GPS Dental's HIPAA Notice of Privacy Practices
Updated: August 18, 2025
GPS Dental is committed to protecting your privacy and ensuring the security of your personal and health information.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATON ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Purpose
We respect your privacy. We are also legally required to maintain the privacy of your protected health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA).
As part of our commitment and legal compliance, we are providing you with this Notice of Privacy Practices (Notice). This Notice describes:
- Our legal duties and privacy practices regarding your PHI, including our duty to notify you following a data breach of your unsecured PHI.
- Our permitted uses and disclosures of your PHI.
- Your rights regarding your PHI.
PHI Defined
Your PHI:
- Is health information about you:
- which someone may use to identify you; and
- which we keep or transmit in electronic, oral, or written form.
- Includes information such as your:
- name;
- contact information;
- past, present, or future physical or mental health or medical conditions;
- payment for health care products or services; or
- prescriptions.
Scope
We create a record of the care and health services you receive, to provide your care, and to comply with certain legal requirements. This Notice applies to all the PHI that we generate.
We and our employees and other workforce members follow the duties and privacy practices that this Notice describes and any changes once they take effect.
Changes to this Notice
We can change the terms of this Notice, and the changes will apply to all information we have about you. The new notice will be available on request, in our office, and on our website.
Data Breach Notification
We will promptly notify you if a data breach occurs that may have compromised the privacy or security of your PHI. We will notify you within the legally required time frame. Most of the time, we will notify you in writing, by first-class mail, or we may email you if you have provided us with your current email address and you have previously agreed to receive notices electronically.
Your Rights
As a patient, you have the rights regarding medical information that we maintain about you:
- Right to Inspect and Copy: You have the right to inspect and obtain a copy of your paper or electronic protected health information. If you request a copy of the information, we may charge a fee for the costs of copying, mailing, or other supplies associated with your request.
We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to medical information, you may request that the denial be reviewed. If the Plans do not maintain the health information, but know where it is maintained, you will be informed of where to direct your request.
- Right to Amend Your Records: If you feel that health information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for your benefit plan.
You also must provide a reason that supports your request.
We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend any of the following information:
- Information that is not part of the health information kept by or for your benefit plan.
- Information that was not created by us, unless the person or entity that created the information is no longer available to make the amendment.
- Information that is not part of the information which you would be permitted to inspect and copy.
- Information that is accurate and complete.
- Right to Request Confidential Communications: You have the right to request that we communicate with you about health related matters in a certain way or at a certain location. For example, you can ask that we only contact you at work, by phone, or by mail. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
- Right to Request Restrictions on Use or Disclosure: You have the right to request a restriction or limitation on the health information we use or disclose about you for treatment, payment, or health care operations. You also have the right to request a limit on the health information we disclose about you to someone who is involved in your care or the payment for your care, such as a family member or friend. For example, you could ask that we not use or disclose information about a procedure that you had.
We are not required to agree to your request. If your benefit plan does agree to a request, a restriction may later be terminated by your written request, by agreement between you and your benefit plan, or unilaterally by your benefit plan for health information created or received after your benefit plan has notified you that they have removed the restrictions and for emergency treatment.
To request restrictions, you must make your request in writing and must tell us the following information:
- What information you want to limit.
- Whether you want to limit our use, disclosure, or both.
- To whom you want the limits to apply (for example, disclosures to your spouse).
We will comply with any restriction request if: (1) except as otherwise required by law, the disclosure is to your benefit plan for purposes of carrying out payment or health care operations (and is not for purposes of carrying out treatment); and (2) the protected health information pertains solely to a health care item or service for which the health care provider involved has been paid out-of-pocket in full.
- Right to an Accounting of Disclosures: You have the right to request an “accounting of disclosures” (that is, a list of certain disclosures the Plans have made of your health information). Generally, you may receive an accounting of disclosures if the disclosure is required by law, made in connection with public health activities, or in situations similar to those listed herein as permitted disclosures. You do not have a right to an accounting of disclosures where such disclosure was made:
- For treatment, payment, or health care operations.
- To you about your own health information.
- Incidental to other permitted disclosures.
- Where authorization was provided.
- To family or friends involved in your care (where disclosure is permitted without authorization).
- For national security or intelligence purposes or to correctional institutions or law enforcement officials in certain circumstances.
- As part of a limited data set where the information disclosed excludes identifying information.
To request this list or accounting of disclosures, you must submit your request, which shall state a time period that is not longer than six years ago. Your request should indicate in what form you want the list (for example, paper or electronic). The first list you request within a 12-month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
Notwithstanding the foregoing, you may request an accounting of disclosures of any “electronic health record” (that is, an electronic record of health-related information about you that is created, gathered, managed, and consulted by authorized health care providers and staff). To do so, however, you must submit your request and state a time period, which may be no longer than three years prior to the date on which the accounting is requested. In the case of any electronic health record created on your behalf, this paragraph shall apply to disclosures made on or after the date we acquired the electronic health record.
- Choose someone to act for you: If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your PHI.
- Request confidential communications. You have the right to request that we communicate with you about health matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or at a specific address. For these requests:
- you must specify how or where you wish to be contacted; and
- we will accommodate reasonable requests.
- Right to Receive a Copy of this Notice: You have the right to request a copy of this notice in print or electronic form at any time.
For a detailed explanation of your rights, visit the HHS Consumer Rights Page.
Your Choices
For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, please contact us at <contact@gps.dental> and we will make reasonable efforts to follow your instructions.
In these cases, you have both the right and choice to tell us whether to:
- Share information, such as your PHI, general condition, or location, with your family, close friends, or others involved in your care.
- Share information in a disaster relief situation, such as to a relief organization to assist with locating or notifying your family, close friends, or others involved in your care.
If you are not able to tell us your preference, for example if you are unconscious, we may share your information if we believe it is in your best interest, according to our best judgment. We may also share your information when needed to lessen a serious and imminent threat to health or safety.
How We Collect Information
At GPS Dental, we may collect:
- Personal Information: Name, contact details, and insurance information.
- Health Information: Medical and dental history, diagnoses, treatment plans, and billing details.
- Technology-Based Information: IP addresses, cookies, and online analytics when you interact with our website.
We gather this information through forms, direct interactions, third-party providers (such as insurance companies), and electronic communications.
No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
How We May Use and Disclose Health Information About You
HIPAA generally permits the use and disclosure of your health information without your permission for purposes of health care treatment, payment activities, and health care operations. These uses and disclosures are more fully described below. This Notice does not list every use or disclosure; instead it gives examples of the most common uses and disclosures.
- Treatment: When and as appropriate, we may use or disclose health information about you to facilitate treatment or services by health care providers, as well as to provide and manage your dental care. We may disclose health information about you to healthcare providers.
- Payment: When and as appropriate, we may use and disclose health information about you to determine your eligibility for plans’ benefits, to facilitate payment for the treatment and services you receive from health care providers, to determine benefit responsibility and coverage under benefit plans, or to coordinate your coverage. For example, we may disclose information about your health history to determine whether a particular treatment is experimental, investigational, or medically necessary, or to decide if your benefit plan will cover the treatment. Additionally, we may share health information with another entity to assist with the adjudication or subrogation of health claims, or with another health plan to coordinate benefit payments.
- Healthcare Operations: We may use or disclose, as needed, your protected health information in order to support the business activities of our organization. These activities include, but are not limited to, quality assessment activities, employee review activities, accreditation activities, and conducting or arranging for other business activities. For example, we may disclose your protected health information to accrediting agencies as part of an accreditation survey. We may also call you by name while you are at our facility. We may use or disclose your protected health information, as necessary, for improving services, scheduling appointments, and quality assurance.
- Electronic Communications & Recording: We may monitor, intercept, or record electronic communications—such as phone calls, emails, chats, and other digital transmissions—for purposes including, but not limited to, quality assurance, compliance, training, and patient support. Where required by federal or state law, prior notice and consent will be obtained from all parties before such recordings are made. We comply with both one-party and all-party consent laws depending on the applicable jurisdiction. These practices apply to all locations operated or supported by us and extend to communications with any of our affiliated or partner practices.
- Our Business Associates: We may use and disclose your PHI to outside persons or entities that perform services on our behalf, such as auditing, legal, or transcription (Business Associates). The law requires our business associates and their subcontractors to protect your PHI in the same way we do. We also contractually require these parties to use and disclose your PHI only as permitted and to appropriately safeguard your PHI.
- Legal Requirements: We may use or disclose your protected health information in the following situations without your authorization: as required by law, public health issues as required by law, communicable diseases, health oversight, abuse or neglect, Food and Drug Administration requirements, legal proceedings, law enforcement, criminal activity, inmates, military activity, national security, and Workers’ Compensation. Required Uses and Disclosures: Under the law, we must make disclosures to you and when required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with the requirements of Section 164.500.
We will always try to ensure that the health information used or disclosed is limited to a “Designated Record Set” and to the “Minimum Necessary” standard, including a “limited data set,” as defined in HIPAA and ARRA for these purposes. We may also contact you to provide information about treatment options or alternatives or other health-related benefits and services that may be of interest to you. We will never sell or share your information for marketing purposes without your explicit written consent.
The privacy laws of a particular state or other federal laws might impose a more stringent privacy standard. If these more stringent laws apply and are not superseded by federal preemption rules under the Employee Retirement Income Security Act of 1974 (ERISA), the benefit plans will comply with the more stringent law.
Our Use of Artificial Intelligence (AI)
To enhance care and improve services, Artificial Intelligence (AI) technologies may be incorporated into certain aspects of healthcare operations. We may use and disclose your health information in connection with various AI solutions. By AI solutions, we mean computer systems that have the ability to automatically learn and improve based on training and/or experience, without being explicitly programmed, and which we might use to make predictions, recommendations or decisions about your treatment or our payment and health care operation purposes. AI solutions may also create new, original content, such as images or text; produce content autonomously that closely resembles human-created output; or produce natural language texts. Our current use of AI solutions is limited but may increase in the future. For any use of an AI solution to treat you, we will inform you in advance of such use, give you the option for us not to use the AI solution to treat you, and obtain your consent prior to the use of the AI solution to treat you.
- Transparency: The organization is committed to transparency regarding its use of AI. This means the organization will strive to inform and educate patients about the use of AI documentation tools, including provisions for privacy and security, and any associated risks.
- Purpose of AI Use: AI may be used in various ways, such as:
- Assisting in summarizing patient encounters or creating treatment summaries.
- Aiding in diagnosis or suggesting treatment options.
- Analyzing patient data for trends and insights to improve the quality and efficiency of care.
- Translating practice provided content and use with practice responses to patients.
- Answering patient inquiries and scheduling appointments.
- Patient Communication and Call Analysis: record and analyze calls; identify lead sources, potential new patients, patient sentiment; automate call summaries, appointment follow-ups; report call conversation data.
- Treatment Planning and Diagnostics: scan radiographs to identify decay, bone loss, or other pathologies to assist with detection and treatment options.
- Revenue Cycle Management: detect coding errors in claims to improve reimbursement accuracy and reduce claim denials.
- Patient Experience and Net Promoter Score (NPS) Tracking: collect and analyze post-visit surveys and online reviews to monitor patient satisfaction for possible follow-up.
- Scheduling and Predictive Workflows: forecast demand, now-show risk, and optimize provider time for improving appointment utilization and reducing gaps in scheduling.
- Data Used by AI: AI systems may process various types of information, which may include PHI. The organization is committed to protecting the privacy of this data and complying with all applicable regulations.
- Your Rights / Patient Control:
- You will be offered a choice and the right to opt out of the use of AI in your care. For instance, you may choose traditional documentation methods over AI-generated transcription services. A human professional retains ultimate decision-making authority in all aspects of care.
- Right to access relevant data from the use of AI in your care by contacting us at the email address <contact@gps.dental>.
- We will not retaliate against you for choosing to opt-out of the use of AI in your care.
- Data Minimization and Security: Data minimization principles will be applied, collecting and using only the necessary data for AI systems. Robust security measures will also be implemented to protect PHI when used with AI technologies, such as encryption, access controls, and regular security audits.
- Addressing Bias: The potential for bias in AI algorithms is acknowledged, and the organization is committed to addressing this issue. Diverse and representative datasets will be used for training AI models, and potential biases that could lead to disparities in care will be monitored.
- Human Oversight: AI systems are used as tools to support healthcare professionals, not replace them. Clinical judgment and human oversight remain essential in all aspects of care, including when AI tools are utilized.
- Ongoing Monitoring and Improvement: The performance of AI systems will be continuously monitored, addressing potential risks, and seeking opportunities to improve their effectiveness and ensure the equitable use of AI in care.
Our Commitment to Privacy
GPS Dental takes patient privacy seriously and implements the following safeguards:
- Use of secure, encrypted electronic health record (EHR) systems.
- Employee training on HIPAA compliance and patient confidentiality.
- Regular review of privacy practices and security protocols to prevent unauthorized access.
Cookies and Online Technology
When you visit our website, we may use cookies and similar technology to improve your experience and understand website usage. This information is used solely to enhance site functionality and is never sold or shared with unauthorized parties.
Questions or Concerns? Contact Us
If you have any questions, concerns, or complaints regarding your privacy or this Notice, you may contact us at:
GPS Dental
PO Box 17151
Jonesboro, AR 72403
(870) 333-5088
contact@gps.dental
We are here to address your concerns promptly. Filing a privacy complaint will not affect the quality of care you receive at GPS Dental.
Complaint: You can file a complaint if you feel we have violated your rights, with the office at the address below, or you with the Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Ave, SW, Room 509F HHH Bldg., Washington, D.C. 20201, calling 1-877-696-6775, or by visiting: www.hhs.gov/ocr/privacy/hipaa/complaints/. We will not retaliate against you for filing a complaint.