Notice of Privacy Practices

Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW DENTAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Our Responsibilities

By law, David Ashley Oral & Maxillofacial Surgery must:

• Maintain the privacy of your protected health information (PHI).

• Provide you this Notice describing our legal duties and privacy practices.

• Notify you if a breach occurs that may have compromised the privacy or security of your PHI.

• Follow the terms of this Notice currently in effect.

How We May Use and Disclose Your Information

We may use or disclose your PHI for the following purposes without your written authorization:

• Treatment: To provide, coordinate, or manage your dental care. Example: sharing radiographs and

information with a dental specialist about your treatment.

• Payment: To obtain payment for services. Example: sending information to your dental insurance

company.

• Healthcare Operations: For business activities that support our practice. Example: quality assessments,

audits, staff training.

Other Permitted Uses & Disclosures

We may also use or disclose PHI without your authorization in these situations:

• Required by Law: To comply with federal, state, or local laws.

• Public Health: For disease control, product recalls, adverse events.

• Health Oversight: To government health agencies for oversight activities.

• Judicial & Administrative Proceedings: In response to valid subpoenas or court orders.

• Law Enforcement: For reporting certain injuries, locating suspects, or complying with law.

• Coroners, Medical Examiners, and Funeral Directors: As needed for duties.

• Organ and Tissue Donation: If you are an organ donor.

• Research: When approved by an institutional review board or privacy board.

• Serious Threats: To prevent or lessen a serious threat to health or safety.

• Specialized Government Functions: For military, national security, or correctional purposes.

• Workers’ Compensation: To comply with workers’ compensation laws.

• Fundraising Communications: We do not currently use your information for fundraising purposes. If we

ever do, you have the right to opt out of receiving such communications.

• Business Associates: We may disclose your information to business associates who perform services on

our behalf (e.g., billing services, IT support). They are required to protect your information.

• Legal and Regulatory Requirements: We may disclose your information when required by law, including

for public health activities, audits, investigations, or law enforcement purposes as permitted by HIPAA.

Uses & Disclosures Requiring Your Authorization

We must obtain your written authorization before using or disclosing your PHI for:

• Marketing communications not permitted by law.

• Sale of your PHI.

• If you give authorization, you may revoke it at any time in writing.

• Substance Use Disorder (SUD) Information: If we maintain records related to substance use disorder

treatment that are subject to 42 CFR Part 2, those records receive special federal protections. Such

information will not be used or disclosed without your specific authorization, except as permitted or

required by law.

Your Rights Regarding Your PHI

You have the right to:

  • Get a copy of your health records

  • Request corrections to your health records

  • Request confidential communications

  • Ask us to limit what we use or share

  • Get a list of disclosures

  • Get a copy of this Notice

  • Choose someone to act for you

  • File a complaint if you believe your privacy rights have been violated

We will not retaliate against you for filing a complaint.

Your Choices

For certain information, you can tell us your choices about what we share, including:

  • Sharing information with family or friends involved in your care

  • Leaving messages with appointment information

If you have a clear preference, we will follow your instructions unless required otherwise by law.

Breach Notification

If a breach occurs that compromises the privacy or security of your PHI, David Ashley Oral & Maxillofacial

Surgery will notify you without unreasonable delay and no later than 60 days after discovery of the breach.

Contact Information

If you have questions, requests, or complaints about this Notice or your privacy rights, contact:

David Ashley Oral & Maxillofacial Surgery, HIPAA Privacy Officer: Molly Spinks, Address: 511 Brookwood

Blvd, Birmingham, Alabama 35209, Phone: 205-870-1009.

If you are not satisfied with the manner in which this office handles a complaint, you may submit a formal

complaint to: U.S. Department of Health and Human Services Office for Civil Rights, 200 Independence

Avenue, S.W., Washington, D.C. 20201, Voice Phone (toll-free): 1(800) 368-1019 |TDD (toll-free): 1(800) 537-

7697 Email: OCRMail@hhs.gov. You will not be penalized in any way for filing a complaint.

Changes to This Notice

We reserve the right to change our privacy practices and this Notice. Updates will apply to all PHI we

maintain. Revised notices will be posted in our office and on our website, if applicable, and available upon

request.

Effective Date: 01/26/2026