Terms of Use & Privacy Policy — Davis Center for Oral and Maxillofacial Surgery

1. Acceptance of Terms

By accessing or using the Davis Center for Oral and Maxillofacial Surgery patient preregistration portal at OMS.tapat.dev (the “Portal”), you agree to be bound by these Terms of Use and Privacy Policy (“Terms”). If you do not agree to these Terms, please do not use the Portal.

These Terms govern your use of the Portal and are in addition to any other agreements you may have with Davis Center for Oral and Maxillofacial Surgery, including any patient consent forms or financial agreements you sign as part of your care.

      Your Acceptance is Recorded
      When you begin the preregistration process, you will be asked to confirm your acceptance of these Terms. Your acceptance is recorded with a timestamp in our secure system as part of your preregistration record.
    

2. Portal Use & Purpose

The Portal is designed exclusively to allow prospective and current patients of Davis Center for Oral and Maxillofacial Surgery to:

Complete patient intake and preregistration forms prior to an appointment
Provide insurance and demographic information
Complete health history questionnaires
Review and acknowledge the HIPAA Notice of Privacy Practices
Sign financial agreements and consent documents electronically
View previously submitted forms and track completion status

      Not for Medical Emergencies
      This Portal is NOT for medical emergencies, urgent clinical questions, or obtaining medical advice. If you are experiencing a medical emergency, call 911 immediately. For urgent clinical questions, call our office at (801) 614-0999 during business hours.
    

The Portal is not a secure messaging platform and should not be used to communicate symptoms, clinical questions, or other sensitive health matters. Such communications should be made directly to our office by phone.

3. Eligibility

The Portal may be used by:

Adults (18 years of age or older) completing their own intake forms
Parents or legal guardians completing forms on behalf of a minor patient (under 18 years of age) — the Responsible Party section of the intake form must be completed in full
Legal representatives with documented authority to act on behalf of an adult patient who is unable to complete forms independently

By using the Portal, you represent that you are either (a) at least 18 years of age, or (b) a parent or legal guardian completing forms on behalf of a minor, or (c) an authorized legal representative of an adult patient.

4. Your Responsibilities

Accuracy of Information

You agree to provide accurate, current, and complete information in all preregistration forms. Providing false or misleading information, including health history information, could adversely affect the care you receive and may have legal consequences.

Account Security

Your access to previously submitted forms is protected by your email address and date of birth. You are responsible for keeping this information confidential. Do not allow others to access your records on shared devices. Always close the browser after completing your session.

Prohibited Uses

You agree not to:

Use the Portal to submit fraudulent information or impersonate another person
Attempt to gain unauthorized access to any part of the Portal or any other user’s records
Use automated tools, bots, or scripts to interact with the Portal
Attempt to probe, scan, or test the security of the Portal
Use the Portal in any manner that could damage, disable, or impair its functionality
Violate any applicable federal, state, or local laws or regulations

5. Protected Health Information

Information submitted through this Portal constitutes Protected Health Information (PHI) as defined under HIPAA. Davis Center for Oral and Maxillofacial Surgery is a HIPAA Covered Entity and handles all PHI in accordance with the HIPAA Privacy Rule and Security Rule.

Our full Notice of Privacy Practices, which is incorporated into these Terms by reference, describes in detail how we may use and disclose your PHI. You are presented with and asked to acknowledge receipt of the Notice of Privacy Practices as part of the preregistration process.

Full HIPAA Documentation Available For a detailed description of our technical, administrative, and physical safeguards for protecting your PHI, as well as your full rights under HIPAA, please review our HIPAA Compliance documentation.

6. Information We Collect

Information You Provide

Through the preregistration forms, we collect:

Name, date of birth, sex, and marital status
Contact information: address, phone numbers, email address
Employment information
Emergency contact information
Responsible party information (for minor patients)
Insurance carrier, policy holder, policy and group numbers
Health history: medical conditions, current medications, allergies, surgical history
Electronic signatures and their associated dates

We do not collect Social Security Numbers through this Portal. If your insurance carrier requires an SSN for billing, this information is collected separately through our office.

Information Collected Automatically

For security and audit purposes, our systems automatically record:

IP address associated with portal access events
Timestamps of form submissions, logins, and data access events

We do not collect browser fingerprints, device identifiers, or behavioral analytics.

7. How We Use Your Information

We use the information you submit through the Portal for the following purposes:

Treatment: To provide you with oral and maxillofacial surgical care, including pre-surgical planning, anesthesia preparation, and post-operative care coordination
Payment: To verify insurance eligibility, submit claims to your insurance carriers, and facilitate billing and collections
Health Care Operations: To support practice management, quality improvement, staff training, and legal compliance
Communication: To contact you regarding appointments, follow-up care, and administrative matters, subject to your communication preferences
Legal Compliance: To comply with applicable federal and state law, including HIPAA, Utah health information laws, and any court orders or legal proceedings

We will not use your information for marketing purposes, sell your information to third parties, or use it for any purpose not described in these Terms or our Notice of Privacy Practices without your explicit written authorization.

8. Information Sharing & Disclosure

Permitted Disclosures

We may share your health information without your written authorization in the following circumstances:

Treatment: With other health care providers involved in your care, such as referring dentists, orthodontists, or specialists
Payment: With your insurance carriers to verify benefits and process claims
Health Care Operations: With business associates who provide services to our practice under executed Business Associate Agreements
Legal Requirements: When required by law, court order, or to respond to lawful requests from government authorities
Public Health: For public health activities as required or permitted by law

Business Associates

We use the following categories of service providers who may process PHI on our behalf, each under an executed Business Associate Agreement:

Cloud database and hosting providers (encrypted data storage)
Electronic health record and practice management systems
HIPAA-compliant email communication services
Billing and claims processing services

We Will Not Sell Your Data

Davis Center for Oral and Maxillofacial Surgery does not sell, rent, or trade patient health information to any third party for commercial purposes under any circumstances.

9. Security Measures

We implement industry-standard security measures to protect your information, including:

AES-256 encryption for data stored in our database
TLS 1.2+ encryption for all data transmitted between your browser and our servers
Row-level security controls preventing unauthorized database access
Time-limited access tokens that expire and require re-authentication
Multi-factor identity verification for returning patients
Comprehensive audit logging of all data access events
15-minute administrative session timeouts

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. In the event of a breach affecting your PHI, we will notify you as required by the HIPAA Breach Notification Rule.

Report Security Concerns If you believe you have identified a security vulnerability in the Portal, please report it to us at (801) 614-0999 or info.davisoms@gmail.com. Do not attempt to exploit any vulnerability.

10. Your Rights

Access and Correction

You have the right to access, review, and request corrections to your health information maintained by our practice. The Portal allows you to view and update your preregistration forms. For access to other health records, please contact our office directly.

Deletion Requests

You may request deletion of your preregistration records submitted through this Portal by contacting our office in writing. Please note that certain records may be required to be retained under applicable law, including Utah's medical records retention requirements (minimum 7 years for adult patients, or 3 years after a minor patient's 18th birthday, whichever is longer).

Opt-Out of Communications

You may update your communication preferences (voicemail, email, work contact) through the Portal at any time by editing your forms. To opt out of specific types of communications, contact our office directly.

HIPAA-Specific Rights

For a complete description of your rights under HIPAA — including the right to request restrictions, request confidential communications, receive an accounting of disclosures, and file complaints — please see our HIPAA Compliance page or request a copy of our Notice of Privacy Practices from our front desk.

11. Cookies & Tracking

The Portal uses minimal technical cookies necessary for basic functionality:

Session tokens: Short-lived authentication tokens stored temporarily in browser memory (not persistent cookies) to maintain your session while completing forms
No advertising cookies: We do not use advertising networks, retargeting pixels, or behavioral tracking cookies
No third-party analytics: We do not use Google Analytics, Facebook Pixel, or similar third-party tracking services
No cross-site tracking: We do not share browsing data with any third-party advertising or data broker services

External fonts are loaded from Google Fonts (fonts.googleapis.com) solely to render the portal's typography. This results in a standard HTTP request to Google's servers; no personal information is transmitted as part of this request.

12. Disclaimer & Limitations of Liability

No Medical Advice

The Portal is an administrative tool for collecting patient intake information. Nothing in the Portal or these Terms constitutes medical advice, diagnosis, or treatment. Always seek the advice of a qualified health care provider with any questions you may have regarding a medical condition.

Accuracy of Submitted Information

Davis Center for Oral and Maxillofacial Surgery relies on the accuracy of information you provide. We are not responsible for errors in care or billing that result from inaccurate, incomplete, or misleading information submitted through the Portal.

Limitation of Liability

To the fullest extent permitted by applicable law, Davis Center for Oral and Maxillofacial Surgery shall not be liable for any indirect, incidental, special, or consequential damages arising from your use of, or inability to use, the Portal. Our total liability to you for any claim arising from these Terms or your use of the Portal shall not exceed $100.

Availability

We do not warrant that the Portal will be uninterrupted, error-free, or that defects will be corrected. The Portal may be temporarily unavailable for maintenance, updates, or circumstances beyond our control.

13. Governing Law

These Terms shall be governed by and construed in accordance with the laws of the State of Utah, without regard to its conflict of law provisions. Any disputes arising under these Terms shall be subject to the exclusive jurisdiction of the state and federal courts located in Davis County, Utah.

These Terms are also subject to applicable federal law, including HIPAA and the HITECH Act, which govern the handling of protected health information.

14. Changes to These Terms

We reserve the right to modify these Terms at any time. Material changes will be communicated by updating the “Last Revised” date at the bottom of this page and, where appropriate, by posting a notice on the Portal.

Your continued use of the Portal after changes are posted constitutes your acceptance of the revised Terms. If you do not agree to the revised Terms, please discontinue use of the Portal and contact our office to arrange alternative methods for completing intake forms.

If we make material changes to how we handle your PHI, we will provide notice as required by HIPAA, which may include direct notification by mail or phone.

15. Contact Us

If you have questions about these Terms, our privacy practices, or wish to exercise your rights, please contact us:

Davis Center for Oral and Maxillofacial Surgery

Attn: Kerri Jewkes, Privacy Officer
890 W. Heritage Park Blvd., Suite 103
Layton, Utah 84041

Phone: (801) 614-0999
Email: info.davisoms@gmail.com
Portal: oms.tapat.dev