The Practice is a multi-location dental organization operating in California, with locations operating under names including Captain Dental and Story Dental. We are committed to protecting the privacy of your health information and the information you share with us through our patient portal, Vind.

This Privacy Policy applies to all the Practice locations and to all services provided through the Vind patient portal, including appointment confirmations and reminders, patient forms and electronic signatures, payment processing, balance inquiries, secure messaging, and guardian and dependent account access.

All employees, contractors, dentists, hygienists, administrative staff, and business associates working on behalf of the Practice are required to comply with this policy and maintain the confidentiality of your health information.

For contact information and to reach our Privacy Officer, please see Section 22 (How to Contact Us) at the end of this policy.

The Practice collects various categories of information to provide you with quality dental care, manage our practice, and comply with legal and regulatory requirements. We collect only the information reasonably necessary for each stated purpose, consistent with the HIPAA minimum necessary standard.The types of information we collect include:
‍Personal Identifiers
‍•   Full name, date of birth, and age
•   Home address, city, state, and ZIP code
•   Telephone number(s) and email address
•   Social Security number (only when necessary for insurance verification or credit purposes)
•   Relationships to other patients at the Practice (such as parent, child, sibling, spouse, partner, or roommate), when relevant to account management, guardianship, or coordination of care
•   Driver’s license or other government-issued identification
‍Insurance and Financial Information
‍•   Current, past, and future insurance policy numbers, carrier names, and group numbers
•   Current, past, and future employer and employment information for insurance purposes
•   Payment methods, including credit card and bank account information
•   Billing address and payment history
•   Information about outstanding balances and payment arrangements
‍Dental and Medical Health Information
‍•   Comprehensive dental treatment records and clinical notes
•   Radiographs (X-rays) and other diagnostic images
•   Diagnoses, treatment plans, and procedures performed
•   Current medications and medication history
•   Known allergies and adverse reactions
•   Medical and dental history
•   Laboratory test results and diagnostic findings
•   Previous treatment records from other providers
‍Appointment and Scheduling Information
‍•   Appointment dates, times, and locations
•   Attendance records and cancellations
•   Provider assignments
•   Appointment notes and special requests
‍Communications and Portal Information
‍•   Messages sent through the Vind patient portal
•   Correspondence including emails and letters
•   Feedback and survey responses
•   Vind portal account login activity and IP addresses
•   Device information and browser type used to access the portal
•   Portal usage patterns for security and service improvement
‍Signature Information
‍•   Electronic signatures on forms and consents
•   Paper-based signatures on documents
•   Timestamps of signature execution
‍Website and Online Information
‍When you visit www.captaindental.com, the Vind patient portal (my.vind.dental), or interact with our other online services, we may collect:
•   Browser type, language preference, and operating system
•   Referring website, pages visited, and the date and time of each request
•   Internet Protocol (IP) address
•   Device type and screen resolution
•   Information collected through cookies and similar tracking technologies (see Section 18)
This information helps us understand how visitors use our website and improve our online services.
‍How We Collect This Information
‍We collect information in several ways:
•   Directly from you through in-office forms, verbal communication, and the Vind portal
•   From your insurance company or employer
•   From other healthcare providers or specialists who have treated you
•   From guardians, parents, or authorized representatives acting on your behalf
•   Automatically through the Vind portal when you create an account or access services
•   Automatically through our website when you browse www.captaindental.com (see Section 18)

The Practice uses your health information for several purposes, as permitted by HIPAA and California law:
‍Treatment
‍We use your health information to provide, coordinate, and manage your dental care. This includes:
•   Providing diagnostic and treatment services
•   Referring you to specialists or other providers
•   Requesting consultations and obtaining records from other providers
•   Planning and documenting your treatment
•   Following up with post-treatment care and instructions
‍Payment
‍We use your information to bill you for services and to process insurance claims:
•   Billing you for dental services rendered
•   Submitting and following up on insurance claims
•   Verifying insurance coverage and eligibility
•   Processing payments and refunds
•   Managing collections for outstanding balances
•   Determining financial responsibility and co-payments
‍Healthcare Operations
‍We use your information to support the day-to-day operations of our practice:
•   Quality improvement initiatives and peer review
•   Staff training, credentialing, and professional development
•   Internal audits and compliance monitoring
•   Business planning and practice management
•   Customer service and addressing your questions or concerns
•   Administering the Vind patient portal and managing your account
•   Administrative communications regarding services, benefits, or account information
‍As Required by Law
‍We may use and disclose your information when required or authorized by law, including responding to court orders, subpoenas, or legal proceedings, and complying with regulatory requirements and licensing board investigations.
‍Public Health and Safety
‍We may use and disclose your information for public health activities as required or permitted by law, including disease reporting, public health surveillance, and safety investigations.
‍With Your Written Authorization
‍Any uses of your health information not specifically described in this policy require your written authorization. You may revoke any authorization in writing at any time, except to the extent we have already used or disclosed your information in reliance on that authorization.
‍Appointment Reminders and Health Communications
‍We may use your contact information to send you appointment reminders, confirm appointments, and provide you with treatment recommendations and health-related communications. You may opt out of non-essential communications by contacting our office or updating your preferences in the Vind portal.
‍No Marketing Without Consent
‍We will not use your health information for marketing purposes without your explicit written authorization.
‍No Sale of Your Information
‍The Practice does not sell, trade, or rent your health information to any third party under any circumstances.

The Practice shares your health information only when appropriate and permitted by law. Permitted disclosures include:
‍Your Dental Care Team
‍We share your information with dentists, hygienists, dental assistants, and other team members involved in providing your care at the Practice.
‍Healthcare Providers and Referrals
‍We share your information with other dentists, specialists, physicians, and healthcare providers to whom you are referred or who are involved in your care, as necessary for treatment coordination.
‍Your Insurance Company
‍We share your information with your dental insurance company to verify coverage, process claims, and obtain authorization for treatment.
‍Business Associates
‍We work with trusted third-party vendors and service providers to support our operations (see Section 11 for details). We require all business associates to sign agreements obligating them to protect your information.
‍Family and Friends
‍With your permission, or when consistent with our professional judgment, we may share your information with family members, guardians, or others you designate to be involved in your care.
‍As Required or Permitted by Law
‍We may share your information when required or authorized by legal process, including court orders, subpoenas, and regulatory investigations. We may also disclose your information when permitted by law for the following purposes:
•   Public health reporting as mandated by California or federal law
•   Health oversight activities, including audits and investigations by government agencies
•   Workers’ compensation claims, as required by applicable law
•   Law enforcement purposes, in limited circumstances as defined by HIPAA
•   Coroners, funeral directors, and organ donation organizations, as permitted by law
•   Research purposes, subject to institutional review board approval and applicable safeguards
•   To prevent or lessen a serious and imminent threat to health or safety
‍No Marketing Disclosures
‍We do not disclose your health information for marketing purposes without your written authorization.
‍No Sale of Information
‍The Practice does not sell your health information to any third party.

The Vind patient portal is a secure digital platform that allows you to manage your dental care and access your information online. We use Vind to provide appointment confirmations and reminders, patient forms and electronic signature collection, payment processing and balance inquiries, treatment estimates, secure messaging with our office, and guardian or dependent account access.
‍Data Collected Through Vind
‍When you use the Vind portal, we collect and process:
•   Account credentials and authentication information
•   Appointment scheduling and confirmation data
•   Patient forms and electronically signed documents
•   Payment and financial information
•   Messages you send through the portal
•   Access logs, login timestamps, and IP addresses
•   Device type and browser information
‍Data Security
‍Portal data is protected using encryption in transit (HTTPS/TLS) and at rest. Access to your information within the portal is controlled through role-based permissions, ensuring that only authorized users can view your records.
‍Usage Logs and Security Monitoring
‍We collect login activity, access times, and IP address information from the portal for security purposes and to prevent unauthorized access. This information helps us identify and investigate suspicious activity and improve our security practices.
‍Health Information Protection
‍Any health information you access, upload, or communicate through the Vind portal is treated as Protected Health Information under HIPAA and is protected with the same safeguards we apply to information in your paper records.

By providing your email address, phone number, or mobile device information and using the Vind portal, you may receive electronic communications from us including appointment reminders, billing statements, treatment updates, and other patient-related messages.
‍SMS Communications
‍If you provide your mobile phone number and opt in to receive SMS messages from the Practice, we will use your number to send you transactional messages related to your appointments, account activity, and patient care. Your mobile phone number and SMS opt-in consent data will not be sold, rented, or shared with third parties or affiliates for marketing or promotional purposes. We may share your information with service providers who assist in delivering messages on our behalf (such as our SMS platform provider), subject to confidentiality obligations. You may opt out at any time by replying STOP to any message. For full details on communications consent, please see the Communications & Electronic Consent (TCPA Consent) section of the Practice Policy.
‍Inherent Risks
‍Electronic communications carry certain risks that we cannot completely eliminate:
•   Emails may be intercepted or viewed by unintended recipients
•   Messages may be misdirected to incorrect email addresses or phone numbers
•   Technical errors may result in message loss or delay
•   Unencrypted email is less secure than other communication methods
‍Our Safeguards
‍We use reasonable security measures including encrypted email services, secure portal systems, and authentication protocols. However, we cannot guarantee absolute security for any electronic communication.
‍Opt-Out Options
‍You may opt out of automated electronic communications (such as appointment reminders, account notifications, and other non-essential messages) by contacting our office or by replying STOP to any text message. Please note that opting out currently applies to all automated communications — we are not able to selectively disable individual message types at this time. We may offer more granular communication preferences in the future.Even if you opt out, we may still contact you directly (not through automated systems) when necessary for treatment, payment, or legal notices. If you opt out, you are responsible for keeping track of your appointments and account status.
‍Sensitive Matters
‍For sensitive matters or detailed discussions about your health, we recommend using the secure messaging feature in the Vind patient portal or speaking with our office directly. Standard SMS and email are not encrypted and may not be appropriate for communicating detailed health information.
‍Outdated Contact Information
‍We are not responsible for electronic communications sent to email addresses, phone numbers, or portal accounts that you have not kept current. Please update your contact information promptly by logging into the Vind portal or contacting our office.

HIPAA gives you important rights regarding your health information. You have the following rights:
‍Right to Access
‍You have the right to request a copy of your complete health record, including dental records, radiographs (X-rays), and treatment notes. You may request these records in electronic format or on paper. We may charge a reasonable, cost-based fee for copying, mailing, or other expenses associated with providing your records. To exercise this right, submit a written request to our Privacy Officer.
‍Right to Amend
‍If you believe information in your health record is incorrect or incomplete, you may request that we make corrections or additions. We will consider your request and notify you of our decision. We may deny your request if we determine the information is accurate and complete, in which case we will provide you with our reason in writing. If we deny your request, you may submit a written statement of disagreement, and we will attach your statement to your record.
‍Right to an Accounting of Disclosures
‍You have the right to request a list of certain instances in which we have disclosed your health information to third parties. This accounting will include the date of disclosure, the name and address of the recipient, and the purpose of the disclosure. We will provide the first accounting at no cost within a 12-month period; additional requests within that period may incur a reasonable fee.
‍Right to Request Restrictions
‍You have the right to request that we limit how we use or share your health information. For example, you might ask us not to send appointment reminders to a particular phone number or to restrict disclosure to a specific family member. We will consider all requests, but we are not always legally obligated to agree.
‍Important exception: If you pay out of pocket in full for a service or item, we are required to honor a request to restrict disclosure to your health insurance plan concerning that specific service or item.
‍Right to Request Confidential Communications
‍You have the right to request that we communicate with you in a specific manner or at a specific location. For example, you may request that we contact you only at your work address or by text message rather than at your home phone number. We will honor reasonable requests without asking the reason.
‍Right to a Paper Copy of This Notice
‍You have the right to receive a paper copy of this Notice of Privacy Practices at any time. You may request a copy in person, by mail, or by email using the contact information in Section 22.
‍Right to Notice of a Breach
‍If we discover a breach of unsecured health information that compromises your privacy or security, we will notify you without unreasonable delay. The notification will include the date and nature of the breach, the types of information involved, what we are doing to investigate the incident, steps you can take to protect yourself, and our contact information.
‍How to Exercise Your Rights
‍To exercise any of these rights, submit a written request to our Privacy Officer at the address, phone number, or email listed in Section 22. Please specify which right you are exercising and provide enough detail for us to locate your records. We will respond within 30 days, though we may extend this period by an additional 30 days if necessary (with written notice to you). The first request in a 12-month period will be provided at no charge; subsequent requests may incur a reasonable fee.

California Confidentiality of Medical Information Act (CMIA)
‍California law under the Confidentiality of Medical Information Act provides additional protections for your medical information. Generally, CMIA requires healthcare providers to obtain written authorization before disclosing medical information to third parties, except in limited circumstances defined by law. We comply with all CMIA requirements in addition to our HIPAA obligations.
‍California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
‍Health information governed by HIPAA is largely exempt from the CCPA and CPRA. However, we respect the privacy principles underlying these laws and recognize the rights of California consumers.
•   We do not sell your personal information or health information.
•   We do not use your information for cross-context behavioral advertising.
If we collect non-PHI personal information (for example, through website analytics or general marketing), California residents have the following rights:
•   The right to know what personal information is collected and how it is used
•   The right to request deletion of personal information
•   The right to request correction of inaccurate personal information
•   The right to opt out of certain data sharing practices
•   The right to limit use of sensitive personal information
‍No Discrimination
‍We will not discriminate against you or treat you differently if you exercise any of your privacy rights under California law, HIPAA, or this policy. We will not deny you services, charge you different fees, provide you with different quality of service, or retaliate against you for asserting your privacy rights.If you have questions about your California privacy rights, please contact our Privacy Officer at the information listed in Section 22.

When you become a patient at the Practice, you will be asked to sign a Privacy Notice & Acknowledgment form. This form serves two purposes:
•   It confirms that you have received and had the opportunity to review this Notice of Privacy Practices.
•   It records your consent to the video and audio monitoring practices described in Section 14 of this policy.

The acknowledgment form is a one-time requirement under HIPAA. You do not need to re-sign it when we make routine updates to this policy. However, if we materially change our monitoring practices, we will ask you to provide new written consent.

The most current version of this Privacy Policy is always available at the URL referenced on the acknowledgment form and through the Vind patient portal. We encourage you to review it periodically.

The Practice works with trusted third-party vendors and business associates who provide services essential to our operations. All business associates are required to sign Business Associate Agreements (BAAs) that obligate them to maintain the confidentiality and security of your health information and to use that information only for the purposes we specify.
‍Categories of Service Providers
‍We work with service providers in the following categories:
•   Dental Billing and Claims Services: Companies that process insurance claims, verify coverage, and manage billing.
•   IT and Hosting Providers: Companies that maintain our computer systems, networks, and data storage infrastructure.
•   Patient Portal and Communication Platforms: Vind and email/SMS communication services.
•   Payment Processors: Companies that process credit card payments and electronic fund transfers.
•   Collections Agencies: When necessary, third parties that assist in collecting outstanding balances.
•   Accounting and Payroll Services: Providers who maintain our financial records and payroll systems.
•   Security and Compliance Services: Vendors who help us maintain security safeguards and regulatory compliance.
‍Your Information and Third Parties
‍We do not authorize third parties to use your information for any purpose other than to perform the specific services we have contracted them to provide. Service providers may not use your information for their own business purposes or share it with other organizations.
‍Changes to Service Providers
‍We may add or change service providers from time to time. If a change materially affects how your information is used or disclosed, we will update this policy and provide notice as described in Section 21.

The Practice maintains comprehensive safeguards to protect your health information from loss, theft, misuse, alteration, and unauthorized access. Our security program includes administrative, technical, and physical controls.
‍Administrative Safeguards
‍•   Designated Privacy Officer and Security Officer responsible for privacy and security compliance
•   Workforce security policies and access controls limiting who can view and use health information•   Authorization and supervision of staff members with access to health records
•   Regular training for all staff on privacy and security practices
•   Confidentiality agreements with all employees and contractors
‍Technical Safeguards
‍•   Encryption of health information in transit (using HTTPS/TLS) and at rest (using industry-standard encryption methods)
•   Access controls and user authentication (usernames, passwords, multi-factor authentication where appropriate)
•   Audit controls and logging of access to health information
•   Regular security assessments and vulnerability testing
•   Secure data transmission protocols for electronic communications
•   Firewalls and intrusion detection systems
‍Physical Safeguards
‍•   Secured facilities with limited access to areas where health information is stored
•   Locked cabinets and secure storage for paper records
•   Video monitoring in certain areas (see Section 14 for details)
•   Controlled access to computers and workstations
•   Disposal procedures for secure destruction of paper and electronic records
‍Limitations of Security
‍While we maintain reasonable and appropriate safeguards, no security system is completely immune to every threat. We cannot guarantee absolute protection against all unauthorized access, data breaches, or security incidents. If you discover unauthorized access to your account or suspect a security breach, please contact our office immediately.

The Practice retains health records and personal information in accordance with California and federal legal requirements and our business needs.
‍Retention Periods
‍•   Adult patient records: Retained for at least 7 years after the last date of service.
•   Minor patient records: Retained for at least 7 years after the patient reaches the age of 18, or as otherwise required by California law (whichever is longer).
•   Radiographs and digital imaging: Retained according to the same schedule as treatment records.
•   Insurance and billing records: Retained for at least 7 years.
•   Vind portal account data: Retained as long as your account is active and for such additional time as required for legal or business purposes.
‍Secure Destruction
‍When records are no longer required to be retained, we securely destroy them. Paper records are shredded or incinerated. Electronic records are permanently deleted or securely wiped to prevent recovery. We work with certified document destruction services to ensure secure disposal.

The Practice maintains video and audio monitoring systems in certain areas of our facilities for purposes of patient safety, staff safety, security, quality assurance, and training. Our monitoring practices comply with California law.
‍Monitoring Locations and Methods
‍•   Reception, waiting areas, and hallways: Video and audio recording.
•   Treatment rooms and operatories: Video recording only. No audio recording.
•   Restrooms, changing areas, and private consultation rooms: No monitoring of any kind.
‍Purposes of Monitoring
‍Video and audio recordings are used for:
•   Protecting the safety of patients and staff
•   Quality improvement and clinical training
•   Investigating incidents or complaints
•   Security purposes and prevention of theft or unauthorized access
‍Access to Recordings
‍Access to video and audio recordings is limited to authorized personnel, including management, security personnel, and staff involved in quality improvement or investigation. Recordings are not used for marketing, public distribution, or any purpose unrelated to the reasons listed above.
‍California Audio Recording Consent
‍California law (Penal Code § 632) requires that all parties to a conversation consent to audio recording. the Practice obtains your written consent for audio recording in common areas through the Privacy Notice & Acknowledgment form that you sign when you become a patient. Signage is also posted in monitored areas to provide ongoing notice.

If we materially change our monitoring practices — for example, by adding audio recording in areas where it was not previously used — we will notify you and obtain your written consent before implementing the change.
‍Recording Retention
‍Video and audio recordings are retained for at least 30 days and then securely deleted, unless they are needed for an ongoing investigation or legal proceeding. Recordings used for training or quality improvement purposes are maintained in accordance with California law and our retention schedule.

The Practice complies with HIPAA requirements regarding the privacy of minors under the age of 18. We also respect California privacy laws that provide specific protections for minors.
‍Parental Access
‍Generally, parents or legal guardians have the right to access a minor’s health records and to make decisions regarding a minor’s care. However, California law and clinical judgment may limit parental access in certain situations, such as when a minor is seeking treatment for substance abuse, sexual health, mental health, or family planning services.
‍Emancipated Minors
‍If a minor is legally emancipated, the minor (not the parent) has control over their health information and decision-making authority regarding their own dental care.
‍Transition to Adult Protections
‍When a patient reaches the age of 18, full privacy rights and access controls transfer to the patient (unless otherwise provided by law or court order). Parents and guardians no longer have the automatic right to access records without the patient’s written permission.

If you opt in to receive SMS or text messages from the Practice (including appointment reminders, account notifications, and other transactional messages), the following protections apply:
•   Your mobile phone number and SMS opt-in consent data will not be sold, rented, or shared with third parties or affiliates for marketing or promotional purposes.
•   We may share your phone number with service providers who assist in delivering messages on our behalf (such as our SMS platform provider), subject to confidentiality obligations and Business Associate Agreements where applicable.
•   You may opt out of SMS messages at any time by replying STOP to any message, or by contacting our office using the methods described in the Practice Policy.
•   Standard message and data rates may apply depending on your wireless carrier and plan.
For full details on your communications consent, including message types and frequency, please refer to the Communications & Electronic Consent (TCPA Consent) section of the Captain Dental Practice Policy.

When you visit www.captaindental.com, we use cookies and similar technologies to enhance your browsing experience, display personalized content, and understand how visitors use our website.
‍What Are Cookies
‍A cookie is a small text file that a website stores on your computer or device, and that your browser provides to the website each time you return. Cookies help us identify and track visitors, their usage of our website, and their preferences.
‍Types of Cookies We Use
‍•   Essential cookies: Required for basic website functionality, such as page navigation and access to secure areas.
•   Analytics cookies: Help us understand how visitors interact with our website by collecting information such as pages visited, time spent on pages, and traffic sources.
•   Advertising cookies: Used by third-party advertising services to deliver relevant advertisements based on your browsing activity (see Section 18).
‍Managing Cookies
‍You may set your browser to refuse cookies or to alert you when cookies are being sent. If you disable cookies, some features of our website may not function properly. By continuing to navigate our website without changing your cookie settings, you acknowledge and agree to the Practice's use of cookies as described in this section.

www.captaindental.com uses remarketing services, including Google AdWords, to advertise on third-party websites to previous visitors to our site. This means we may display advertisements to you on Google search results pages or on sites within the Google Display Network after you have visited our website.Third-party vendors, including Google, use cookies to serve ads based on your past visits to www.captaindental.com. Any data collected through remarketing will be used in accordance with this Privacy Policy and Google's privacy policy.
‍Your Choices
‍•   You can set preferences for how Google advertises to you using the Google Ad Preferences page.•   You can opt out of interest-based advertising entirely through your browser's cookie settings or by using a browser plugin.
•   We do not use remarketing to advertise using your Protected Health Information. Remarketing is based solely on website browsing activity and does not involve your dental records, treatment history, or any health-related information.

Our website may contain links to external sites that are not operated by the Practice. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy and terms and conditions of every site you visit.The Practice has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third-party sites, products, or services.

The Practice may collect and publish aggregated, non-personally-identifying statistics about the behavior of visitors to its website. For example, we may publish reports on trends in website usage. The Practice does not disclose your personally identifying information or Protected Health Information in any aggregated statistics.

The Practice may update or revise this Notice of Privacy Practices from time to time to reflect changes in our practices, technology, legal requirements, or other circumstances.
‍How We Notify You of Changes
‍When we make changes to this policy, we will:
•   Post the updated policy on our website and in the Vind patient portal.
•   Update the “Last Updated” date at the top of this document.For material changes — changes that substantively affect how we collect, use, or share your information — we will also:
•   Send you an email or portal notification describing the change.
•   Provide at least 30 days’ notice before the material change takes effect.
‍What Counts as a Material Change
‍Material changes include adding new categories of data collection, sharing your information with new types of third parties, or substantively changing our monitoring practices. Non-material changes include correcting typographical errors, rewording for clarity, or updating internal procedures that do not affect your rights or how your information is handled.
‍When Re-Consent May Be Required
‍Most updates to this policy do not require you to sign a new acknowledgment form. Your original acknowledgment remains valid. However, if we materially change our video or audio monitoring practices, we will obtain your written consent before implementing those changes, as required by California law.
‍Your Statutory Rights Are Not Affected
‍For clarity: your rights under HIPAA, CMIA, and CCPA/CPRA exist by law and are not reduced or waived by any update to this policy. Changes to this policy may describe those rights differently or add new commitments, but they cannot take away rights you have under applicable law.

The “Last Updated” date at the beginning of this document reflects the most recent revision. We encourage you to review this policy periodically. If you have questions about any changes, please contact our Privacy Officer.

If you have questions about this Notice of Privacy Practices, wish to exercise your privacy rights, or have concerns about our privacy practices, please contact our Privacy Officer:
‍Privacy Officer
‍Captain Dental
4585 Stevens Creek Blvd Ste 101
Santa Clara, CA 95051
Phone: (408) 826-4676
Email: privacy@captaindental.com

We will respond to your inquiry within 30 days.
‍Complaints and Legal Rights
‍If you believe your privacy rights have been violated or if you wish to file a complaint about our privacy practices, you have the right to file a complaint with:
‍U.S. Department of Health and Human Services
‍Office for Civil Rights (OCR)
Website: www.hhs.gov/ocrPhone: 1-800-368-1019
You also have the right to file a complaint with the California Department of Public Health or other applicable California agencies.

‍We will not retaliate against you or discriminate against you in any way for filing a complaint or for asserting your privacy rights.