Notice of Privacy Practices For Protected Health Information (PHI)

Effective Date: January 16, 2026

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

PLEASE REVIEW IT CAREFULLY.

Purpose of This Notice

This Notice of Privacy Practices (“Notice”) describes how LightForce Orthodontics, Inc. (”LightForce”, “we”, “us”, “our”) may ****use and disclose Protected Health Information (“PHI”) that we receive from health care providers through our products and services used in your care, and how you may access and control this information. We provide this Notice in accordance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its regulations.

OUR RESPONSIBILITIES

We are required by law to:

  • Maintain the privacy and security of PHI entrusted to us;
  • Use or disclose PHI only as permitted by HIPAA and applicable law;
  • Notify you in the event of a breach of unsecured PHI; and
  • Provide you with a copy of this Notice and comply with its terms.

HOW WE USE AND DISCLOSE PHI

We may use or disclose PHI without your written authorization as permitted by HIPAA for the following purposes:

For Treatment

We may use or disclose PHI to support the orthodontic treatment activities of the health care providers who transmit PHI to us. Examples include:

  • Processing digital impressions, scans, or images;
  • Creating treatment plans, device designs, or orthodontic appliances; and
  • Enabling providers to review, modify, or approve patient treatment information through our Doctor Portal.

For Payment

We may use or disclose PHI as needed to support payment activities, such as:

  • Billing for devices or services ordered by the provider; and
  • Verifying the accuracy of order-related information.

For Health Care Operations

We may use PHI to support operational functions, including:

  • Quality assurance, product safety, and performance evaluations;
  • Customer and technical support;
  • Internal system maintenance and cybersecurity monitoring; and
  • Training and certification of staff involved in device manufacturing or case review.

As Required by Law

We may disclose PHI when required by federal, state, or local laws, including to:

  • Comply with court orders, subpoenas, or regulatory requests;
  • Respond to law enforcement when legally permitted; and
  • Meet medical device reporting or patient safety obligations.

Business Associate Subcontractors

We may disclose PHI to subcontractors who assist in providing our services, provided they agree in writing to comply with HIPAA requirements and to maintain the privacy and security of PHI.

USES AND DISCLOSURES REQUIRING AUTHORIZATION

We will not use or disclose PHI for the following purposes without your express written authorization:

  • Marketing communications.

We do not sell PHI. Other uses and disclosures not described in this Notice will be made only with your written authorization. Your authorization will not be required if we remove information that individually identifies you, in accordance with applicable law, before disclosing the remaining information.

Authorizations may be revoked at any time except to the extent that we have already taken actions have already been taken in reliance on the authorization.

We are unable to take back any disclosures that we have already made with your permission, and we are required to retain our records of the products and services that we provided to you or on your behalf to your healthcare provider.

HOW WE PROTECT INFORMATION

We implement administrative, technical, and physical safeguards that meet or exceed HIPAA Security Rule requirements, including:

  • Encryption of PHI at rest and in transit;
  • Access controls and authentication;
  • Audit logging and monitoring;
  • Staff HIPAA training; and
  • Vendor management and risk assessment procedures

YOUR RIGHTS REGARDING PHI

When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you. You have the right to:

Get an electronic or paper copy of your medical record

  • You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. Ask us how to do this.
  • We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.

Ask us to correct your medical record

  • You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this.
  • We may say “no” to your request, but we’ll tell you why in writing within 60 days.

Request confidential communications

  • You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.
  • We will say “yes” to all reasonable requests.

Ask us to limit what we use or share

  • You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say “no” if it would affect your care.
  • If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share that information.

Get a list of those with whom we’ve shared information

  • You can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why.
  • We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.

Get a copy of this privacy notice

You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.

Choose someone to act for you

  • If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
  • We will make sure the person has this authority and can act for you before we take any action.

File a complaint if you feel your rights have been violated

  • You can complain if you feel we have violated your rights by contacting us using the information below.
  • You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting hhs.gov/ocr/privacy/hipaa/complaints/.
  • We will not retaliate against you for filing a complaint.

CHANGES TO THIS NOTICE

We reserve the right to revise or update this Notice at any time. Any changes will apply to all PHI we maintain and will be posted on our website with a new effective date.

CONTACT INFORMATION

For questions about this Notice or to report a privacy or security concern, please contact:

LightForce Orthodontics – Privacy Office

Address: 400 Research Drive, Wilmington, MA 01887

Phone: 800-481-0185

Email: privacy@lfo.co

Website: lf.co