SANDY SPRINGS SMILES

1. What is Protected Health Information (PHI)?

Protected Health Information (PHI) includes any individually identifiable health information related to:

A patient’s past, present, or future physical or mental health condition
Healthcare services provided to the patient
Payment information for healthcare services
Examples of PHI include names, addresses, dates of birth, phone numbers, Social Security numbers, medical records, insurance details, and any other information that could identify a patient.

2. How We Protect Your PHI
At Sandy Springs Smiles, we use a combination of physical, technical, and administrative safeguards to ensure the privacy and security of your PHI:

Physical Safeguards: Patient records are stored in secure, restricted areas, and only authorized personnel have access to them.
Technical Safeguards: Electronic PHI is protected with secure passwords, encryption, firewalls, and monitoring systems to prevent unauthorized access.
Administrative Safeguards: Our team members are trained on HIPAA policies and procedures, and access to PHI is limited to those who need it to perform their job duties.
3. How We Use and Disclose PHI
We use and disclose PHI only as permitted under HIPAA regulations. Common uses include:

Treatment: Sharing information necessary to coordinate your care, such as referrals to specialists, labs, or other providers.
Payment: Using and sharing PHI to bill insurance providers or process payments for services rendered.
Healthcare Operations: Using PHI to improve our services, conduct training, or perform administrative functions.
Other uses or disclosures of your PHI will require your written authorization. You may revoke this authorization at any time.

Special Circumstances
In certain situations, we may use or disclose PHI without your prior authorization, such as:

When required by law (e.g., reporting abuse or responding to legal orders)
For public health activities, such as preventing the spread of diseases
For health oversight activities, such as audits or inspections
4. Your Rights Regarding PHI
As a patient of Sandy Springs Smiles, you have the following rights regarding your PHI:

Access Your Records: You have the right to view and request copies of your health records.
Request Amendments: You may request corrections to your health records if you believe they are incorrect or incomplete.
Receive an Accounting of Disclosures: You can request a list of disclosures we have made of your PHI, excluding those related to treatment, payment, or healthcare operations.
Request Restrictions: You may request that we limit how your PHI is used or disclosed. While we will consider your request, we are not required to agree to it.
Confidential Communications: You may request that we contact you in a specific way (e.g., sending correspondence to a different address or only communicating via phone).
File a Complaint: If you believe your rights have been violated, you can file a complaint with us or the U.S. Department of Health and Human Services (HHS). Complaints can be filed without fear of retaliation.
5. Employee Training and Awareness
All employees, contractors, and Business Associates of Sandy Springs Smiles are trained on our HIPAA policies and procedures. This ensures:

Proper handling and protection of PHI.
Immediate reporting of potential privacy breaches.
Adherence to all applicable laws and regulations.
Failure to comply with HIPAA policies may result in disciplinary action, up to and including termination of employment or contracts.

6. Breach Notification Policy
In the event of a breach of unsecured PHI, Sandy Springs Smiles will:

Notify affected individuals without delay, as required by HIPAA.
Investigate the breach and take corrective actions to address the issue and prevent future occurrences.
Notify the U.S. Department of Health and Human Services (HHS) and, if necessary, the media, depending on the scale of the breach.
7. Third-Party Business Associates
We may work with third-party vendors or contractors, known as Business Associates, who assist us in providing services such as billing, data storage, or software support. These Business Associates:

Must sign a Business Associate Agreement (BAA) to ensure they handle PHI in compliance with HIPAA.
Are prohibited from using or disclosing PHI for any purpose other than as required to perform their services.
8. Record Retention
Sandy Springs Smiles retains patient records as required by federal and state laws. Records are kept only for as long as necessary to provide care, meet legal requirements, or support healthcare operations.

9. Updates to This HIPAA Compliance Policy
This HIPAA Compliance Policy is effective as of January 1, 2025. We may update or revise this policy as needed to reflect changes in the law or our practices. The updated policy will be posted on our website.

10. Contact Us
If you have questions about this HIPAA Compliance Policy or need to exercise your rights regarding your PHI, please contact us:

Address: 5252 Roswell Rd Suite 105, Atlanta, GA 30342, United States
Phone: 404-252-5252
Email: [email protected]