Privacy policy

Unclench Dental is a California Professional Dental Corporation led by Dr. Jennifer Nguyen, DMD, FAGD, MPH. We provide dentist-led concierge therapeutic botulinum toxin therapy for temporomandibular dysfunction (TMD), bruxism, masseter hypertrophy, tension-type headaches, and stress-pattern jaw clenching. Services are delivered in patients' homes, hotels, and offices across the South Bay of Los Angeles and near Los Angeles International Airport (LAX).

We collect information you provide and information collected automatically. Categories include:

• Contact information — name, email, phone, city, and any information you submit via the inquiry form.
• Protected Health Information (PHI) — medical and dental history, current medications, allergies, symptom descriptions, diagnostic findings, treatment plans, clinical photos, and visit notes. PHI is collected only in the context of clinical care and is governed by HIPAA and CMIA.
• Telehealth session data — audio and video during virtual consultations (not recorded without explicit consent), session metadata (duration, time of connection), and any information shared during the session.
• Payment information — processed by third-party payment processors; we do not store full card numbers.
• Technical data — IP address, browser type, device type, pages viewed, referring URL, and general geographic region. Collected through standard web server logs and minimal analytics.

We use your information to:

• Respond to inquiries and schedule consultations
• Deliver clinical care (treatment, payment, and healthcare operations under HIPAA)
• Communicate with you about your care (appointment reminders, follow-up, secure messaging)
• Comply with legal, regulatory, and professional obligations (including the California Dental Board, HIPAA, and state reporting requirements)
• Improve the safety, security, and quality of our services
• Maintain accurate clinical records

We do not use PHI for marketing without explicit written authorization. We do not sell personal information.

Unclench Dental is a HIPAA-covered entity. This section summarizes your rights and our obligations under the Health Insurance Portability and Accountability Act (HIPAA), the HITECH Act, and the California Confidentiality of Medical Information Act (CMIA). A full Notice of Privacy Practices is provided to each patient at the time of the first consultation and is available on request.

Permitted uses and disclosures of PHI

We may use or disclose your PHI without your specific authorization for:

• Treatment — providing, coordinating, or managing your healthcare, including consultation with other clinicians.
• Payment — collecting payment for services rendered. (Note: this practice is cash-pay; we do not bill insurance.)
• Healthcare operations — quality assessment, clinician credentialing, compliance reviews, and similar activities.
• Required by law — disclosures required by federal, state, or local law, including reports to public health authorities, law enforcement, judicial proceedings, or professional licensing boards.
• Health oversight — disclosures to agencies authorized to conduct health oversight activities.
• Serious threat — disclosures to prevent a serious and imminent threat to health or safety.

Your HIPAA rights

• Right of access — inspect and obtain a copy of your PHI.
• Right to amend — request correction of PHI you believe is incorrect.
• Right to accounting of disclosures — receive a list of certain disclosures of your PHI.
• Right to request restrictions — request limits on how we use or disclose PHI.
• Right to confidential communications — request that we communicate with you in a specific way (for example, only by email, or only to a specific address).
• Right to a paper copy — receive a paper copy of this Notice upon request.
• Right to file a complaint — without retaliation, to us or directly to the U.S. Department of Health and Human Services, Office for Civil Rights.

To exercise any of these rights, email [email protected].

If you are a California resident, you have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

• Right to know — what personal information we collect, use, disclose, and share.
• Right to delete — personal information we have collected from you, subject to legal retention requirements for clinical records.
• Right to correct — inaccurate personal information.
• Right to opt out — of the sale or sharing of personal information (we do not sell or share).
• Right to limit — use of sensitive personal information.
• Right to non-discrimination — for exercising any of the above rights.

PHI collected in the course of providing healthcare is governed by HIPAA and CMIA, not CCPA's commercial provisions. Limited website data (contact information submitted via the inquiry form, analytics) is governed by CCPA.

To exercise CCPA rights, email [email protected] with "CCPA Request" in the subject line. We verify identity before fulfilling requests.

California's Confidentiality of Medical Information Act (Civil Code §§ 56–56.37) provides additional protections for medical information beyond HIPAA. Under CMIA, we will not disclose your medical information without your written authorization except as specifically permitted by law. Violations of CMIA are subject to civil and regulatory penalties.

We share information only:

• With your authorization.
• With HIPAA-covered Business Associates who support our practice operations (EHR, telehealth platform, secure messaging, payment processor, cloud storage, email provider). All Business Associates sign Business Associate Agreements (BAAs) requiring HIPAA compliance.
• With other healthcare providers involved in your care, with your consent.
• When required or permitted by law (see Section 04).

Current BAA partners include our EHR/telehealth vendor, cloud storage provider, secure email provider, and payment processor. A full list is available on request.

We maintain administrative, physical, and technical safeguards appropriate to the nature of the information we hold, including:

• Encryption of PHI at rest and in transit (AES-256 and TLS 1.2+).
• Device-level encryption for any clinical device used in mobile practice.
• Access controls including unique user credentials, multi-factor authentication, and role-based permissions.
• Regular security audits and staff training.
• Written breach notification procedures consistent with HIPAA and California law.

No system is 100% secure. In the event of a breach of unsecured PHI, we will notify affected patients and the U.S. Department of Health and Human Services within the timeframes required by HIPAA and California law.

Our website uses minimal first-party cookies and analytics to understand general usage patterns and improve the site. We do not use cookies to track individuals across other websites for advertising. We do not use third-party advertising pixels. You can disable cookies in your browser without meaningfully affecting site functionality.

Our services and website are directed to adults. We do not knowingly collect information from individuals under 18. If you believe we have collected information from a minor in error, contact us at [email protected] and we will delete it.

Clinical records are retained in accordance with California Business & Professions Code §1680 and HIPAA — generally a minimum of seven (7) years from the last date of service, and for patients treated as minors, until the age of 25. Non-clinical website data is retained only as long as needed to fulfill the purpose for which it was collected.

We may update this policy from time to time. Material changes will be communicated via the website and, where applicable, directly to patients. The "Effective date" at the top of this page reflects the date of the most recent revision.

For privacy questions, requests, or complaints:

You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, at hhs.gov/ocr.