Schimmel Logo
  • Office Hours
    M-9-6, Wed Thurs Fri 9-5
Call Us: 718-548-4768
Request a Free Consult

HIPAA NOTICE OF PRIVACY PRACTICES AND WEBSITE PRIVACY & DATA COLLECTION POLICY

Effective Date: 10/25/25
Last Updated: 10/25/25

1. INTRODUCTION

Schimmel Orthodontic Associates (“Practice,” “we,” “our,” or “us”) values the privacy and security of your information. We are committed to protecting the confidentiality of your Protected Health Information (“PHI”) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act (“HITECH”), applicable state laws, and the Children’s Online Privacy Protection Act (“COPPA”) where applicable.

This combined Privacy Policy explains how we collect, use, disclose, and protect patient health information and other information obtained through our website located at https://www.schimmelortho.com/.

Practice Contact Information:
 Schimmel Orthodontic Associates
 3265 Johnson Avenue, Suite 104
 Bronx, NY 10463
 Phone: (718) 548-4768
 Fax: (718) 543-0594
 Email: info@schimmelortho.com
 Office Hours: Monday 9:00 AM – 6:30 PM; Tuesday–Friday 9:00 AM – 6:00 PM

PART A: HIPAA NOTICE OF PRIVACY PRACTICES

2. OUR LEGAL DUTY

We are required by federal law to maintain the privacy of your PHI, provide this Notice of Privacy Practices, and follow the terms of this Notice currently in effect. We are also required to notify you following a breach of unsecured PHI as described in Section 9 below.

3. HOW WE MAY USE AND DISCLOSE YOUR PHI

We may use and disclose PHI for the following purposes without your written authorization:

  1. Treatment – To provide, coordinate, or manage your orthodontic and dental care, including consultations and referrals to other healthcare providers.
     b. Payment – To obtain payment for treatment and related services, including billing, claims management, and eligibility verification.
     c. Health Care Operations – To support business and administrative functions, quality assurance, training, credentialing, audits, compliance reviews, and service improvement.
     d. Required by Law – To the extent required by federal, state, or local law.
     e. Public Health and Safety – To report disease, injury, or abuse; to comply with public health investigations; or to prevent serious threats to health or safety.
     f. Judicial and Administrative Proceedings – In response to court or administrative orders, subpoenas, or other lawful processes.
     g. Law Enforcement – For law enforcement purposes permitted under HIPAA.
     h. Research – When approved by an Institutional Review Board or as otherwise permitted by law.
     i. Business Associates – To vendors performing services on our behalf (such as billing, cloud storage, or IT support) under written Business Associate Agreements requiring HIPAA compliance.

All other uses or disclosures of your PHI not listed above require your written authorization. You may revoke an authorization at any time in writing, except where we have already acted on it.

4. YOUR RIGHTS REGARDING YOUR PHI

You have the following rights under HIPAA and applicable law:

  • Right of Access: You may inspect or obtain a copy of your PHI maintained by us.
  • Right to Amend: You may request correction of inaccurate or incomplete information.
  • Right to Accounting: You may request a list of certain disclosures we have made of your PHI.
  • Right to Request Restrictions: You may request restrictions on how we use or disclose your PHI; while we are not required to agree to all requests, we will accommodate when feasible.
  • Right to Confidential Communications: You may request communications by alternative means or at alternate locations.
  • Right to Paper Copy: You may obtain a paper copy of this Notice even if received electronically.
     We will not retaliate against you for exercising these rights.

5. CHILDREN’S AND MINORS’ HEALTH INFORMATION

Because we provide orthodontic services to children as young as age 7, information about minor patients is protected under both HIPAA and COPPA.

  • For patients under 18, PHI is typically accessible to a parent or legal guardian unless otherwise limited by law (for example, where state law grants specific rights to minors).
  • We do not knowingly collect PHI or personal data directly from children under 13 via our website without verified parental consent. Parents or guardians must submit any online appointment requests or inquiries on behalf of a minor.

6. SAFEGUARDS AND SECURITY MEASURES

We maintain administrative, physical, and technical safeguards to protect PHI’s confidentiality, integrity, and availability, including:

  • Secure data storage and encryption for electronic PHI where applicable;
  • Access controls limiting PHI to authorized personnel;
  • Ongoing staff training and confidentiality agreements;
  • Written Business Associate Agreements with vendors handling PHI;
  • Routine auditing, monitoring, and incident-response procedures.

7. BREACH NOTIFICATION POLICY

In the event of a breach of unsecured PHI, we will comply with all applicable federal and state breach notification requirements. This includes notifying affected individuals without unreasonable delay, and no later than 60 days after discovery of the breach. For breaches affecting 500 or more individuals, we will also notify the U.S. Department of Health and Human Services and, when required, the media.

8. CHANGES TO THIS NOTICE

We reserve the right to revise this Notice at any time. Updated versions will be posted prominently in our office and on our website. The revised Notice will apply to all PHI maintained at that time.

9. QUESTIONS OR COMPLAINTS

If you have questions about this Notice or believe your privacy rights have been violated, contact:

Privacy Officer
 Schimmel Orthodontic Associates
 3265 Johnson Avenue, Suite 104
 Bronx, NY 10463
 Phone: (718) 548-4768
 Email: info@schimmelortho.com

You may also submit a complaint to the U.S. Department of Health and Human Services, Office for Civil Rights. We will not retaliate against you for filing a complaint.

PART B: WEBSITE PRIVACY & DATA COLLECTION POLICY

10. INFORMATION COLLECTED THROUGH OUR WEBSITE

When you visit our website or communicate with us electronically, we may collect the following categories of information:

  • Personal data submitted via forms (e.g., name, phone number, email, appointment details, and messages).
  • Technical data (e.g., IP address, browser type, device identifiers, referring pages).
  • Usage data collected through cookies, analytics tools, or social-media pixels.

We may use third-party services such as Google Analytics, Google Tag Manager, Meta Pixel, and others to evaluate site performance and marketing effectiveness. These services may use cookies or similar technologies to track user activity.

11. USE OF COLLECTED INFORMATION

We may use collected information to:

  • Respond to inquiries, schedule consultations, and provide requested services.
  • Improve website content, usability, and security.
  • Conduct analytics and evaluate marketing campaigns.
  • Comply with legal requirements and protect against unauthorized access or misuse.

We do not sell, rent, or lease personal information to third parties.

12. COOKIES AND TRACKING TECHNOLOGIES

Cookies are small files stored on your device to help analyze web traffic and improve your experience.
 You may disable cookies through your browser settings; however, some website features may not function properly.

Our website may also use web beacons, pixels, and similar tools to measure engagement.

13. THIRD-PARTY DISCLOSURES

We may share website usage data with vendors providing analytics, hosting, marketing, or security services. These vendors are contractually required to protect your information and may not use it for any other purpose.

14. DATA SECURITY AND RETENTION

We implement reasonable technical and administrative safeguards to protect information transmitted through our website. While we strive for security, no method of transmission over the internet is entirely secure.

Data submitted through forms is retained as necessary for communication, compliance, and recordkeeping, and is deleted or anonymized when no longer required.

15. CHILDREN’S ONLINE PRIVACY (COPPA COMPLIANCE)

Our website is intended for parents, guardians, and teen patients, not children under 13.
 We do not knowingly collect personal information directly from children under 13.
 If a parent or guardian believes a child under 13 has provided personal information through our website, please contact us immediately at info@schimmelortho.com so that we can delete the information in accordance with COPPA.

16. LINKS TO OTHER SITES

Our website may contain links to external websites not operated by us. We are not responsible for their content, security, or privacy practices. We encourage reviewing the privacy policies of any linked sites.

17. POLICY CHANGES

We may update this combined policy periodically to reflect changes in law, practice, or technology. The updated effective date will appear at the top of this page. Continued use of our website after updates constitutes acceptance of the revised policy.

18. CONSENT BY USE

By accessing or using our website, submitting information through online forms, or engaging with our services, you acknowledge that you have read, understood, and agree to the terms of this Combined HIPAA Privacy Policy and Website Privacy & Data Collection Policy. Parents or legal guardians providing information on behalf of a minor consent to the collection and use of such information as described herein.

Accessibility Toolbar

oral hygiene movie