Privacy Policy
HIPAA Notice of Privacy Practices, Website Privacy & Text Messaging Policy
Effective Date: January 1, 2024 | Last Reviewed: February 2026
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
1. Who We Are
Highmark Dental Care — Shannon Skiba DDS LLC ("Practice," "we," "us," or "our") is a HIPAA-covered entity. We are committed to protecting the privacy of your Protected Health Information (PHI) as required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), 45 CFR Parts 160 and 164, and applicable Georgia state law.
This Notice of Privacy Practices applies to all records of the care and services you receive from our Practice, whether created by our staff, physicians, or other personnel.
2. Our Legal Duties
We are required by law to:
- Maintain the privacy of your Protected Health Information (PHI)
- Provide you with this Notice of our legal duties and privacy practices
- Follow the terms of the Notice currently in effect
- Notify you in the event of a breach of your unsecured PHI
3. Protected Health Information (PHI)
PHI is information about you, including demographic data, that relates to your past, present, or future physical or mental health condition; the provision of health care to you; or the past, present, or future payment for the provision of health care to you, and that identifies you or for which there is a reasonable basis to believe it can be used to identify you.
PHI we may collect includes, but is not limited to:
- Full name, address, date of birth, telephone number, and email address
- Social Security Number (for insurance purposes, when required)
- Insurance policy information and coverage details
- Medical and dental history, diagnoses, and treatment records
- Dental X-rays, photographs, and clinical notes
- Payment and billing information
- Appointment history and communications with our office
4. How We May Use and Disclose Your PHI
4a. Uses and Disclosures Requiring No Authorization
We may use or disclose your PHI without your written authorization for the following purposes:
- Treatment: To provide, coordinate, or manage your dental care. For example, sharing records with a specialist, lab, or referring provider.
- Payment: To bill and receive payment for services rendered, including submitting claims to your insurance carrier.
- Healthcare Operations: For activities such as quality assessment, staff training, audits, and business management.
- As Required by Law: When required by federal, state, or local law, including public health activities, health oversight, judicial proceedings, law enforcement, or national security purposes.
- Emergencies: To prevent a serious and imminent threat to your health or safety or the health or safety of the public.
- Appointment Reminders: To contact you with appointment reminders or treatment alternatives.
4b. Uses and Disclosures Requiring Your Authorization
All other uses and disclosures of your PHI not described above will be made only with your written authorization. You may revoke that authorization at any time in writing, except to the extent that we have already taken action in reliance upon it.
We will specifically obtain your written authorization before:
- Marketing uses and disclosures
- Sale of your PHI
- Disclosure of psychotherapy notes (if applicable)
- Other uses not described in this Notice
5. Website and Electronic Communication Practices
5a. Online Appointment Requests
Our website offers an online appointment request form. Information submitted through this form is transmitted over an encrypted (HTTPS/TLS) connection. We collect only the minimum necessary information to schedule your appointment.
Important: Standard email is not a HIPAA-secure communication method. We will not send detailed PHI via standard email without your explicit consent. For sensitive matters, we recommend contacting us by phone at (770) 478-1001.
5b. Website Cookies and Analytics
Our website uses cookies for session management and general analytics. We do not use cookies to track or store your PHI. Website analytics data (such as page visits and browser type) is collected in an anonymized form and is not linked to your identity or health information.
You may decline non-essential cookies using our cookie consent banner. Declining cookies will not affect your ability to use appointment request features.
5c. Third-Party Vendors (Business Associates)
We may use third-party service providers (Business Associates) who assist in operating our practice, including appointment scheduling platforms, email systems, and practice management software. We require all Business Associates to sign a Business Associate Agreement (BAA) and maintain HIPAA-compliant safeguards before accessing any PHI.
5d. No Sale of PHI
We will never sell, rent, or trade your PHI to any third party for marketing or commercial purposes.
6. Technical and Administrative Safeguards
We implement the following safeguards to protect your PHI:
- Encryption in Transit: All data transmitted through our website uses HTTPS/TLS encryption
- Access Controls: Only authorized personnel have access to PHI, protected by unique user credentials
- Session Timeouts: Administrative systems automatically time out after periods of inactivity
- Minimal Data Retention: Online systems store only the minimum necessary data; no PHI is stored in unencrypted browser storage
- Audit Controls: We maintain logs of access to systems containing PHI
- Staff Training: All staff members receive HIPAA privacy and security training
- Risk Assessments: We conduct regular security risk analyses as required by the HIPAA Security Rule (45 CFR § 164.308)
7. Your Rights Regarding Your PHI
Under HIPAA (45 CFR §§ 164.522–164.528), you have the following rights with respect to your PHI:
Right to Access (45 CFR § 164.524)
You have the right to inspect and receive a copy of your PHI that we maintain in a designated record set. We will provide access within 30 days of your request. We may charge a reasonable cost-based fee for copies.
Right to Amend (45 CFR § 164.526)
You have the right to request that we amend PHI that you believe is incorrect or incomplete. We will respond within 60 days. We may deny your request in certain circumstances.
Right to an Accounting of Disclosures (45 CFR § 164.528)
You have the right to request a list of certain disclosures we have made of your PHI in the past six years, other than disclosures made for treatment, payment, and healthcare operations.
Right to Request Restrictions (45 CFR § 164.522)
You have the right to request restrictions on how we use or disclose your PHI for treatment, payment, or healthcare operations. We are not required to agree to your request except where disclosure is to a health plan for payment purposes regarding care you paid for in full out-of-pocket.
Right to Request Confidential Communications (45 CFR § 164.522)
You have the right to request that we communicate with you about your PHI in a certain way or at a certain location (e.g., only by phone at a specific number, or only by mail to a specific address).
Right to a Paper Copy of This Notice
You have the right to receive a paper copy of this Notice at any time, even if you have agreed to receive it electronically.
8. How to Exercise Your Rights and File a Complaint
To exercise any of the rights described above, or to file a complaint if you believe your privacy rights have been violated, please contact our Privacy Officer:
Privacy Officer: Shannon Skiba DDS LLC
Highmark Dental Care
173 North Main Street
Jonesboro, GA 30236
Phone: (770) 478-1001
Email: info@highmarkcares.com
You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR):
- Online: hhs.gov/hipaa/filing-a-complaint
- Phone: 1-800-368-1019 (TDD: 1-800-537-7697)
- Mail: 200 Independence Avenue, SW, Washington, DC 20201
We will not retaliate against you for filing a complaint.
9. Minors
We provide dental services to patients of all ages. For patients under 18 years of age, a parent or legal guardian must authorize the collection and use of PHI and must consent to treatment. In certain circumstances defined by Georgia law, minors may have the right to consent to their own treatment.
10. Changes to This Notice
We reserve the right to change the terms of this Notice and to make the new Notice effective for all PHI we maintain. Revised Notices will be posted on our website, provided to patients upon request, and available at our office. The effective date at the top of this page will reflect when changes were last made.
11. Text Messaging (SMS) Program & Mobile Information Policy
With your express written consent, Highmark Dental Care may send you text (SMS) messages related to your care. Our text messaging program includes communications such as appointment reminders and confirmations, scheduling, billing notifications, recall/recare reminders, and general practice updates.
- How to opt in: You may opt in by submitting our online text message sign-up form, by providing and confirming your mobile number during scheduling or check-in, or by texting us first.
- Message frequency varies based on your appointments and account activity.
- Message and data rates may apply based on your mobile carrier and plan.
- To opt out at any time, reply STOP to any text message. You will receive a confirmation and no further messages, except as needed to complete an opt-out. For help, reply HELP or call (770) 478-1001.
- Consent to receive text messages is not a condition of receiving dental care or any service.
Mobile information sharing: No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Information sharing with subcontractors who provide support services (for example, customer support or message delivery) is permitted solely to operate the text messaging program. Text messaging originator opt-in data and consent will not be shared with any third parties for their own purposes.
Standard message and data rates may apply. For full terms, see our Terms of Service.
12. Georgia State Law
In cases where Georgia state law provides greater protection for your health information than federal HIPAA regulations, we will comply with the more protective state law. This includes additional protections for certain categories of sensitive health information under Georgia Code.
