Cardenas Orthodontics’ Commitment to Your Privacy

Cardenas Orthodontics, P.C. d/b/a Embrace Orthodontics (“Embrace”) understands that medical information about you and your health is personal.   We are committed and dedicated to maintaining the privacy of your protected health information (“PHI”), as defined below. Embrace is required by law to maintain the privacy of your PHI and provide you with a copy of this Notice of Privacy Practices (“Notice”) as it details how we will protect the privacy of your health information, describes our legal responsibilities, and your rights regarding your PHI. Additionally, this Notice explains how we may use your health information and when we may disclose that information to others.  Embrace is required by law to abide by the terms contained herein.

The Health Insurance Portability and Accountability Act (“HIPAA”) is a federal law which was enacted, in part, to ensure privacy protections to individuals when it comes to their healthcare.   HIPAA directs health care providers, payers, and other health care entities to develop policies and procedures to ensure the security, integrity, privacy and authenticity of health information, and to safeguard access to and disclosure of health information. Additionally, there may be other federal and state laws privacy laws which apply to you.

Embrace is required by law to make sure there are reasonable processes in place to keep your health information private, give you this Notice of our legal duties and privacy practices with respect to your health information, and follow the terms of this Notice.

Embrace, its employees, officers, directors, contractors, business associates, volunteers, health care students, interns, residents, fellows, and affiliates (sometimes referred to herein as “we”, “us” or “our”) shall follow the terms provided in this Notice.

Embrace specifically reserves the right to change our privacy practices and the terms of this Notice as may be necessary to comply with all applicable laws.  If any material changes are made to our privacy policy, we will advise you of the revisions to this Notice.  Embrace will provide you with such information either by direct mail, electronically, or other means as may be provided in accordance with applicable law.

In order to protect against risks, such as loss, destruction, or misuse of private information, Embrace maintains physical, electronic and procedural security safeguards in handling and maintaining all information, in accordance with all applicable state and federal standards.

Information and Protected Health Information (“PHI”)

For the purposes of this Notice, the terms “information”, “PHI” or “health information” may be used interchangeably and shall include any information that we maintain that can reasonably be used to identify you and that relates to your physical or mental health condition, the provision of health care services to you, or the payment for such health care.  PHI is defined by law to include any data created, received, stored or transmitted by any HIPAA-covered entities and their business associates in relation to the past present or future provision of healthcare, healthcare operations, and the payment of such healthcare services.  Electronic health information is sometimes referred to as ePHI.

The information covered in this notice includes, but is not limited to Healthcare information about your treatment, billing and payment information, certain personal information needed to identify you, contact you and provide for payment, oral, paper and electronic information, and information that is created, received, accessed, transmitted and stored by us.

Our Uses and Disclosures

We have a right to use and disclose your PHI in the following ways:

  1. For Treatment: We may use your health information to provide, coordinate or manage your treatment. We can use or share your PHI with other professionals who are treating you in an effort to aid and coordinate your care, such as other doctors, dentists, dental hygienist, dental assistants,  nurses, nurse technicians, health or dental care students, or other Provider employees or contractors who are involved in providing health care to you. For example, we may share your health information with another provider for a consultation or referral for further treatment. We may use your medical information and PHI to write prescriptions, or otherwise disclose your PHI to a pharmacy when a prescription is ordered for you. We may also disclose your PHI to others with your authorization who may assist in providing you with care, such as your spouse, children, or parents.
  2. Health Care Operations. We may use and disclose your health information to run our practice, improve your care, and contact you when necessary. These uses and disclosures are necessary for us to operate and make sure that all of our patients receive quality care, such as evaluating the performance of the staff and doctors who provide your care.
  3. For Payment: We may use, disclose or share medical information about your treatment and PHI to bill, collect, and receive payment from you, your health insurance company, or other third party payer that may be responsible for such costs, such as family members. We may also tell your health insurance company about a proposed treatment you are going to receive in order to obtain prior approval or to determine whether your health insurance plan will cover the costs associated with that treatment. We may disclose to other health care providers PHI about you which may be required for their payment activities. We may also disclose PHI to our business associates, such as billing companies, and claim processing companies.
  4. Other disclosures related to your relationship with us. Such use and disclosure of your health informationincludes, but is not limited to, the following reasons:
    • Appointment Reminders: Reminding you of an appointment with us.
    • Treatment Alternatives: We may use or disclose your information to tell you about or recommend health and related treatment alternatives, benefits, or options.
    • Health-Related Benefits and Services: We may use and disclose medical information to tell you about other health-related benefits and services that may be of interest to you.

We may, under limited circumstances, disclose your health information for other purposes, generally related to ways that contribute to the public good, such as public health and research. Before any such disclosures are made, we must comply with all applicable legal requirements.

For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html. Examples may include:

  1. Public health and safety issues. We can share health information about you for certain situations such as:
  • Preventing or control disease, injury, or disability
  • Report births and deaths
  • Helping with product recalls
  • Reporting adverse reactions to medications
  • Reporting suspected abuse, neglect, or domestic violence
  • Preventing or reducing a serious threat to anyone’s health or safety
  • Provide notices to persons exposed to a disease or may be at risk for contracting or spreading a disease or condition.


  1. 2. Research purposes. We may share health information to assist in research related to the evaluation of certain treatments or the prevention of disease, if the research study meets federal privacy law requirements. We may use or disclose your health information for research if you have given written authorization or when a research study has been reviewed and approved by an institutional review board. Researchers may access information to determine whether the study or certain patients are appropriate participants. Under certain circumstances a limited amount of information may be provided by agreement subject to specific restrictions.


  1. Compliance with the law. We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.


  1. Respond to organ and tissue donation requests. If you are an organ donor, we may share health information about you with organ procurement organizations to facilitate donation and/or transplantation.


  1. Coroners, medical examiner and funeral director. We can share health information with a coroner, medical examiner, or funeral director when an individual dies to identify a deceased person, determine the cause of death, or to assist such individuals in carrying out their official duties.


  1. Workers Compensation. We may disclose your health information to respond to workers’ compensation inquiries as authorized by, or to the extent necessary to comply with, state workers compensation laws that govern job-related injuries or illnesses.


  1. Law Enforcement. We may disclose health information to comply with a court order, subpoena, or other law enforcement purposes such as helping to identify or locate a suspect, fugitive, material witness, or missing person or as may otherwise be required to report a crime.


  1. Health Care oversight activities. Response to an inquiry from any health oversight agencies for activities authorized by law, such as licensure, governmental audits and fraud and abuse investigations.


  1. Specialized government function. We may release medical information about you to military and veterans’ activities, if you are a member of the armed forces, or for special government functions such as military, national security and intelligence activities, presidential protective services, foreign heads of state and others, medical suitability determinations, correctional institutions and custodial situations.


  1. Lawsuit or Dispute. If you are involved in a lawsuit or dispute, we may disclose medical information about you to respond to any judicial or administrative proceeding such as response to a court order, search warrant, discovery request or subpoena, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.


  1. Avert a serious threat to health and safety. We may use or disclose your medical information when necessary to avoid a serious threat to the health or safety of you, another person, or the public for example disclosing information to public health agencies or law enforcement, or in the event of an emergency. Disclosure must be limited to someone able to help prevent or lessen the threat.


  1. To correctional institutions or law enforcement officials. If you are an inmate or under custody of such law enforcement official and such disclosure is for specific necessary purposes, such as securing health care services for you, or to protect the safety and security of you, the institution, or others.


  1. Business Associates. To our business associates that perform functions on our behalf or provide us with services if the health information is necessary for said functions or services. We may disclose your healthcare information to our business associates so they can perform the job we have asked them to do. Our business associates are required, by federal law and pursuant to our contract with them, to protect the privacy of your PHI. They may not disclose or otherwise use your PHI except as specified in our contract and as permitted by law.


  1. Emergency. If you need emergency treatment or we are required by law but are unable to get your consent; we will attempt to obtain consent as soon as practical after treatment


  1. Disaster Relief. We may disclose information about you to disaster relief entities to notify family or friends of by our location, general condition or death.


Uses or Disclosures to which you may Object or Opt Out:

  • Immunization: we may provide proof of immunization to a school that is required by state or other law to have such proof.
  • Persons involved in your care or responsible for payment: we may disclose information to a family member, relative, friend, or other identified person, prior to, or after your death, who is involved in your care or payment for care unless you object in writing.
  • Email or text: we may communicate with you by encrypted email or text unless you object.
  • Fundraising: we will notify you if we intend to use your medical information for fund-raising purposes, and let you know that you have the right to opt out of receiving fundraising communications. For example, we may disclose information to a foundation related to the Provider so that the foundation may contact you about raising money for the foundation. We would only release contact information, such as your name, address, phone number and the dates you received treatment or services at the Provider. If you do not want the Provider to contact you for fundraising efforts, you must notify us in writing, and you will be given the opportunity to opt-out of these communications.

Uses And Disclosures Which Require Your Authorization:

Other uses and disclosures not covered in this notice will be made only with your written authorization. Authorization is required and except in limited situations may be revoked, in writing, at any time. The following require authorization which may not be revoked:

  • Marketing: disclosure of your information for marketing of products or services or treatment alternatives, including any subsidized treatment communications, that may be of benefit to you when we receive direct payment from a third party for making such communications, other than as set forth above regarding to face-to-face communications and promotional gifts of nominal value.
  • Psychotherapy notes
  • Sale of Protected Health Information unless an exception is met.

Your Rights

When it comes to your health information and PHI, you have certain rights. This section explains your rights and some of our responsibilities towards you.  You have the right to:

Right to access, inspect and obtain copies of health information. you have the right to access, inspect and receive a copy of your health information, including billing records, except for psychotherapy notes, information compiled in reasonable anticipation of, or for use in, a civil, criminal or administrative action or proceeding, or other limited circumstances.


  • You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you.
  • We will provide a copy or a summary of your health information, usually within 30 days of your request.
  • We may charge a reasonable, cost-based fee for the production of your medical record.
  • You may request that Embrace provide a copy of your information to a third party whom you identify.
  • You must make a written request to inspect and copy your health information or have your information sent to a third party.
  • You must send your request to the address provided herein. We may charge a reasonable fee for any copies or transmittal of record. We do not require an explanation for the request and will attempt to honor reasonable requests. If you request your medical information to be transmitted directly to another person designated by you, your written request must be signed and clearly identify the designated person and where the copy of Protected Health Information is to be sent.
  • If we deny you access to your health information, you will receive a timely, written denial in plain language that explains the basis for the denial, your review of rights and an explanation of how to exercise those rights.

 Right to Amend: if you feel that medical information, we have about you been incorrect or incomplete, you may ask us to amend the information.

  • You can ask us to correct any of your health information that you think is incorrect or incomplete. Your request must be in writing, specifically identify the information that you feel is inaccurate or incomplete and provide the reasons for the requested amendment.  Your request must be mailed to the address for Embrace provided herein.
  • We may deny your request for an amendment if it is not in writing or does not include an adequate reason to support your request.
  • In addition, we may deny your request of you ask us to amend information that:
    • Was not created by us, unless the person or entity that created the information is no longer available to make the amendments;
    • Is not part of the medical information kept by Embrace
    • Is not part of the information which you are permitted to inspect and copy; or
    • Is accurate and complete.
  • You have the right to request an amendment for as long as the information is kept by Embrace. We are not obligated to make any changes, however if we decline to do so an explanation will be sent to you writing within 60 days.

Right to Request confidential communications

  • You may request to receive communications from us in a certain method or a certain location.
  • You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address. You must mail your request to change or restrict communications to the address for Embrace provided herein.
  • We will attempt to accommodate all reasonable requests.

Right to request restrictions: you have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment or health care operations.

  • You can ask us not to use or share certain health information for treatment, payment, or our operations. You also have the right to ask us to restrict disclosures to family members or to others who are involved in your health care or payment for your health care. However, as set out above, in an emergency, disaster, or if you are not able to communicate, we may disclose information if in our professional judgment such disclosure is necessary. PLEASE NOTE while we will try to honor your request and will permit requests consistent with our policies, we are not required to comply with your request.
  • If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. Such a request will be honored unless a law requires us to share that information.

Right to receive an accounting of disclosures. You have the right to request an accounting of the disclosures. This is a list of the disclosures we made of medical information about you other than our own uses for treatment, payment and health care operations, as those functions are described above.

  • You can ask for a list (accounting) of the times we’ve shared certain health information of yours for six years prior to the date your request, who we shared it with, and why.
  • The accounting will include all disclosures except those: made for treatment, payment, and health care operation purposes; made to you or pursuant to your authorization; to correctional institutions or law enforcement officials; and certain other disclosures which are required to be disclosed in an accounting by any applicable law. You are entitled to one accounting per year at no charge, but we will charge a reasonable, cost-based fee for each accounting over one within a twelve-month period.
  • We will provide the accountings within sixty (60) days of receipt of a written request. However, we may extend the time period for providing the accounting by thirty (30) days if within the initial sixty (60) days we provide you with a written statement of the reasons for the delay and the date by which you will receive the information.

Right to get a copy of this privacy notice. You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.  A copy of this Notice shall be maintained on this website.

Right to be Notified of a Breach.  You have a right to be notified if there is any impermissible use or disclosure of your health information that compromises the privacy or security of your health information.


Choose someone to act for you.

  • If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
  • We will verify that any person purporting to have such authority is in fact authorized and may act on your behalf before we honor any of such person’s requests.

File a complaint

  • If you feel we have violated your rights you may file a complaint with Embrace directly by contacting us as provided herein.
  • You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.
  • We will not take any action or retaliate against you for filing a complaint.

Your Choices

For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.

In these cases, you have both the right and choice to tell us to:

  • Share information with your family, close friends, or others involved in your care
  • Share information in a disaster relief situation

If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.

We will never share your PHI unless you give us prior written permission in the following situations:

  • Use or disclosure for marketing purposes
  • Disclosure which may be considered a sale of your information
  • Disclosure of psychotherapy notes, if any.

Any written authorization provided by you for the use or disclosure of PHI may be revoked at any time and will be effective upon reasonable notice.


Our Responsibilities

  • We are required by law to maintain the privacy and security of your protected health information.
  • We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
  • We must follow the duties and privacy practices described in this notice and give you a copy of it.
  • We will not use or share your information other than as described herein unless you give prior written authorization. If you have provided such written authorization you may change your mind at any time and revoke said authorization. Provide us written notice of your revocation at the address provided herein.


For more information see:


Compliance with Certain State Laws


When we use or disclose your PHI as described in this Notice, or when you exercise certain of your rights set forth in this Notice, we may apply state laws about the confidentiality of health information in place of federal privacy regulations. We do this when these state laws provide you with greater rights or protection for your PHI. For example, some state laws dealing with mental health records may require your express consent before your PHI could be disclosed in response to a subpoena. Another state law prohibits us from disclosing a copy of your record to you until you have been discharged from our hospital. When state laws are not in conflict or if these laws do not offer you better rights or more protection, we will continue to protect your privacy by applying the federal regulations.

Additional Restrictions on Use and Disclosure

Certain federal and state laws may require special privacy protections that restrict the use and disclosure of certain health information, including highly confidential information about you.  “Highly Confidential Information” may include confidential information under Federal laws governing alcohol and drug abuse information and genetic information as well as state laws that often protect the following types of information: (i) HIV/AIDS; (ii) mental health; (iii) genetic tests; (iv) alcohol and drug abuse; (v) sexually transmitted diseases and reproductive health information; and (vi) child or adult abuse or neglect, including sexual assault.  If use or disclosure of health information described above in this Notice is prohibited or materially limited by other laws that may apply to us, it is out intent to meet the requirements of the more stringent law.

 Changes to this Notice

We reserve the right to change this notice and the revised or changed notice will be effective for medical information we already have about you as well as any information we receive in the future. The current notice will be posted in our facilities and on our website https://embraceorthodontics.us and you may request a copy of our current notice at any time.

Contact Us

Should you need to contact Embrace for any reason, including those regarding this Policy or any privacy concert, please contact us at:





If you believe that Embrace or anyone affiliated with Embrace has misused any of your information, please contact us immediately to report such action.

Effective Date of this Notice:  May 27, 2022