Notice of Privacy Practices

Effective date: April 26, 2026 · Required under HIPAA (45 C.F.R. § 164.520)

This Notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

1. Our Commitment to Your Privacy

Credimed, Inc. ("Credimed") is committed to protecting the privacy of your Protected Health Information ("PHI"). PHI is information about you, including demographic information, that may identify you and that relates to your past, present, or future physical or dental health condition, healthcare services, or payment for services.

We are required by law to:

Maintain the privacy and security of your PHI;
Provide you with this Notice of our legal duties and privacy practices;
Follow the terms of this Notice currently in effect;
Notify you in the event of a breach of your unsecured PHI.

2. How We May Use and Disclose Your PHI

2.1 For Treatment, Payment, and Healthcare Operations

Without your separate authorization, we may use or disclose your PHI for the following purposes:

Payment: to submit claims to your dental insurance carrier and to process reimbursements. This is the primary purpose for which we receive your PHI.
Healthcare operations: to evaluate the quality of our services, audit our claim outcomes, train our staff, and conduct compliance reviews.
Treatment coordination: we may share information with your dental provider in Mexico to clarify procedure codes or treatment notes, but only as needed to support your claim.

2.2 As Required by Law

We may disclose your PHI when required by federal, state, or local law, including in response to subpoenas, court orders, or other legal process.

2.3 Public Health and Safety

We may disclose your PHI to public health authorities, as required by law, for activities such as preventing or controlling disease, reporting child or adult abuse, or reporting product defects.

2.4 Health Oversight

We may disclose your PHI to health oversight agencies (e.g., the U.S. Department of Health and Human Services) for activities authorized by law, including audits, investigations, and inspections.

2.5 Business Associates

We may disclose your PHI to "Business Associates" — third-party vendors who perform services on our behalf and have signed a Business Associate Agreement (BAA) requiring them to safeguard your PHI. Current Business Associates include:

Amazon Web Services (cloud infrastructure and storage);
Stripe (payment processing, only de-identified or limited financial data);
Email and SMS providers used for transactional communications.

2.6 With Your Authorization

For uses and disclosures other than those described above, we will obtain your written authorization. Examples include marketing communications and the sale of PHI. You may revoke an authorization at any time, in writing, except to the extent we have already acted in reliance on it.

3. Your Rights Regarding Your PHI

3.1 Right to Inspect and Copy

You have the right to inspect and obtain a copy of your PHI maintained by Credimed. We will provide a copy in the form and format you request, if readily producible, within 30 days of your request. We may charge a reasonable, cost-based fee.

3.2 Right to Amend

If you believe PHI we have about you is inaccurate or incomplete, you may ask us to amend it. We may deny your request under specific circumstances permitted by law.

3.3 Right to an Accounting of Disclosures

You have the right to request a list of disclosures we have made of your PHI for purposes other than treatment, payment, healthcare operations, and certain other exceptions, for the past six (6) years.

3.4 Right to Request Restrictions

You have the right to request restrictions on certain uses and disclosures of your PHI. We are not required to agree to your request, except in narrow circumstances (such as restricting disclosures to a health plan for services you paid for entirely out of pocket).

3.5 Right to Confidential Communications

You have the right to request that we communicate with you about your PHI in a particular way or at a particular location (for example, only by email rather than by phone).

3.6 Right to a Paper Copy of This Notice

You have the right to receive a paper copy of this Notice, even if you have agreed to receive it electronically.

3.7 Right to Be Notified of a Breach

You have the right to be notified if we discover a breach of your unsecured PHI.

3.8 To Exercise Your Rights

To exercise any of these rights, contact our Privacy Officer at privacy@credimed.us. Some requests must be made in writing.

4. Complaints

If you believe your privacy rights have been violated, you may file a complaint with us at privacy@credimed.us or with the U.S. Department of Health and Human Services, Office for Civil Rights:

Phone: 1-800-368-1019
Online: www.hhs.gov/ocr/complaints/index.html

We will not retaliate against you for filing a complaint.

5. Changes to This Notice

We reserve the right to change this Notice and to make the new Notice effective for all PHI we maintain. We will post a copy of the current Notice on our website and provide a copy upon request.

6. Contact

Credimed Privacy Officer
Email: privacy@credimed.us
Phone: [TO BE PROVIDED]
Mailing address: [TO BE PROVIDED]

← Back to Credimed