Privacy Policy

Exocad Designer – Remote Exocad Dental CAD Design Services
Website: exocaddesigner.com
Effective Date: 10/12/2025
Last Updated: 10/12/2025

Introduction

Exocad Designer (“we”, “our”, “us”) operates the website exocaddesigner.com and provides remote Exocad dental CAD design services to dental professionals and laboratories, primarily in the United States. We are committed to protecting the privacy and security of personal health information in accordance with applicable federal and state laws, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the HITECH Act, and applicable state privacy regulations.

As a business associate providing services to HIPAA-covered entities, we understand the critical importance of maintaining the confidentiality, integrity, and availability of protected health information (PHI) entrusted to us.

Information We Collect

Protected Health Information (PHI)

When providing Exocad dental CAD design services, we may receive and process PHI that includes:

  • Digital dental impressions and STL/PLY/OBJ files containing patient-specific oral anatomy
  • Treatment information related to dental procedures (crowns, bridges, dentures, full arch implants, abutments, aligners, copings, night guards, splints)
  • Case identifiers and treatment prescriptions/specifications provided by dental professionals
  • Digital radiographic images when provided for treatment planning or implant positioning
  • Patient demographics when necessary and authorized for case completion

Non-PHI Information

We also collect non-personal and business information including:

  • Website usage data through cookies and analytics tools
  • Contact information for communication with dental professionals (email addresses, practice names, phone numbers)
  • Technical information about file uploads, case numbers, and digital workflow preferences
  • Business information related to service delivery, quality assurance, billing, and customer support

How We Use Information

Primary Use – Treatment Support

PHI is used exclusively for:

  • Digital design services including Exocad CAD/CAM design of dental prosthetics and appliances
  • Treatment planning support for dental professionals, including design options and digital simulations where appropriate
  • Quality assurance and accuracy verification of designed restorations and appliances
  • Communication with dental professionals regarding specific cases, design preferences and requested modifications

Administrative Uses

Non-PHI information is used for:

  • Service delivery and customer support, including case tracking and follow-up
  • Website functionality and user experience improvement on exocaddesigner.com
  • Business operations including billing, invoicing and internal reporting
  • Compliance monitoring and security assessments of our digital systems

Information Sharing and Disclosure

Authorized Disclosures

We only disclose PHI as:

  • Required by our Business Associate Agreements with covered dental entities
  • Directed by the originating dental professional for case completion and delivery of designs
  • Necessary for treatment purposes when authorized by the dental practice
  • Required by law including court orders, regulatory investigations, or public health reporting

Prohibited Disclosures

We will NEVER:

  • Sell or market PHI to third parties
  • Use PHI for purposes other than authorized treatment support and operations as outlined in this policy and applicable agreements
  • Disclose PHI without proper authorization or legal requirement
  • Share patient information for marketing or unrelated commercial purposes

International Data Transfers

Our remote Exocad design services may involve international data processing. We implement appropriate safeguards including:

  • Encryption of all PHI during transmission and storage where applicable
  • Contractual protections ensuring HIPAA-level security standards and business associate requirements
  • Access controls limiting data access to authorized personnel only and on a need-to-know basis
  • Regular security assessments of all data processing locations and systems

Data Security Measures

Technical Safeguards

  • Encryption of PHI in transit and at rest using industry-standard protocols where applicable
  • Secure file transfer systems for STL and related digital file exchange
  • Access controls with unique user authentication and role-based permissions
  • Automatic logoff from systems containing PHI after periods of inactivity
  • Audit logs tracking PHI access, modifications and transmissions

Physical Safeguards

  • Secure facilities with controlled access to workstations and servers
  • Workstation security measures to prevent unauthorized viewing or access to PHI
  • Device controls for equipment containing PHI, including laptops and external drives
  • Secure disposal of PHI-containing media and printed materials

Administrative Safeguards

  • Privacy and Security Officer functions responsible for developing and implementing privacy policies
  • Workforce training on HIPAA requirements, data protection, and Exocad workflow security
  • Business Associate Agreements with covered entities and relevant service providers
  • Incident response procedures for potential security breaches and suspected unauthorized access
  • Regular risk assessments and policy updates to address emerging threats

Data Retention and Disposal

Retention Period

  • Active case files retained for the duration of service delivery and reasonable follow-up
  • Completed cases retained for minimum periods required by applicable regulations, contracts, or legitimate business needs
  • Business records maintained per legal and contractual requirements

Secure Disposal

  • Electronic data securely deleted or overwritten using appropriate data destruction methods
  • Physical media destroyed through secure destruction methods
  • Audit trails maintained for disposal of PHI where required

Individual Rights

Patient Rights (through your dental provider)

Patients have the right to:

  • Access their health information through their dental provider
  • Request amendments to inaccurate health information
  • Request restrictions on certain uses and disclosures
  • Receive an accounting of certain disclosures
  • File complaints regarding privacy practices

Dental Professional Rights

Our dental professional and laboratory partners have the right to:

  • Audit our privacy and security practices within agreed contractual boundaries
  • Receive breach notifications within required timeframes
  • Request information about our data handling procedures and safeguards
  • Terminate agreements for non-compliance with privacy requirements, consistent with contractual terms

Breach Notification

In the event of a breach involving unsecured PHI:

  • Immediate assessment of the scope and risk of the breach
  • Notification to affected dental practices without unreasonable delay and within required legal timeframes
  • Assistance with patient notifications as required by law and relevant agreements
  • Cooperation with investigations by regulatory authorities
  • Implementation of corrective measures to prevent future incidents

Website Privacy

Cookies and Analytics

Our website exocaddesigner.com uses:

  • Essential cookies for basic website functionality and security
  • Analytics tools to understand website usage patterns and improve user experience
  • No tracking of personal health information through website visits

Contact Forms

Information submitted through contact forms or email links on exocaddesigner.com:

  • Used only for responding to inquiries, providing quotes, and managing service requests
  • Not shared with third parties for unrelated marketing purposes
  • Transmitted using encryption protocols where available

Third-Party Services

Business Associates and Service Providers

We carefully select and monitor third-party service providers who:

  • Sign Business Associate Agreements or equivalent data protection agreements where required
  • Implement appropriate security measures for PHI protection
  • Submit to security assessments and reviews as appropriate
  • Agree to liability provisions for data protection failures consistent with law and contract

Cloud Services

When utilizing cloud services for data processing and storage:

  • HIPAA-aligned platforms or platforms with appropriate certifications and security controls are used where PHI is involved
  • Encryption of stored and transmitted data where required
  • Geographic considerations taken into account for data storage locations
  • Regular security assessments of cloud providers and configurations

Compliance Monitoring

Regular Assessments

  • Periodic risk assessments of privacy and security practices
  • Regular reviews of policies, procedures and Exocad workflow controls
  • Ongoing monitoring of system access and usage
  • Employee training updates as regulations and best practices evolve

External Reviews

  • Independent security assessments of technical safeguards where appropriate
  • Compliance reviews by qualified privacy and security professionals as needed
  • Testing of systems for vulnerabilities and remediation
  • Ongoing improvement of information security controls

Changes to This Policy

We may update this Privacy Policy to reflect:

  • Changes in applicable laws and regulations
  • Updates to our services or business practices, including new Exocad or digital dental CAD offerings
  • Enhanced security measures and protection protocols
  • Feedback from business partners and regulatory guidance

Notice of Changes: Significant changes will be communicated to business partners through reasonable means (such as email or website notice) at least 30 days prior to implementation where practicable.

Contact Information

Privacy Contact

For questions about this Privacy Policy or our privacy practices:

Email: exocaddesigns@hotmail.com
Subject Line: Privacy Policy Inquiry

Filing Complaints

If you believe your privacy rights have been violated:

  1. Contact us directly using the information above so we can address your concerns
  2. File with the U.S. Department of Health and Human Services
    Office for Civil Rights
    Website: www.hhs.gov/ocr/privacy/hipaa/complaints

No Retaliation: We will not retaliate against individuals who file complaints or exercise their privacy rights.

Legal Compliance

This Privacy Policy is designed to comply with:

  • HIPAA Privacy Rule (45 CFR Parts 160 and 164)
  • HIPAA Security Rule (45 CFR Part 164, Subpart C)
  • HITECH Act breach notification requirements
  • State privacy laws that may provide additional protections
  • International data transfer regulations where applicable

Governing Law: This policy is governed by applicable federal and state laws of the United States.

Acknowledgment

By engaging our Exocad dental CAD design services, dental professionals acknowledge:

  • Understanding of our privacy practices as outlined in this policy
  • Agreement to Business Associate terms or equivalent contract terms where applicable
  • Commitment to obtain proper patient authorizations when required by law
  • Responsibility for notifying us of any privacy restrictions or patient objections that may affect our services

This Privacy Policy demonstrates our commitment to protecting the privacy and security of health information while supporting high-quality digital dental care through Exocad and related CAD workflows. We continuously evaluate and enhance our privacy practices to maintain the trust placed in us by the dental professionals and laboratories we serve.

Document Version: 1.0
Next Review Date: 10/12/2026