privacy_policy

ddsWebLink®: Privacy Policy

(Effective May 15, 2007)

The Privacy Policy below governs your ddsWebLink® account and any information you provide on this site.  ddsWebLink® takes your privacy very seriously.  Please read the following to learn more about our Privacy Policy.  If you are a dental patient, please click here.

A. CONSENT

By accepting the Privacy Policy and User Agreement in registration, you expressly consent to our use and disclosure of your personal information in the manner described in this Privacy Policy. This Privacy Policy is incorporated into and subject to the terms of the ddsWebLink® User Agreement. This Privacy Policy will take effect on May 15, 2007.

B. WARRANTS AND REPRESENTATIONS

Only Authorized Users may use this web site.  “Authorized Users” are defined as dentists and/or dental laboratories, or authorized employees, contractors, representatives, or agents thereof.  If you are using this site and you are an Authorized User, you expressly warrant and represent that you are using ddsWebLink® for authorized purposes only, and subject to all terms and conditions contained in this Privacy Policy and the ddsWebLink® User Agreement.

C. INFORMATION AUTOMATICALLY STORED AND COLLECTED

When you browse through any Web site, certain personal information about you can be collected.  We automatically collect and temporarily store the following information about your visit:

  • The name of the domain you use to access the Internet (i.e., aol.com or cox.net);
  • The date and time of your visit; and
  • The pages you visited.

We use this information for statistical purposes and to help us make our site more useful to visitors.  Unless it is specifically stated otherwise, no additional information will be collected about you.

D. PERSONALLY PROVIDED INFORMATION

You do not have to give us personally provided information to visit ddsWebLink®, except as set forth in the ddsWebLink® User Agreement.  If you choose to provide us with additional information about yourself through an email message, form, survey, etc., we will only maintain the information as long as needed to respond to your question or to fulfill the stated purpose of the communication.  Third party contractors may have access to this information in order to provide an initial response to your question or comment.  These contractors are held to strict policies to safeguard the information and provide the same level of protection as guaranteed by ddsWebLink®.  On occasion, we may conduct a study concerning the types of questions sent to us.  These studies help us to improve our Web site in order to make our service more responsive to your needs.  We do not give, share, sell, or transfer any personal information to a third party unless required by law or statute.

E. DISCLOSURE

ddsWebLink® does not disclose, give, sell, or transfer any personal information about our visitors, unless required for law enforcement or statute.

F. COOKIES

"Cookies" are small files of data that reside on your computer and allow us to recognize you as a ddsWebLink® customer if you return to the ddsWebLink® site using the same computer and browser. We send a "session cookie" to your computer if and when you log in to your ddsWebLink® account by entering your e-mail address and password. These cookies allow us to recognize you if you visit multiple pages in our site during the same session, so that you don't need to re-enter your password multiple times. Once you log out or close your browser, these session cookies expire and no longer have any effect.

We may also use longer-lasting cookies to display your e-mail address on our sign-in form, so that you don't have to retype the e-mail address each time when you log in to your ddsWebLink® account. Our cookie files are encoded so that your e-mail address and other information can only be interpreted by ddsWebLink®.

G. NOTIFICATION OF CHANGES

This policy may be revised over time as new features are added to the ddsWebLink®  service. If we are going to use or disclose your personally identifiable information in a manner materially different from that stated at the time we collected the information, you will have a choice as to whether or not we use or disclose your information in this new manner. Any material changes will be effective only after we provide you with at least 30 days' notice (by e-mail or system message) of the amended Privacy Policy (if you have closed your ddsWebLink® account, you will not be contacted to notify you of the amended Policy and your personal information will not be used or disclosed in this new manner).

We will post the amended Privacy Policy prominently on our Web site so that you can always review what information we gather, how we might use that information, and whether we will disclose it to anyone. Please check the ddsWebLink® Web site at ddsWebLink®.com at any time for the most current version of our Privacy Policy.

The ddsWebLink® web site may include links to third party web sites. These sites are governed by their own privacy statements, and ddsWebLink® is not responsible for their operations, including but not limited to their information practices. Users submitting information to or through these third party Web sites should review the privacy statement of these sites before providing them with personally identifiable information.

INFORMATION FOR PATIENTS ONLY

If you have concerns about the use of your medical information, please visit the Privacy Rights Clearinghouse at privacyrights.org for more information regarding your rights, and the rights and duties of those seeking access to your medical information.

A. HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 to safeguard the privacy of patient health records.  Following is a summary of HIPAA rules and regulations, as set forth more fully on the United States Department of Health and Human Services (HHS) website on privacy:

PATIENT PROTECTIONS

The new privacy regulations ensure a national floor of privacy protections for patients by limiting the ways that health plans, pharmacies, hospitals and other covered entities can use patients' personal medical information. The regulations protect medical records and other individually identifiable health information, whether it is on paper, in computers or communicated orally. Key provisions of these new standards include:

  • Access To Medical Records. Patients generally should be able to see and obtain copies of their medical records and request corrections if they identify errors and mistakes. Health plans, doctors, hospitals, clinics, nursing homes and other covered entities generally should provide access these records within 30 days and may charge patients for the cost of copying and sending the records.

  • Notice of Privacy Practices. Covered health plans, doctors and other health care providers must provide a notice to their patients how they may use personal medical information and their rights under the new privacy regulation. Doctors, hospitals and other direct-care providers generally will provide the notice on the patient's first visit following the April 14, 2003, compliance date and upon request. Patients generally will be asked to sign, initial or otherwise acknowledge that they received this notice. Health plans generally must mail the notice to their enrollees by April 14 and again if the notice changes significantly. Patients also may ask covered entities to restrict the use or disclosure of their information beyond the practices included in the notice, but the covered entities would not have to agree to the changes.

  • Limits on Use of Personal Medical Information. The privacy rule sets limits on how health plans and covered providers may use individually identifiable health information. To promote the best quality care for patients, the rule does not restrict the ability of doctors, nurses and other providers to share information needed to treat their patients. In other situations, though, personal health information generally may not be used for purposes not related to health care, and covered entities may use or share only the minimum amount of protected information needed for a particular purpose. In addition, patients would have to sign a specific authorization before a covered entity could release their medical information to a life insurer, a bank, a marketing firm or another outside business for purposes not related to their health care.

  • Prohibition on Marketing. The final privacy rule sets new restrictions and limits on the use of patient information for marketing purposes. Pharmacies, health plans and other covered entities must first obtain an individual's specific authorization before disclosing their patient information for marketing. At the same time, the rule permits doctors and other covered entities to communicate freely with patients about treatment options and other health-related information, including disease-management programs.

  • Stronger State Laws. The new federal privacy standards do not affect state laws that provide additional privacy protections for patients. The confidentiality protections are cumulative; the privacy rule will set a national "floor" of privacy standards that protect all Americans, and any state law providing additional protections would continue to apply. When a state law requires a certain disclosure -- such as reporting an infectious disease outbreak to the public health authorities -- the federal privacy regulations would not preempt the state law.

  • Confidential Communications. Under the privacy rule, patients can request that their doctors, health plans and other covered entities take reasonable steps to ensure that their communications with the patient are confidential. For example, a patient could ask a doctor to call his or her office rather than home, and the doctor's office should comply with that request if it can be reasonably accommodated.

  • Complaints. Consumers may file a formal complaint regarding the privacy practices of a covered health plan or provider. Such complaints can be made directly to the covered provider or health plan or to HHS' Office for Civil Rights (OCR), which is charged with investigating complaints and enforcing the privacy regulation. Information about filing complaints should be included in each covered entity's notice of privacy practices. Consumers can find out more information about filing a complaint at http://www.hhs.gov/ocr/hipaa or by calling (866) 627-7748.

HEALTH PLANS AND PROVIDERS

The privacy rule requires health plans, pharmacies, doctors and other covered entities to establish policies and procedures to protect the confidentiality of protected health information about their patients. These requirements are flexible and scalable to allow different covered entities to implement them as appropriate for their businesses or practices. Covered entities must provide all the protections for patients cited above, such as providing a notice of their privacy practices and limiting the use and disclosure of information as required under the rule. In addition, covered entities must take some additional steps to protect patient privacy:

  • Written Privacy Procedures. The rule requires covered entities to have written privacy procedures, including a description of staff that has access to protected information, how it will be used and when it may be disclosed. Covered entities generally must take steps to ensure that any business associates who have access to protected information agree to the same limitations on the use and disclosure of that information.

  • Employee Training and Privacy Officer. Covered entities must train their employees in their privacy procedures and must designate an individual to be responsible for ensuring the procedures are followed. If covered entities learn an employee failed to follow these procedures, they must take appropriate disciplinary action.

  • Public Responsibilities. In limited circumstances, the final rule permits -- but does not require --covered entities to continue certain existing disclosures of health information for specific public responsibilities. These permitted disclosures include: emergency circumstances; identification of the body of a deceased person, or the cause of death; public health needs; research that involves limited data or has been independently approved by an Institutional Review Board or privacy board; oversight of the health care system; judicial and administrative proceedings; limited law enforcement activities; and activities related to national defense and security. The privacy rule generally establishes new safeguards and limits on these disclosures. Where no other law requires disclosures in these situations, covered entities may continue to use their professional judgment to decide whether to make such disclosures based on their own policies and ethical principles.

  • Equivalent Requirements For Government. The provisions of the final rule generally apply equally to private sector and public sector covered entities. For example, private hospitals and government-run hospitals covered by the rule have to comply with the full range of requirements.

OUTREACH AND ENFORCEMENT

HHS' Office for Civil Rights (OCR) oversees and enforces the new federal privacy regulations. Led by OCR, HHS has issued extensive guidance and technical assistance materials to make it as easy as possible for covered entities to comply with the new requirements. Key elements of OCR's outreach and enforcement efforts include:

  • Guidance and technical assistance materials. HHS has issued extensive guidance and technical materials to explain the privacy rule, including an extensive, searchable collection of frequently asked questions that address major aspects of the rule. HHS will continue to expand and update these materials to further assist covered entities in complying. These materials are available at the HHS website.

  • Conferences and seminars. HHS has participated in hundreds of conferences, trade association meetings and conference calls to explain and clarify the provisions of the privacy regulation. These included a series of regional conferences sponsored by HHS, as well as many held by professional associations and trade groups. HHS will continue these outreach efforts to encourage compliance with the privacy requirements.

  • Information line. To help covered entities find out information about the privacy regulation and other administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996, OCR and HHS' Centers for Medicare & Medicaid Services have established a toll-free information line. The number is (866) 627-7748.

  • Complaint investigations. Enforcement will be primarily complaint-driven. OCR will investigate complaints and work to make sure that consumers receive the privacy rights and protections required under the new regulations. When appropriate, OCR can impose civil monetary penalties for violations of the privacy rule provisions. Potential criminal violations of the law would be referred to the U.S. Department of Justice for further investigation and appropriate action.

  • Civil and Criminal Penalties. Congress provided civil and criminal penalties for covered entities that misuse personal health information. For civil violations of the standards, OCR may impose monetary penalties up to $100 per violation, up to $25,000 per year, for each requirement or prohibition violated. Criminal penalties apply for certain actions such as knowingly obtaining protected health information in violation of the law. Criminal penalties can range up to $50,000 and one year in prison for certain offenses; up to $100,000 and up to five years in prison if the offenses are committed under "false pretenses"; and up to $250,000 and up to 10 years in prison if the offenses are committed with the intent to sell, transfer or use protected health information for commercial advantage, personal gain or malicious harm.

      • © 2007 DDS Ventures, Inc., dba ddsWebLink®