Privacy & HIPAA Policy

Effective Date: 5/1/2025

At Miller Dental Operations & Billing Services, we understand the critical importance of protecting sensitive patient and practice information. This Privacy Policy outlines our practices regarding the collection, use, protection, and disclosure of information we receive through our dental billing services.

As a dental billing service provider, we function as a Business Associate under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations, including the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule, as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act.

We maintain a comprehensive HIPAA compliance program that includes:

• Execution of Business Associate Agreements (BAAs) with all covered entity clients
• Regular risk assessments and security evaluations
• Documented policies and procedures for handling Protected Health Information (PHI)
• Employee background checks and regular HIPAA training
• Designated Privacy and Security Officers responsible for ongoing compliance
• Breach notification protocols in accordance with federal requirements

In providing dental billing services, we may collect and process the following types of information:

• Protected Health Information (PHI): Including but not limited to names, addresses, contact information, dates of birth, insurance policy information, treatment codes, diagnoses, and dental treatment records necessary for billing purposes.
• Practice Information: Including practice demographics, provider credentials, NPI numbers, fee schedules, and other operational data necessary for billing services.
• Financial Information: Including insurance payments, patient payments, outstanding balances, and other financial data necessary for accounts receivable management.

We process PHI and other sensitive information based on:

• Business Associate Agreements with covered entities as defined by HIPAA
• The minimum necessary standard, collecting and using only information required for billing functions
• Explicit authorization from the dental practice for specific processing activities
• Legitimate business purposes necessary to fulfill our contractual obligations

Use of Information

We use the information collected solely for the purpose of providing contracted dental billing services, including:

• Insurance verification and eligibility checks
• Claims submission and tracking
• Payment posting and reconciliation
• Denial management and appeals
• Accounts receivable management
• Generating practice financial reports

We maintain robust physical, electronic, and procedural safeguards that:

• Comply with HIPAA Security Rule requirements for administrative, physical, and technical safeguards
• Utilize industry-standard encryption (minimum 256-bit) for data transmission and storage
• Implement role-based access controls limiting information access to authorized personnel only
• Maintain audit logs of all system access and data modifications
• Include regular security risk assessments and employee training
• Provide secure methods for data storage and disposal
• Include disaster recovery and business continuity plans

We do not sell, trade, or otherwise transfer protected health information to outside parties. Information may only be shared:

• With insurance companies and clearinghouses for claims processing
• With your practice staff as authorized
• As required by law, subpoena, or regulatory requirements
• With service providers who assist us in our operations, subject to compliant Business Associate Agreements

In the event of a suspected or actual breach of unsecured PHI:

• We will conduct a thorough investigation to identify affected information
• We will notify affected dental practices without unreasonable delay and within 60 days
• We will assist practices with their notification obligations to patients and regulators
• We will implement corrective measures to prevent similar breaches

We maintain records in accordance with HIPAA requirements, state laws, and operational needs, generally for a period of seven years unless otherwise specified by applicable law. Upon termination of services, we will:

• Return all original documents to your practice
• Transfer electronic records as directed
• Securely dispose of any remaining information after applicable retention periods using HIPAA-compliant methods

Dental practices we service maintain control over their data. Upon request, we will:

• Provide access to information we maintain
• Make corrections to inaccurate information
• Accommodate reasonable requests for alternative communication methods
• Provide detailed accounting of disclosures when applicable
• Support your practice's obligations to fulfill patient rights under HIPAA

In addition to HIPAA, we comply with other applicable laws and regulations including:

• State privacy and data security laws
• Federal Trade Commission regulations regarding unfair or deceptive practices
• Payment Card Industry Data Security Standards (PCI DSS) for payment processing
• The Telephone Consumer Protection Act for patient communications

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Any material changes will be communicated to client practices before implementation and will be effective upon posting to our website or direct distribution to clients.

If you have questions or concerns about our privacy practices or HIPAA compliance, please contact our Privacy Officer at:

Miller Dental Operations & Billing Services
737-349-5264
jmiller@millerdobs.com