Terms and Conditions of Use (TOU) and Privacy Policy


Barnstable Dental Associates provides the Terms and Conditions of Use (TOU) for our website below. Questions concerning these TOU may be submitted to contactus@barnstabledental.com.

Barnstable Dental Associates’s Privacy Policy is below. Questions concerning this policy may be submitted to contactus@barnstabledental.com.

Privacy Policy

BARNSTABLE DENTAL ASSOCIATES ’S

HIPAA NOTICE OF PRIVACY PRACTICES


Updated: 9/24/2025


THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED

AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE

REVIEW IT CAREFULLY.


Purpose


We respect your privacy. We are also legally required to maintain the privacy of your protected

health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA).


As part of our commitment and legal compliance, we are providing you with this Notice of Privacy

Practices (Notice). This Notice describes:

  • Our legal duties and privacy practices regarding your PHI, including our duty to notify you following a data breach of your unsecured PHI.
  • Our permitted uses and disclosures of your PHI.
  • Your rights regarding your PHI. 

PHI Defined

Your PHI:

  •  Is health information about you:

o which someone may use to identify you; and

o which we keep or transmit in electronic, oral, or written form.

  • Includes information such as your:

o name;

o contact information;

o past, present, or future physical or mental health or medical conditions;

o payment for health care products or services; or

o prescriptions.


Scope


We create a record of the care and health services you receive, to provide your care, and to comply

with certain legal requirements. This Notice applies to all the PHI that we generate.

We and our employees and other workforce members follow the duties and privacy practices that

this Notice describes and any changes once they take effect.



Changes to this Notice


We can change the terms of this Notice, and the changes will apply to all information we have

about you. The new notice will be available on request, in our office, and on our website.


Data Breach Notification


We will promptly notify you if a data breach occurs that may have compromised the privacy or

security of your PHI. We will notify you within the legally required time frame. Most of the time,

we will notify you in writing, by first-class mail, or we may email you if you have provided us

with your current email address and you have previously agreed to receive notices electronically.


Your Rights

As a patient, you have the rights regarding medical information that we maintain about you:


1. Right to Inspect and Copy: You have the right to inspect and obtain a copy of

your paper or electronic protected health information. If you request a copy of the information, we

may charge a fee for the costs of copying, mailing, or other supplies associated with your request.

We may deny your request to inspect and copy in certain very limited circumstances. If you are

denied access to medical information, you may request that the denial be reviewed. If the Plans do

not maintain the health information, but know where it is maintained, you will be informed of

where to direct your request.


2. Right to Amend Your Records: If you feel that health information we have about

you is incorrect or incomplete, you may ask us to amend the information. You have the right to

request an amendment for as long as the information is kept by or for your benefit plan.


You also must provide a reason that supports your request.


We may deny your request for an amendment if it is not in writing or does not include a reason to

support the request. In addition, we may deny your request if you ask us to amend any of the

following information:

  • Information that is not part of the health information kept by or for your benefit plan.
  • Information that was not created by us, unless the person or entity that created the information is no longer available to make the amendment.
  • Information that is not part of the information which you would be permitted to inspect and copy.
  • Information that is accurate and complete.

3. Right to Request Confidential Communications: You have the right to request

that we communicate with you about health related matters in a certain way or at a certain location.

For example, you can ask that we only contact you at work, by phone, or by mail. We will not ask

you the reason for your request. We will accommodate all reasonable requests. Your request must

specify how or where you wish to be contacted.


4. Right to Request Restrictions on Use or Disclosure: You have the right to request

a restriction or limitation on the health information we use or disclose about you for treatment,

payment, or health care operations. You also have the right to request a limit on the health

information we disclose about you to someone who is involved in your care or the payment for

your care, such as a family member or friend. For example, you could ask that we not use or

disclose information about a procedure that you had.


We are not required to agree to your request. If your benefit plan does agree to a request, a

restriction may later be terminated by your written request, by agreement between you and your

benefit plan, or unilaterally by your benefit plan for health information created or received after

your benefit plan has notified you that they have removed the restrictions and for emergency

treatment.


To request restrictions, you must make your request in writing and must tell us the following

information:

  • What information you want to limit.
  • Whether you want to limit our use, disclosure, or both.
  • To whom you want the limits to apply (for example, disclosures to your spouse).

We will comply with any restriction request if: (1) except as otherwise required by law, the

disclosure is to your benefit plan for purposes of carrying out payment or health care operations

(and is not for purposes of carrying out treatment); and (2) the protected health information pertains

solely to a health care item or service for which the health care provider involved has been paid

out-of-pocket in full.


5. Right to an Accounting of Disclosures: You have the right to request an

“accounting of disclosures” (that is, a list of certain disclosures the Plans have made of your health

information). Generally, you may receive an accounting of disclosures if the disclosure is required

by law, made in connection with public health activities, or in situations similar to those listed

herein as permitted disclosures. You do not have a right to an accounting of disclosures where

such disclosure was made:


  • For treatment, payment, or health care operations.
  • To you about your own health information.
  • Incidental to other permitted disclosures.
  • Where authorization was provided.
  • To family or friends involved in your care (where disclosure is permitted without authorization).
  • For national security or intelligence purposes or to correctional institutions or law enforcement officials in certain circumstances.
  • As part of a limited data set where the information disclosed excludes identifying information.

To request this list or accounting of disclosures, you must submit your request, which shall state a

time period that is not longer than six years ago. Your request should indicate in what form you

want the list (for example, paper or electronic). The first list you request within a 12-month period will be free. For additional lists, we may charge you for the costs of providing the list. We will

notify you of the cost involved and you may choose to withdraw or modify your request at that

time before any costs are incurred.


Notwithstanding the foregoing, you may request an accounting of disclosures of any “electronic

health record” (that is, an electronic record of health-related information about you that is created,

gathered, managed, and consulted by authorized health care providers and staff). To do so,

however, you must submit your request and state a time period, which may be no longer than three

years prior to the date on which the accounting is requested. In the case of any electronic health

record created on your behalf, this paragraph shall apply to disclosures made on or after the date

we acquired the electronic health record.


6. Choose someone to act for you: If you have given someone medical power of

attorney or if someone is your legal guardian, that person can exercise your rights and make

choices about your PHI.


7. Request confidential communications. You have the right to request that we

communicate with you about health matters in a certain way or at a certain location. For example,

  • you can ask that we only contact you at work or at a specific address. For these requests: you must specify how or where you wish to be contacted; and
  • we will accommodate reasonable requests.

8. Right to Receive a Copy of this Notice: You have the right to request a copy of

this notice in print or electronic form at any time.

For a detailed explanation of your rights, visit the HHS Consumer Rights Page.


Your Choices


For certain health information, you can tell us your choices about what we share. If you have a

clear preference for how we share your information in the situations described below, please

contact us at Frontdesk.barnstabledental@gmail.com and we will make reasonable efforts to

follow your instructions.


In these cases, you have both the right and choice to tell us whether to:


  • Share information, such as your PHI, general condition, or location, with your family, close friends, or others involved in your care.
  • Share information in a disaster relief situation, such as to a relief organization to assist with locating or notifying your family, close friends, or others involved in your care.

If you are not able to tell us your preference, for example if you are unconscious, we may share

your information if we believe it is in your best interest, according to our best judgment. We may

also share your information when needed to lessen a serious and imminent threat to health or

safety.


How We Collect Information


At BARNSTABLE DENTAL ASSOCIATES , we may collect:


  • Personal Information: Name, contact details, and insurance information.
  • Health Information: Medical and dental history, diagnoses, treatment plans, and billing details.
  • Technology-Based Information: IP addresses, cookies, and online analytics when you interact with our website.

We gather this information through forms, direct interactions, third-party providers (such as

insurance companies), and electronic communications.


No mobile information will be shared with third parties/affiliates for marketing/promotional

purposes. All the above categories exclude text messaging originator opt-in data and consent; this

information will not be shared with any third parties.


How We May Use and Disclose Health Information About You


HIPAA generally permits the use and disclosure of your health information without your

permission for purposes of health care treatment, payment activities, and health care operations.

These uses and disclosures are more fully described below. This Notice does not list every use or

disclosure; instead it gives examples of the most common uses and disclosures.


1. Treatment: When and as appropriate, we may use or disclose health information

about you to facilitate treatment or services by health care providers, as well as to provide and

manage your dental care. We may disclose health information about you to healthcare providers.


2. Payment: When and as appropriate, we may use and disclose health information

about you to determine your eligibility for plans’ benefits, to facilitate payment for the treatment

and services you receive from health care providers, to determine benefit responsibility and

coverage under benefit plans, or to coordinate your coverage. For example, we may disclose

information about your health history to determine whether a particular treatment is experimental,

investigational, or medically necessary, or to decide if your benefit plan will cover the treatment.

Additionally, we may share health information with another entity to assist with the adjudication

or subrogation of health claims, or with another health plan to coordinate benefit payments.


3. Healthcare Operations: We may use or disclose, as needed, your protected health

information in order to support the business activities of our organization. These activities include,

but are not limited to, quality assessment activities, employee review activities, accreditation

activities, and conducting or arranging for other business activities. For example, we may disclose

your protected health information to accrediting agencies as part of an accreditation survey. We

may also call you by name while you are at our facility. We may use or disclose your protected

health information, as necessary, for improving services, scheduling appointments, and quality

assurance.


4. Electronic Communications & Recording: We may monitor, intercept, or record

electronic communications—such as phone calls, emails, chats, and other digital transmissions— for purposes including, but not limited to, quality assurance, compliance, training, and patient

support. Where required by federal or state law, prior notice and consent will be obtained from all

parties before such recordings are made. We comply with both one-party and all-party consent

laws depending on the applicable jurisdiction. These practices apply to all locations operated or

supported by us and extend to communications with any of our affiliated or partner practices.


5. Our Business Associates: We may use and disclose your PHI to outside persons

or entities that perform services on our behalf, such as auditing, legal, or transcription (Business

Associates). The law requires our business associates and their subcontractors to protect your PHI

in the same way we do. We also contractually require these parties to use and disclose your PHI

only as permitted and to appropriately safeguard your PHI.


6. Legal Requirements: We may use or disclose your protected health information

in the following situations without your authorization: as required by law, public health issues as

required by law, communicable diseases, health oversight, abuse or neglect, Food and Drug

Administration requirements, legal proceedings, law enforcement, criminal activity, inmates,

military activity, national security, and Workers’ Compensation. Required Uses and Disclosures:

Under the law, we must make disclosures to you and when required by the Secretary of the

Department of Health and Human Services to investigate or determine our compliance with the

requirements of Section 164.500.


We will always try to ensure that the health information used or disclosed is limited to a

“Designated Record Set” and to the “Minimum Necessary” standard, including a “limited data

set,” as defined in HIPAA and ARRA for these purposes. We may also contact you to provide

information about treatment options or alternatives or other health-related benefits and services

that may be of interest to you. We will never sell or share your information for marketing purposes

without your explicit written consent.


The privacy laws of a particular state or other federal laws might impose a more stringent privacy

standard. If these more stringent laws apply and are not superseded by federal preemption rules

under the Employee Retirement Income Security Act of 1974 (ERISA), the benefit plans will

comply with the more stringent law.


Our Use of Artificial Intelligence (AI)


To enhance care and improve services, Artificial Intelligence (AI) technologies may be

incorporated into certain aspects of healthcare operations. We may use and disclose your health

information in connection with various AI solutions. By AI solutions, we mean computer systems

that have the ability to automatically learn and improve based on training and/or experience,

without being explicitly programmed, and which we might use to make predictions,

recommendations or decisions about your treatment or our payment and health care operation

purposes. AI solutions may also create new, original content, such as images or text; produce

content autonomously that closely resembles human-created output; or produce natural language

texts. Our current use of AI solutions is limited but may increase in the future. For any use of an

AI solution to treat you, we will inform you in advance of such use, give you the option for us not

to use the AI solution to treat you, and obtain your consent prior to the use of the AI solution to

treat you.


1. Transparency: The organization is committed to transparency regarding its use of

AI. This means the organization will strive to inform and educate patients about the use of AI

documentation tools, including provisions for privacy and security, and any associated risks.


2. Purpose of AI Use: AI may be used in various ways, such as:

  • Assisting in summarizing patient encounters or creating treatment summaries.
  • Aiding in diagnosis or suggesting treatment options.
  • Analyzing patient data for trends and insights to improve the quality and efficiency of care.
  • Translating practice provided content and use with practice responses to patients.
  • Answering patient inquiries and scheduling appointments.
  • Patient Communication and Call Analysis: record and analyze calls; identify lead sources, potential new patients, patient sentiment; automate call summaries, appointment follow-ups; report call conversation data.
  • Treatment Planning and Diagnostics: scan radiographs to identify decay, bone loss, or other pathologies to assist with detection and treatment options.
  • Revenue Cycle Management: detect coding errors in claims to improve reimbursement accuracy and reduce claim denials.
  • Patient Experience and Net Promoter Score (NPS) Tracking: collect and analyze post-visit surveys and online reviews to monitor patient satisfaction for possible follow-up.
  • Scheduling and Predictive Workflows: forecast demand, no-show risk, and optimize provider time for improving appointment utilization and reducing gaps in scheduling.

3. Data Used by AI: AI systems may process various types of information, which

may include PHI. The organization is committed to protecting the privacy of this data and

complying with all applicable regulations.


4. Your Rights / Patient Control:

  • You will be offered a choice and the right to opt out of the use of AI in your care. For instance, you may choose traditional documentation methods over AIgenerated transcription services. A human professional retains ultimate decisionmaking authority in all aspects of care.
  • Right to access relevant data from the use of AI in your care by contacting us at the email address: Frontdesk.barnstabledental@gmail.com
  • We will not retaliate against you for choosing to opt-out of the use of AI in your care.

5. Data Minimization and Security: Data minimization principles will be applied,

collecting and using only the necessary data for AI systems. Robust security measures will also be

implemented to protect PHI when used with AI technologies, such as encryption, access controls,

and regular security audits.


6. Addressing Bias: The potential for bias in AI algorithms is acknowledged, and the

organization is committed to addressing this issue. Diverse and representative datasets will be used

for training AI models, and potential biases that could lead to disparities in care will be monitored. 


7. Human Oversight: AI systems are used as tools to support healthcare

professionals, not replace them. Clinical judgment and human oversight remain essential in all

aspects of care, including when AI tools are utilized.


8. Ongoing Monitoring and Improvement: The performance of AI systems will be

continuously monitored, addressing potential risks, and seeking opportunities to improve their

effectiveness and ensure the equitable use of AI in care.


Our Commitment to Privacy


BARNSTABLE DENTAL ASSOCIATES takes patient privacy seriously and implements the

following safeguards:

  • Use of secure, encrypted electronic health record (EHR) systems.
  • Employee training on HIPAA compliance and patient confidentiality.
  • Regular review of privacy practices and security protocols to prevent unauthorized access.

Cookies and Online Technology


When you visit our website, we may use cookies and similar technology to improve your

experience and understand website usage. This information is used solely to enhance site

functionality and is never sold or shared with unauthorized parties.


Questions or Concerns? Contact Us


If you have any questions, concerns, or complaints regarding your privacy or this Notice, you may

contact us at:


BARNSTABLE DENTAL ASSOCIATES

(508)790-7801

15 Cedar Street

Hyannis, MA 02601

Frontdesk.barnstabledental@gmail.com


We are here to address your concerns promptly. Filing a privacy complaint will not affect the

quality of care you receive at BARNSTABLE DENTAL ASSOCIATES .


Complaint: You can file a complaint if you feel we have violated your rights, with the office at

the address below, or you with the Department of Health and Human Services Office for Civil

Rights by sending a letter to 200 Independence Ave, SW, Room 509F HHH Bldg., Washington,

D.C. 20201, calling 1-877-696-6775, or by visiting: www.hhs.gov/ocr/privacy/hipaa/

complaints/. We will not retaliate against you for filing a complaint.