Privacy Policy

1. Information We Collect

For a better experience while using our Service, we may require you to provide us with certain personally identifiable information, including but not limited to your name, phone number, and postal address. The information that we collect will be used to contact or identify you.

2. Log Data

We want to inform you that whenever you visit our Service, we collect information that your browser sends to us that is called Log Data. This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser version, pages of our Service that you visit, the time and date of your visit, the time spent on those pages, and other statistics.

3. Cookies

Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the website that you visit and are stored on your computer's hard drive.

‍
Our website uses these "cookies" to collect information and to improve our Service. You have the option to either accept or refuse these cookies, and know when a cookie is being sent to your computer. If you choose to refuse our cookies, you may not be able to use some portions of our Service.

4. Service Providers

We may employ third-party companies and individuals due to the following reasons:

• To facilitate our Service;
• To provide the Service on our behalf;
• To perform Service-related services; or
• To assist us in analyzing how our Service is used.

We want to inform our Service users that these third parties have access to your Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.

5. Security

We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.

6. Links to Other Sites

Our Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over, and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

7. Children's Privacy

Our Services do not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. In the case we discover that a child under 13 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to take necessary actions.

1. Our Commitment to Your Privacy

Tiny Tooth Co. is committed to protecting the privacy of your health information. We are required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), its implementing regulations, and applicable Texas state laws — including the Texas Medical Records Privacy Act (TMRPA, Chapter 181 of the Texas Health and Safety Code) — to maintain the privacy of your Protected Health Information (PHI), to provide you with this Notice of our legal duties and privacy practices with respect to your PHI, and to abide by the terms of the Notice currently in effect.

2. Notice Regarding Electronic Disclosures of Your Health Information

In accordance with the Texas Medical Records Privacy Act (HB 300), we are required to inform you that your Protected Health Information may be disclosed electronically. Electronic disclosures of your PHI without your authorization are limited to purposes of treatment, payment, healthcare operations, and certain other purposes as permitted or required by law. Any electronic disclosure of your PHI beyond these permitted purposes requires your written authorization.

3. How We May Use and Disclose Your Health Information

We may use and disclose your PHI for the following purposes:

‍

Treatment: We may use your health information to provide, coordinate, or manage your dental care and any related services. For example, we may share your health information with a specialist or other healthcare provider to whom you have been referred for treatment.

Payment: We may use and disclose your health information to obtain payment for services we provide to you. For example, we may send information to your dental insurance company to receive payment for treatment.

Healthcare Operations: We may use and disclose your health information in connection with our healthcare operations, including quality assessment and improvement activities, reviewing the competence or qualifications of healthcare professionals, and conducting training programs.

As Required by Law: We will disclose your health information when required to do so by federal, state, or local law.

Public Health Activities: We may disclose your health information for public health activities, such as reporting diseases, injuries, and vital events as required by law.

Health Oversight Activities: We may disclose your health information to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections.

Judicial and Administrative Proceedings: We may disclose your health information in response to a court or administrative order, subpoena, discovery request, or other lawful process.

Law Enforcement: We may disclose your health information for law enforcement purposes as required by law or in response to a valid court order.

To Avert a Serious Threat to Health or Safety: We may use and disclose your health information when necessary to prevent a serious threat to your health and safety, or the health and safety of the public or another person.

Marketing: We will not use or disclose your PHI for marketing purposes without your prior written authorization. Under Texas law, the sale of your PHI for marketing purposes is strictly prohibited.

4. Substance Use Disorder (SUD) Treatment Information — 42 CFR Part 2 Protections

Effective February 16, 2026, in compliance with updated federal regulations under 42 CFR Part 2, records related to substance use disorder (SUD) treatment from a federally assisted Part 2 program receive heightened confidentiality protections.

‍

How we may receive SUD records: Our dental practice may receive substance use disorder treatment records as part of a patient's health history or through coordination of care with other providers.

General Consent: If we receive a Part 2 record accompanied by a general consent from the patient, we may use and disclose that information for purposes of treatment, payment, and healthcare operations as permitted by the HIPAA Privacy Rule and as described in this Notice.

Specific Consent: If we receive a Part 2 record accompanied by a specific consent, we may only use and disclose the information as expressly permitted in that consent.

Legal Proceedings: In no event will we use or disclose your Part 2 Program record, or testimony that describes the information contained in your Part 2 Program record, in any civil, criminal, administrative, or legislative proceedings by any Federal, State, or local authority, against you, unless authorized by your consent or the order of a court after it provides you notice of the court order.

‍

Additional protections:

• SUD treatment records maintained by or received by this practice are subject to stricter privacy protections than other health information.
• These records generally cannot be used or disclosed without your written consent or a qualifying court order, even for purposes of treatment, payment, or healthcare operations, unless otherwise permitted by law.
• We maintain formal policies and procedures to reasonably protect against unauthorized uses and disclosures of Part 2 information and to protect against reasonably anticipated threats or hazards to the security of such information.

‍

If you have questions about how your SUD records are handled, please contact our Privacy Officer using the contact information below.

5. Additional Privacy Protections

Some information may be entitled to special protections under federal and/or state law. These include but are not limited to:

• Substance use disorder (SUD) records (42 CFR Part 2)
• Mental health information
• HIV-related information
• Genetic information

Where applicable, we will apply the stricter protections required by these laws. Under both HIPAA and the Texas Medical Records Privacy Act, if a conflict exists between federal and state law, the more protective standard applies.

6. Your Rights Regarding Your Health Information

You have the following rights regarding the health information we maintain about you:

‍

Right to Access: You have the right to inspect and obtain a copy of your health information maintained by our practice. Under Texas law, we will provide you with access to your electronic health records within 15 business days of your written request. We may charge only a reasonable, cost-based fee for copies; administrative or retrieval fees are not permitted under Texas law. To request access, please submit a written request to our Privacy Officer.

Right to Request an Amendment: You have the right to request that we amend your health information if you believe it is incorrect or incomplete. If we decline your request, we will explain our reasons in writing. To request an amendment, please submit a written request to our Privacy Officer explaining the reason for the amendment.

Right to an Accounting of Disclosures: You have the right to request a list of certain disclosures we have made of your health information. To request an accounting, please submit a written request to our Privacy Officer.

Right to Request Restrictions: You have the right to request restrictions on certain uses and disclosures of your health information. We are not required to agree to your request, but if we do, we will comply with the agreed-upon restrictions except in emergency situations.

Right to Request Confidential Communications: You have the right to request that we communicate with you about health matters in a certain way or at a certain location. For example, you may request that we contact you only at a specific phone number or address.

Right to a Paper Copy of This Notice: You have the right to obtain a paper copy of this Notice at any time, even if you have previously agreed to receive it electronically.

Right to Be Notified of a Breach: You have the right to be notified in the event of a breach of your unsecured PHI. Breach notification will be provided in accordance with both HIPAA and applicable Texas law.

7. Our Duties

We are required by law to:

• Maintain the privacy of your PHI
• Provide you with this Notice of our legal duties and privacy practices with respect to your PHI
• Abide by the terms of this Notice currently in effect
• Notify you in the event of a breach of your unsecured PHI
• Train all employees who handle PHI on privacy policies and procedures in accordance with HIPAA and the Texas Medical Records Privacy Act

We reserve the right to change the terms of this Notice and to make the new provisions effective for all PHI we maintain. If we make a material change to this Notice, we will make the revised Notice available upon request, post it in our office, and update it on our website.

8. Filing a Complaint

If you believe your privacy rights have been violated, you may file a complaint with our practice, the State of Texas, or the U.S. Department of Health and Human Services. You will not be penalized or retaliated against for filing a complaint.

‍

Tiny Tooth Co. 

26400 Kuykendahl Rd Suite c230, The Woodlands, TX 77375, United States

(281) 297- 8100

info@thetinytoothco.com

‍

Texas Attorney General — Consumer Protection Division P.O. Box 12548 Austin, TX 78711-2548 Phone: 1-800-621-0508 Website: www.texasattorneygeneral.gov/consumer-protection/health-care/patient-privacy

‍

U.S. Department of Health and Human Services Office for Civil Rights — Region VI 1301 Young Street, Suite 1169 Dallas, TX 75202 Phone: 1-877-696-6775 Website: www.hhs.gov/ocr/privacy/hipaa/complaints/