NOTICE OF PRIVACY PRACTICES

Effective Date: February 16, 2026

THIS NOTICE DESCRIBES HOW MEDICAL AND DENTAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

1. OUR LEGAL DUTY

Random Lake Dentistry  is required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended, including the 2026 updates to the Privacy Rule, Security Rule, and Breach Notification Rule, to:

Maintain the privacy of your Protected Health Information (PHI)

Provide you with this Notice of Privacy Practices

Abide by the terms of this Notice

Notify you in the event of a breach of unsecured PHI

Comply with applicable federal and Wisconsin state privacy laws

We reserve the right to change this Notice and make the revised Notice effective for all PHI we maintain.

2. ELECTRONIC RECORD ENVIRONMENT

This Practice operates as a fully electronic health record (EHR) system.

We do not maintain paper patient charts or physical records

We do not use voice recording systems

We do not store patient health information on our public website

We do not operate a patient portal

All PHI is maintained in secure, encrypted electronic systems.

3. HOW WE MAY USE AND DISCLOSE YOUR INFORMATION

We may use and disclose your PHI without written authorization for the following purposes:

A. Treatment

Providing dental care and services

Referring you to another dentist or specialist

Consulting with other healthcare providers involved in your care

B. Payment

Submitting claims to dental or medical insurance carriers

Verifying benefits

Collecting payment for services rendered

C. Healthcare Operations

Quality assessment and improvement activities

Licensing and credentialing

Training and internal administrative operations

Compliance and risk management activities

All disclosures follow the HIPAA “minimum necessary” standard.

4. ELECTRONIC COMMUNICATIONS
Text Messaging

We use text messaging for appointment reminders and, when appropriate, two-way communication. Text messages may contain limited PHI.

By providing your mobile number, you consent to receiving text communications from our office.

Email Communication

We use secure, encrypted email when transmitting PHI.

Standard email may be used only with patient acknowledgment of risk.

Patients may opt out of electronic communications at any time.

5. AI AND CLOUD-BASED SERVICES

Our Practice utilizes HIPAA-compliant artificial intelligence and cloud-based services, including:

Overjet AI

We use Overjet for radiographic analysis and secure cloud imaging support.

Overjet operates under HIPAA-compliant standards.

Business Associate Agreements (BAAs) are in place where required.

AI systems are used solely to enhance diagnostic review, quality assurance, and clinical accuracy.

Patient data is not used for public datasets or non-healthcare marketing purposes.

6. SECURITY SAFEGUARDS (2026 SECURITY RULE ALIGNMENT)

In accordance with updated federal cybersecurity expectations, we implement:

Multi-Factor Authentication (MFA)

Encryption of PHI at rest and in transit

Role-based access controls

System audit logging

Firewall and malware protection

Ongoing cybersecurity audits and vulnerability assessments

Secure cloud backup systems

Incident response and breach notification protocols

7. 42 CFR PART 2 (SUBSTANCE USE DISORDER RECORDS)

Federal law provides additional protections for certain substance use disorder (SUD) treatment records under 42 C.F.R. Part 2.

Our Practice does not operate as a substance use disorder treatment facility. However, if we receive SUD-related records from another provider, those records:

Will be protected in accordance with Part 2 requirements

Will not be redisclosed without proper authorization unless permitted by law

Where applicable, Part 2 protections may be more stringent than HIPAA.

8. OTHER PERMITTED DISCLOSURES

We may disclose PHI without authorization when required by law, including:

Public health reporting

Health oversight activities

Court orders or subpoenas

Law enforcement requests

Workers’ compensation

Serious threat to health or safety

9. USES REQUIRING YOUR AUTHORIZATION

We will obtain written authorization before:

Using PHI for marketing unrelated to treatment

Selling PHI

Disclosing psychotherapy notes (if applicable)

Any other use not described in this Notice

You may revoke authorization in writing at any time.

10. BREACH NOTIFICATION

If unsecured PHI is breached:

We will notify affected individuals without unreasonable delay

Notification will occur no later than 60 days after discovery, or sooner if required by law

Notifications will comply with federal and Wisconsin requirements

11. YOUR RIGHTS

You have the right to:

Inspect and obtain a copy of your electronic records

Request an amendment to your records

Request restrictions on certain disclosures

Request confidential communications

Receive an accounting of disclosures

Receive a paper copy of this Notice

File a complaint without retaliation

12. COMPLAINTS

If you believe your privacy rights have been violated, you may file a complaint with:

 Random Lake Dentistry

You may also file a complaint with:

U.S. Department of Health and Human Services
Office for Civil Rights

You will not be retaliated against for filing a complaint.