Privacy Policy

CN Dental Design – Digital Dental Design Services
Effective Date: 15/04/2017
Last Updated: 25/05/2025

Introduction

CN Dental Design is committed to protecting the privacy and security of personal health information in accordance with applicable federal and state laws, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the HITECH Act, and applicable state privacy regulations. This Privacy Policy describes how we collect, use, disclose, and protect information when providing digital dental design services to dental professionals and laboratories in the United States.

As a business associate providing services to HIPAA-covered entities, we understand the critical importance of maintaining the confidentiality, integrity, and availability of protected health information (PHI) entrusted to us.

Information We Collect

Protected Health Information (PHI)

When providing digital dental design services, we may receive and process PHI that includes:

  • Digital dental impressions and STL files containing patient-specific oral anatomy
  • Treatment information related to dental procedures (crowns, bridges, dentures, full arch implants, abutments, aligners, coping, night guards)
  • Case identifiers and treatment specifications provided by dental professionals
  • Digital radiographic images when provided for treatment planning
  • Patient demographics when necessary for case completion

Non-PHI Information

We also collect non-personal information including:

  • Website usage data through cookies and analytics tools
  • Contact information for communication with dental professionals (email addresses, practice names)
  • Technical information about file uploads and case management
  • Business information related to service delivery and quality assurance

How We Use Information

Primary Use – Treatment Support

PHI is used exclusively for:

  • Digital design services including CAD/CAM design of dental prosthetics and appliances
  • Treatment planning support for dental professionals
  • Quality assurance and accuracy verification of designed products
  • Communication with dental professionals regarding specific cases

Administrative Uses

Non-PHI information is used for:

  • Service delivery and customer support
  • Website functionality and user experience improvement
  • Business operations including billing and case management
  • Compliance monitoring and security assessments

Information Sharing and Disclosure

Authorized Disclosures

We only disclose PHI as:

  • Required by our Business Associate Agreements with covered dental entities
  • Directed by the originating dental professional for case completion
  • Necessary for treatment purposes when authorized by the dental practice
  • Required by law including court orders, regulatory investigations, or public health reporting

Prohibited Disclosures

We will NEVER:

  • Sell or market PHI to third parties
  • Use PHI for purposes other than authorized treatment support
  • Disclose PHI without proper authorization
  • Share patient information for marketing or commercial purposes

International Data Transfers

Our design services involve international data processing. We implement appropriate safeguards including:

  • Encryption of all PHI during transmission and storage
  • Contractual protections ensuring HIPAA-level security standards
  • Access controls limiting data access to authorized personnel only
  • Regular security assessments of all data processing locations

Data Security Measures

Technical Safeguards

  • Encryption of PHI in transit and at rest using industry-standard protocols
  • Secure file transfer systems for STL file exchange
  • Access controls with unique user authentication
  • Automatic logoff from systems containing PHI
  • Audit logs tracking all PHI access and modifications

Physical Safeguards

  • Secure facilities with controlled access to workstations
  • Workstation security preventing unauthorized PHI access
  • Device controls for equipment containing PHI
  • Secure disposal of PHI-containing media

Administrative Safeguards

  • Privacy Officer responsible for developing and implementing privacy policies
  • Workforce training on HIPAA requirements and data security
  • Business Associate Agreements with all service providers
  • Incident response procedures for potential security breaches
  • Regular risk assessments and security updates

Data Retention and Disposal

Retention Period

  • Active case files retained for duration of service delivery
  • Completed cases retained for minimum periods required by applicable regulations
  • Business records maintained per legal and contractual requirements

Secure Disposal

  • Electronic data securely overwritten using DoD-approved methods
  • Physical media destroyed through certified destruction services
  • Audit trails maintained for all disposal activities

Individual Rights

Patient Rights (through your dental provider)

Patients have the right to:

  • Access their health information through their dental provider
  • Request amendments to inaccurate health information
  • Request restrictions on certain uses and disclosures
  • Receive accounting of certain disclosures
  • File complaints regarding privacy practices

Dental Professional Rights

Our business partners have the right to:

  • Audit our privacy and security practices
  • Receive breach notifications within required timeframes
  • Request information about our data handling procedures
  • Terminate agreements for non-compliance with privacy requirements

Breach Notification

In the event of a breach involving unsecured PHI:

  • Immediate assessment of the scope and risk of the breach
  • Notification to affected dental practices within 24 hours of discovery
  • Assistance with patient notifications as required by law
  • Cooperation with investigations by regulatory authorities
  • Implementation of corrective measures to prevent future incidents

Website Privacy

Cookies and Analytics

Our website uses:

  • Essential cookies for basic website functionality
  • Analytics tools to understand website usage patterns
  • No tracking of personal health information through website visits

Contact Forms

Information submitted through contact forms:

  • Used only for responding to inquiries
  • Not shared with third parties
  • Secured using encryption protocols

Third-Party Services

Business Associates

We carefully select and monitor third-party service providers who:

  • Sign Business Associate Agreements ensuring HIPAA compliance
  • Implement equivalent security measures for PHI protection
  • Submit to regular security assessments and audits
  • Agree to liability provisions for data protection failures

Cloud Services

When utilizing cloud services for data processing:

  • HIPAA-compliant platforms with appropriate certifications
  • Encryption of all stored and transmitted data
  • Geographic restrictions on data storage locations
  • Regular security assessments of cloud providers

Compliance Monitoring

Regular Assessments

  • Annual risk assessments of privacy and security practices
  • Quarterly reviews of policies and procedures
  • Ongoing monitoring of system access and usage
  • Employee training updates as regulations evolve

External Audits

  • Third-party security assessments of technical safeguards
  • Compliance audits by qualified HIPAA experts
  • Penetration testing of network security measures
  • Certification maintenance for information security standards

Changes to This Policy

We may update this Privacy Policy to reflect:

  • Changes in applicable laws and regulations
  • Updates to our services or business practices
  • Enhanced security measures and protection protocols
  • Feedback from business partners and regulatory guidance

Notice of Changes: Significant changes will be communicated to business partners at least 30 days prior to implementation.

Contact Information

Privacy Officer

For questions about this Privacy Policy or our privacy practices:

Email: contact@cndentaldesign.com
Subject Line: Privacy Policy Inquiry

Filing Complaints

If you believe your privacy rights have been violated:

  1. Contact us directly using the information above
  2. File with the U.S. Department of Health and Human Services
    Office for Civil Rights
    Website: www.hhs.gov/ocr/privacy/hipaa/complaints

No Retaliation: We will not retaliate against individuals who file complaints or exercise their privacy rights.

Legal Compliance

This Privacy Policy is designed to comply with:

  • HIPAA Privacy Rule (45 CFR Parts 160 and 164)
  • HIPAA Security Rule (45 CFR Part 164, Subpart C)
  • HITECH Act breach notification requirements
  • State privacy laws that may provide additional protections
  • International data transfer regulations

Governing Law: This policy is governed by applicable federal and state laws of the United States.

Acknowledgment

By engaging our digital dental design services, dental professionals acknowledge:

  • Understanding of our privacy practices
  • Agreement to Business Associate terms
  • Commitment to obtain proper patient authorizations when required
  • Responsibility for notifying us of any privacy restrictions or patient objections

This Privacy Policy demonstrates our commitment to protecting the privacy and security of health information while supporting high-quality dental care. We continuously evaluate and enhance our privacy practices to maintain the trust placed in us by the dental professionals we serve.

Document Version: 1.0
Next Review Date: [Date + 1 year]