Download Privacy Policy

FLOURISH DENTAL & WELLNESS

PRIVACY POLICY AND HIPAA NOTICE OF PRIVACY PRACTICES

Effective Date: July 11, 2026

Last Updated: July 11, 2026

PART I — WEBSITE AND GENERAL PRIVACY POLICY

1. Introduction and Scope

Flourish Dental & Wellness, LLC (“Flourish,” “we,” “us,” or “our”) respects the privacy of patients, prospective patients, website visitors, caregivers, parents and guardians, vendors, and other individuals who interact with us.

This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information through both digital and physical channels, including:

  • our website at https://flourishdentalandwellness.com and related webpages;
  • website contact forms and general inquiries;
  • online scheduling and patient-facing technology;
  • email, telephone, voicemail, text messaging, and social media;
  • in-person visits, paper forms, mail, and other office interactions; and
  • services provided by vendors acting for or with us.

This Privacy Policy applies to general personal information. When information qualifies as protected health information (“PHI”) under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”), our HIPAA Notice of Privacy Practices in Part II also applies. If this general policy conflicts with the Notice of Privacy Practices or applicable law, the requirement that provides greater protection to the individual will control.

2. Personal Information We May Collect

Depending on how you interact with us, we may collect the following categories of information.

  1. Contact and Lead Information
  • Name, email address, telephone number, mailing address, and preferred contact method.
  • Information you submit through our website contact form, including your first and last name, email address, and message.
  • Information you provide when requesting an appointment, asking a question, responding to a promotion, attending an event, or communicating through social media.
  1. Patient and Health Information
  • Date of birth, demographic information, emergency contacts, and information about parents, guardians, personal representatives, or caregivers.
  • Medical and dental histories, symptoms, diagnoses, medications, allergies, treatment plans, clinical notes, referrals, photographs, radiographs, scans, laboratory information, and other records related to care.
  • Appointment history, communications about care, consent forms, and treatment preferences.
  • Information related to disability accommodations, language preferences, or communication needs.
  1. Insurance, Billing, and Transaction Information
  • Dental or health insurance information, subscriber information, claims, eligibility information, authorizations, and payment history.
  • Billing address, amounts charged, account balances, financing or membership-plan information, and transaction records.
  • Payment-card information may be collected directly by a third-party payment processor. Flourish may receive transaction confirmations or limited payment details without receiving or retaining the complete card number.
  1. Communications Information
  • The content and metadata of emails, text messages, portal messages, website submissions, letters, telephone communications, and voicemail.
  • Communication preferences, consent records, opt-in and opt-out requests, and delivery-status information.
  1. Website and Device Information
  • Internet Protocol address, browser type, operating system, device type, device identifiers, approximate location derived from an IP address, referring webpage, pages visited, links clicked, dates and times of access, and interactions with website features.
  • Cookie identifiers, advertising identifiers, analytics information, and similar technical data.
  • Information about whether an email was delivered, opened, or clicked, where permitted by law and enabled by our communications provider.
  1. Information from Other Sources
  • Information from other healthcare providers, laboratories, pharmacies, insurers, clearinghouses, referral sources, caregivers, personal representatives, and legally authorized third parties.
  • Information from scheduling, communications, payment, analytics, hosting, security, marketing, or practice-management vendors.
  • Information you make public through reviews, social-media posts, tags, comments, or testimonials.

3. How We Collect Information

We may collect information directly from you; from a parent, guardian, caregiver, or personal representative; automatically through digital technologies; from healthcare and insurance partners; or from vendors and other lawful sources.

We collect information through website forms, online scheduling, patient intake, clinical treatment, paper forms, telephone and voicemail, email, text messaging, patient portals, social media, payment transactions, insurance verification, referrals, and in-person interactions.

4. How We Use Personal Information

We may use personal information to:

  • respond to inquiries and communicate with prospective patients;
  • schedule, confirm, reschedule, and manage appointments;
  • provide, coordinate, document, and improve dental care;
  • verify benefits, submit claims, collect payment, and administer accounts;
  • communicate about treatment, results, follow-up, preventive care, and treatment alternatives;
  • operate, maintain, secure, troubleshoot, and improve our website, systems, and office operations;
  • personalize website content and understand how visitors use our public website;
  • send service communications, appointment reminders, and, where permitted, marketing communications;
  • manage Flourish Care Plans, promotions, events, reviews, and community programs;
  • train team members, conduct quality assurance, and support compliance activities;
  • detect fraud, misuse, security incidents, and unlawful activity;
  • comply with legal, regulatory, licensing, insurance, audit, and professional obligations; and
  • establish, exercise, or defend legal claims.

5. How We May Disclose Information

We may disclose information only as permitted or required by applicable law and, for PHI, as described in Part II. Categories of recipients may include:

  1. Workforce Members and Providers

We may make information available to dentists, dental hygienists, assistants, administrative personnel, contractors, and other workforce members who need it to perform their responsibilities.

  1. Service Providers and Business Associates

We may use vendors for practice management, scheduling, hosting, forms, email, text messaging, payment processing, claims, data storage, security, analytics, legal, accounting, marketing, and other business functions. When a vendor handles PHI on our behalf and qualifies as a HIPAA business associate, we require appropriate contractual protections, including a Business Associate Agreement when required.

  1. Healthcare and Payment Participants

We may disclose information to other healthcare providers, laboratories, pharmacies, insurers, benefit plans, clearinghouses, billing companies, and others involved in treatment or payment.

  1. Legal, Regulatory, and Safety Purposes

We may disclose information when required or permitted by law, including in response to lawful process, licensing or regulatory inquiries, public-health reporting, health-oversight activities, suspected abuse or neglect, workers’ compensation matters, law-enforcement requests, emergencies, or a serious threat to health or safety.

  1. Business Transactions

Subject to applicable healthcare-privacy laws, information may be reviewed or transferred in connection with a merger, sale, financing, reorganization, acquisition, succession, or other transaction involving all or part of the practice. Any successor must continue to protect PHI as required by law.

  1. At Your Direction or With Authorization

We may disclose information to people or organizations you identify, including family members, caregivers, attorneys, schools, employers, or other third parties, when you direct us, authorize the disclosure, or the law otherwise permits it.

6. Sale of Information, Targeted Advertising, and Marketing

We do not sell PHI. We do not use or disclose PHI for marketing when HIPAA requires a written authorization, and we do not sell PHI without a valid written authorization that satisfies applicable law.

We do not sell personal information in exchange for money. On public, unauthenticated portions of our website, we may use analytics, advertising, social-media, or similar technologies that collect device and browsing information. Some state laws may define certain disclosures for cross-context behavioral advertising as a “sale,” “sharing,” or “targeted advertising” even when no money changes hands. Where such laws apply, you may exercise applicable opt-out rights using the methods described in this policy.

We do not knowingly permit advertising technologies to collect information entered into patient forms, intake pages, authenticated patient portals, or other pages that contain PHI unless the disclosure is permitted by HIPAA and appropriate contractual or authorization requirements are satisfied.

7. Cookies and Similar Technologies

Our public website may use cookies, pixels, tags, local storage, scripts, software development kits, and similar technologies. These may support:

  • Essential functions: security, fraud prevention, form operation, network management, and basic site functionality.
  • Preferences: remembering settings and improving usability.
  • Analytics: understanding traffic, page performance, and visitor interactions.
  • Advertising and social media: measuring campaigns, limiting repeated advertisements, or showing relevant content on third-party platforms.

You may manage cookies through your browser settings and any cookie-preference tool we make available. Blocking cookies may affect website functionality. Because “Do Not Track” signals are not uniformly defined, our response may vary. Where required by applicable law, we will process legally recognized universal opt-out preference signals, such as Global Privacy Control, for the browser or device that sends the signal.

8. Website Contact Forms and General Inquiries

Do not use the website contact form, ordinary email, text message, voicemail, or social-media message for an emergency or for highly sensitive medical information.

Our contact form is intended for general questions and appointment-related inquiries. It may collect your name, email address, and the message you choose to provide. Please do not include Social Security numbers, complete insurance identifiers, payment-card information, detailed medical histories, diagnostic images, or other highly sensitive information in a general website message.

Although we use reasonable safeguards, ordinary internet, email, text, and social-media communications cannot be guaranteed to be completely secure or confidential. If you voluntarily include health information in a communication, we will protect it as required by applicable law once received, but you accept the inherent transmission risks of the communication method you select.

Submitting a website form or sending a message does not by itself establish a dentist-patient relationship, guarantee an appointment, or create a duty to provide care.

9. Online Scheduling, Portals, and Third-Party Platforms

Our website may link to or integrate with third-party scheduling, patient portal, payment, financing, mapping, review, social-media, or other services. Some vendors may act as our service providers or HIPAA business associates, while others may operate independently under their own privacy policies and terms.

When you leave our website or interact directly with a third-party service, review that service’s privacy terms. Once information is received by Flourish and maintained as part of our records, we handle it as required by applicable law and our Notice of Privacy Practices.

10. Text Messaging and Telephone Communications

If you provide a telephone number, you may receive communications related to inquiries, scheduling, appointment confirmations, reminders, care coordination, follow-up, account administration, or other patient-service purposes, as permitted by law.

Marketing or promotional texts will be sent only when we have the consent required by law. Consent to receive marketing texts is not a condition of purchasing services or receiving dental care.

  • Message frequency varies.
  • Message and data rates may apply.
  • Reply STOP to opt out of automated text messages, or use another reasonable method to tell us to stop.
  • Reply HELP for assistance or contact us using the information below.
  • Carriers are not liable for delayed or undelivered messages.

Text messages may appear on a locked screen or be accessible to anyone with access to your device or account. You may request a different confidential communication method as described in Part II.

11. Email Communications

We may send transactional or relationship emails about inquiries, appointments, treatment, account activity, security, or services. With your consent or as otherwise permitted by law, we may also send educational or promotional emails.

You may unsubscribe from marketing emails using the link in the message or by contacting us. Opting out of marketing does not prevent us from sending non-marketing communications necessary for treatment, scheduling, billing, safety, security, or legal compliance.

12. Data Security

We use reasonable and appropriate administrative, technical, and physical safeguards designed to protect information against unauthorized access, use, alteration, loss, or disclosure. Safeguards may include access controls, authentication, encryption where appropriate, workforce training, vendor oversight, secure disposal, backups, monitoring, and incident-response procedures.

No method of transmission or storage is completely secure. We cannot guarantee absolute security. If a reportable breach occurs, we will provide notifications as required by HIPAA, the HITECH Act, Colorado law, and other applicable laws.

13. Retention and Disposal

We retain information for the period reasonably necessary to provide care, maintain business and clinical records, fulfill the purposes described in this policy, resolve disputes, enforce agreements, and comply with federal and Colorado legal, licensing, insurance, tax, and professional obligations. Retention periods vary by record type.

When information is no longer required, we may delete, destroy, anonymize, or de-identify it using methods appropriate to the sensitivity and format of the information.

14. Children and Minors

Our public website is intended for a general audience and is not directed to children under 13. We do not knowingly collect personal information online directly from a child under 13 without authorization from a parent or legal guardian.

Flourish may provide dental care to minors and collect information from a parent, guardian, or other person authorized by law. Rights concerning a minor’s health information are governed by HIPAA, Colorado law, and the circumstances of the minor’s care.

15. Your General Privacy Choices

Depending on your relationship with us and applicable law, you may be able to:

  • update contact information and communication preferences;
  • unsubscribe from marketing email;
  • revoke consent for marketing texts or automated communications;
  • manage browser cookies and preference signals;
  • request access, correction, deletion, or portability of certain non-PHI personal information;
  • opt out of qualifying sales, targeted advertising, or profiling; and
  • exercise the HIPAA rights described in Part II for PHI.

Some requests may be limited or denied when an exception applies, including when information must be retained for treatment, patient safety, legal compliance, claims, fraud prevention, security, or the establishment or defense of legal rights.

16. Colorado and Other State Privacy Rights

Colorado law may provide eligible residents with rights to access, correct, delete, or obtain a portable copy of certain personal data, and to opt out of certain sales, targeted advertising, or profiling. The Colorado Privacy Act applies only to entities and data that meet its scope requirements and contains exemptions, including for certain information maintained in accordance with HIPAA.

Residents of other states may have similar rights. We will honor verified requests to the extent required by applicable law. We will not discriminate against you for exercising a privacy right.

To submit a request, email flourishdentalandwellness@gmail.com with the subject line “Privacy Request,” call (719) 357-8989, or write to the address below. We may need to verify your identity and authority. Authorized agents may be required to provide proof of authorization.

If a state law provides a right to appeal a denied request, submit an appeal using the same contact methods with the subject line “Privacy Appeal.”

17. Third-Party Links and Social Media

Our website and communications may contain links to third-party websites, social-media platforms, review sites, maps, or services. We are not responsible for the independent privacy, security, or content practices of third parties. Information you post publicly may be viewed, copied, or used by others.

18. Visitors Outside the United States

Flourish is located in Colorado and provides services in the United States. If you access our website from another country, your information may be transferred to and processed in the United States, where privacy laws may differ from those in your jurisdiction.

19. Changes to This Privacy Policy

We may update this Privacy Policy as our practices, technologies, or legal obligations change. The updated version will be posted with a revised “Last Updated” date. Material changes to the HIPAA Notice of Privacy Practices will be handled as described in Part II.

20. Contact Us

Privacy Officer

Flourish Dental & Wellness, LLC

5925 Lehman Drive, Suite 5

Colorado Springs, CO 80918

Phone: (719) 357-8989

Email: flourishdentalandwellness@gmail.com

Website: https://flourishdentalandwellness.com

PART II — HIPAA NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Effective Date: July 11, 2026

1. Who Follows This Notice

This Notice applies to Flourish Dental & Wellness, LLC and the members of its workforce, including dentists, dental hygienists, assistants, administrative personnel, trainees, volunteers, and contractors under Flourish’s direct control, as applicable. It also applies to healthcare professionals providing care at Flourish when they participate in an organized arrangement or are otherwise required to follow this Notice.

2. Our Duties

We are required by law to:

  • maintain the privacy and security of your PHI;
  • provide you with this Notice describing our legal duties and privacy practices;
  • follow the terms of the Notice currently in effect;
  • notify you following a breach of unsecured PHI when required by law;
  • limit uses, disclosures, and requests for PHI to the minimum necessary when that standard applies; and
  • provide you with a copy of this Notice upon request.

3. How We May Use and Disclose PHI Without Your Written Authorization

HIPAA permits or requires us to use and disclose PHI in the following circumstances. Additional limitations may apply under Colorado or other law.

  1. Treatment

We may use and disclose PHI to provide, coordinate, or manage your dental and healthcare services. For example, we may share information with another dentist, physician, specialist, laboratory, pharmacy, or healthcare provider involved in your care.

  1. Payment

We may use and disclose PHI to bill and collect payment for services, verify coverage, obtain prior authorization, submit claims, coordinate benefits, respond to insurer inquiries, and conduct collection activities permitted by law.

  1. Healthcare Operations

We may use and disclose PHI for activities necessary to operate the practice, including quality assessment, patient safety, training, credentialing, licensing, auditing, compliance, legal and accounting services, business planning, customer service, and evaluating provider performance.

  1. Business Associates

We may disclose PHI to vendors and contractors that perform services involving PHI on our behalf, such as practice-management, billing, scheduling, data hosting, communications, claims, legal, accounting, and secure disposal. We require business associates to protect PHI as required by HIPAA and applicable contracts.

  1. Appointment Reminders and Health-Related Communications

We may contact you by telephone, voicemail, text, email, mail, portal, or another method you provide to remind you of appointments or communicate about care. We may tell you about treatment alternatives or health-related products and services that may be of interest, as permitted by law.

  1. Individuals Involved in Your Care or Payment

Unless you object, we may disclose PHI relevant to your care or payment to a family member, friend, caregiver, personal representative, or other person you identify. If you are unable to agree or object, we may make a disclosure when, in our professional judgment, it is in your best interest and permitted by law.

  1. Disaster Relief

We may disclose limited PHI to an organization assisting in a disaster-relief effort so that family or others responsible for your care can be notified about your location, condition, or status.

  1. Required by Law

We may use or disclose PHI when federal, state, or local law requires it, subject to the limits of the applicable law.

  1. Public Health and Safety Activities

We may disclose PHI for authorized public-health activities, including preventing or controlling disease, injury, or disability; reporting adverse events or product problems; supporting recalls; notifying people who may have been exposed to a communicable condition when authorized by law; or reporting information to employers where permitted for workplace health and safety.

  1. Abuse, Neglect, or Domestic Violence

We may disclose PHI to an authorized government agency when we reasonably believe an individual may be a victim of abuse, neglect, or domestic violence, as permitted or required by law.

  1. Health Oversight

We may disclose PHI to health-oversight agencies for audits, investigations, inspections, licensing, disciplinary actions, and other activities authorized by law.

  1. Judicial and Administrative Proceedings

We may disclose PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process when applicable legal requirements are satisfied.

  1. Law Enforcement

We may disclose PHI to law-enforcement officials for purposes permitted by HIPAA and other law, such as responding to certain court orders, identifying or locating a person, reporting a crime on our premises, or addressing a serious threat.

  1. Coroners, Medical Examiners, and Funeral Directors

We may disclose PHI to a coroner, medical examiner, or funeral director as necessary for duties authorized by law.

  1. Organ and Tissue Donation

We may disclose PHI to organizations involved in organ, eye, or tissue donation and transplantation when applicable.

  1. Workers’ Compensation

We may disclose PHI as authorized by workers’ compensation or similar laws.

  1. Serious Threat to Health or Safety

We may use or disclose PHI when necessary and permitted by law to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.

  1. Specialized Government Functions

We may disclose PHI for certain military and veterans’ activities, national-security and intelligence activities, protective services, correctional institutions, or law-enforcement custodial situations, as permitted by law.

  1. Research

We may use or disclose PHI for research only when the research is approved through a process that satisfies HIPAA, when the information is appropriately de-identified or limited, or when you provide a valid authorization.

  1. De-Identified Information

We may use or disclose health information that has been de-identified in accordance with HIPAA so that it no longer identifies you or provides a reasonable basis to identify you.

4. Uses and Disclosures That Generally Require Written Authorization

Uses and disclosures not described in this Notice will generally be made only with your written authorization. A written authorization is generally required for:

  • most uses and disclosures of psychotherapy notes, if any are maintained;
  • marketing communications when HIPAA requires authorization;
  • the sale of PHI;
  • use of identifiable patient photographs, video, testimonials, or treatment information for public advertising or promotional purposes, unless another lawful basis applies; and
  • other uses or disclosures not otherwise permitted or required by law.

You may revoke an authorization in writing at any time, except to the extent we have already relied on it or another legal exception applies.

5. Your HIPAA Rights

  1. Right to Inspect and Obtain a Copy

You may request to inspect or obtain an electronic or paper copy of PHI in our designated record set, including medical and billing records, subject to limited exceptions. We will respond within the period required by law. We may charge a reasonable, cost-based fee permitted by law.

  1. Right to Request an Amendment

You may ask us to amend PHI that you believe is incorrect or incomplete. Your request must be in writing and explain the reason for the amendment. We may deny the request in circumstances permitted by law and will provide a written explanation when required.

  1. Right to an Accounting of Disclosures

You may request a list of certain disclosures of your PHI made during the period permitted by law. The accounting does not include every disclosure, such as many disclosures for treatment, payment, healthcare operations, to you, or made under your authorization.

  1. Right to Request Restrictions

You may ask us to limit how we use or disclose PHI for treatment, payment, or healthcare operations, or to persons involved in your care. We are generally not required to agree, except that we must agree to a request not to disclose information to a health plan for payment or healthcare operations when the disclosure is not required by law and you, or someone on your behalf, have paid the applicable item or service in full out of pocket.

  1. Right to Request Confidential Communications

You may request that we contact you in a specific way or at a specific location—for example, only at a particular telephone number, email address, or mailing address. We will accommodate reasonable requests as required by law.

  1. Right to a Copy of This Notice

You may request a paper copy of this Notice at any time, even if you agreed to receive it electronically. A current electronic copy will also be available on our website.

  1. Right to Choose a Personal Representative

If a person has legal authority to act for you, such as through a healthcare power of attorney or guardianship, we will treat that person as your personal representative to the extent required by law. We may request documentation of the person’s authority.

  1. Right to Complain Without Retaliation

You may complain to Flourish or to the U.S. Department of Health and Human Services if you believe your privacy rights have been violated. We will not retaliate against you, deny treatment, or require you to waive a HIPAA right because you filed a complaint or exercised a privacy right.

6. Breach Notification

We will notify affected individuals and government authorities following a breach of unsecured PHI when required by HIPAA, the HITECH Act, and other applicable law.

7. Changes to This Notice

We reserve the right to change this Notice and make the revised Notice effective for PHI we already maintain and information we receive in the future, as permitted by law. The current Notice will be posted on our website and available at our office. The Notice will state its effective date.

8. Questions and Complaints

To ask a question, exercise a HIPAA right, or submit a complaint, contact:

Privacy Officer Flourish Dental & Wellness, LLC 5925 Lehman Drive, Suite 5 Colorado Springs, CO 80918 Phone: (719) 357-8989 Email: flourishdentalandwellness@gmail.com

You may also file a complaint with:

U.S. Department of Health and Human Services Office for Civil Rights 200 Independence Avenue, S.W. Washington, D.C. 20201 Phone: 1-877-696-6775 Online: https://www.hhs.gov/hipaa/filing-a-complaint

Complaints should generally be filed within 180 days of when you knew that the act or omission occurred, subject to any extension permitted by HHS.