA including the right to access, amend, and receive an accounting of disclosures of your PHI. A complete description of your HIPAA rights is set forth in our Notice of Privacy Practices, available at our office or upon request.

As a licensed dental practice regulated by the Dental Board of California, we adhere to the following obligations relevant to patient privacy:

• Patient records are maintained securely and treated as confidential pursuant to Cal. Bus. & Prof. Code § 1683 and Title 16, Cal. Code Regs. § 1007.1.

• Patient records are retained for a minimum of seven (7) years from the date of last entry, or in the case of a minor patient, until the patient's 19th birthday or seven (7) years from the date of last entry, whichever is later.

• Copies of dental records will be provided to patients upon written request within fifteen (15) days, as required by Cal. Health & Safety Code § 123111.

• We maintain physical, technical, and administrative safeguards for all patient records consistent with HIPAA Security Rule requirements (45 C.F.R. Part 164, Subpart C).

• In the event of a breach of unsecured PHI, we will notify affected individuals, the U.S. Department of Health and Human Services (HHS), and, where applicable, California residents, in accordance with HIPAA Breach Notification Rule (45 C.F.R. §§ 164.400–414) and the California data breach notification law (Cal. Civ. Code § 1798.29 and Cal. Health & Safety Code § 1280.15).

Our Site may use cookies, web beacons, and similar technologies to enhance your browsing experience and analyze Site usage. Types of cookies we may use include:

• Required for the Site to function (e.g., appointment scheduling forms). These cannot be disabled. Strictly Necessary Cookies:

• Help us understand how visitors use our Site (e.g., Google Analytics). We anonymize IP addresses where possible. Analytics Cookies:

• Remember your preferences for future visits. Functional Cookies:

You may control cookies through your browser settings. Disabling certain cookies may affect Site functionality. We do not use cookies to collect PHI. Our Site does not respond to "Do Not Track" signals at this time; however, you may opt out of analytics tracking by using the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout.

We implement and maintain reasonable and appropriate administrative, physical, and technical safeguards designed to protect your personal information and PHI from unauthorized access, use, disclosure, alteration, and destruction. These safeguards include:

• Encryption of electronic PHI in transit and at rest

• Access controls and user authentication for systems containing PHI

• Employee training on HIPAA Privacy and Security Rules

• Regular risk assessments as required by 45 C.F.R. § 164.308(a)(1)

• Secure disposal of paper and electronic records

No security system is impenetrable. While we strive to protect your information, we cannot guarantee that unauthorized parties will never defeat our security measures. In the event of a breach affecting your information, we will notify you as required by applicable law.

Our Site is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 through our Site without verifiable parental consent, consistent with the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501–6506. If you believe we have inadvertently collected information from a child under 13, please contact us immediately using the information in Section 10 so we may delete such information.

For minor patients receiving dental care, PHI is handled in accordance with HIPAA, the CMIA, and California minor consent laws, including Cal. Health & Safety Code § 123115 and Cal. Fam. Code § 6920 et seq.

To exercise any of your rights described in this Policy, to ask questions, or to submit a complaint regarding our privacy practices, please contact our Privacy Officer:

Radiant Dental Center (Vijaya S Kiran DDS Inc)

Attn: Privacy Officer / HIPAA Compliance

San Jose, California

Phone: 408.929.9977

Email: radiantdentalcenter@gmail.com

Mailing Address: 1721 Story Road, San Jose, CA 95122

We will respond to verifiable requests within the timeframes required by applicable law (generally 45 days under HIPAA and 45 days under CCPA/CPRA, with a possible 45-day extension where necessary).

If you believe your privacy rights have been violated, you also have the right to file a complaint with:

• U.S. Department of Health & Human Services, Office for Civil Rights: www.hhs.gov/ocr/privacy | 1-800-368-1019

• California Attorney General (CCPA complaints): oag.ca.gov/privacy | 1-916-445-9555

• Dental Board of California: www.dbc.ca.gov | 1-877-729-7789

Our Site may contain links to third-party websites (e.g., dental insurance portals, patient portals managed by third parties). We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party sites you visit.

We reserve the right to update or amend this Privacy Policy at any time. If we make material changes, we will post the revised Policy on this page with an updated effective date and, where required by law, provide additional notice. We encourage you to review this Policy periodically. Your continued use of our Site following any changes constitutes your acceptance of the revised Policy to the extent permitted by law.

This Privacy Policy is governed by and construed in accordance with the laws of the State of California and applicable federal law, without regard to conflict-of-law principles. Any disputes arising under this Policy shall be resolved in the appropriate state or federal courts located in Santa Clara County, California.

NOTICE TO PATIENTS

This Website Privacy Policy supplements but does not replace our HIPAA Notice of Privacy Practices (NPP). Patients are provided a copy of the NPP at their first appointment and may request an additional copy at any time from our front desk or by contacting us via e-mail at radiantdentalcenter@gmail.com