HIPAA Policies & Procedures Agreement


This HIPAA Policies and Procedures Agreement (the “Agreement”) is being provided to you pursuant to your use of Cayster.com, including any content, functionality, and services offered through or on Cayster.com (the “Website” or “We”).  We understand that the medical information shared with the Website is private and confidential. Further, we and you are required by law to maintain the privacy of “protected health information.” “Protected health information” or “PHI” includes any individually identifiable information that we obtain from you or that you provide from your patient’s, past, present or future physical or mental health, the health care they have received, or payment for this health care. We will share protected health information with one another, as necessary, to carry out our obligations, payment or health care operations relating to the services to be rendered by registered members of the Website.

As required by law, this notice provides information about a Patient’s rights, and our legal duties and privacy practices with respect to the privacy of PHI. This Policy also discusses the uses and disclosures we will make of this PHI. The Website and You must comply with the provisions of this notice as currently in effect, although we reserve the right to change the terms of this Policy from time to time and to make the revised notice effective for all PHI We maintain, which will be available on the Website. 


By clicking “Accept” you agree to be bound by this Agreement. You shall preserve and protect PHI you receive from other registered members of the Website or through the Website itself, which shall be complaint with all Federal and State laws and regulations. You shall keep all PHI you receive as confidential.  

Additionally, you are agreeing to be bound by the Business Associate Agreement annexed hereto. 

You shall promptly notify the patient, Website, and the involved registered member of the Website if a breach occurs that may have compromised any PHI. 

You must follow the terms of this Agreement as is the Website obligated herein. 


We can use or disclose the PHI provided to us for purposes of treatment, payment, record maintenance and health care operations. For each of these categories of uses and disclosures, We have provided a description and an example below. However, not every particular use or disclosure in every category will be listed.

Treatment means the provision, coordination or management of patient health care, including consultations between health care providers relating to the care and referrals for health care from one health care provider to another.  For example, a dentist ordering a crown from a lab through the Website.

Payment means the services We provide to our registered members for utilizing the Website to connect a dentist and a laboratory or dental equipment provider for reimbursement for the health care provided to patients, including billing, collections, claims management, and other utilization review activities. For example, we may need to provide PHI to a registered member of the Website to determine whether the proposed course of treatment will be covered or if necessary to obtain payment. Federal or state law may require us to obtain a written release from your patients to perform this action. Consents must available upon request. 


We may also use PHI in the following ways:

To provide deadline or schedule reminders for treatment or medical care.

To confer about or recommend possible treatment or laboratory alternatives or other health-related benefits and services that may be of interest to your Patients.

To other registered members of the Website to the extent directly related to such person’s involvement in patient’s care or the payment for care.  

When permitted by law, we may coordinate our uses and disclosures of PHI with public or private entities authorized by law or by charter to assist in disaster relief efforts.

We may use or disclose your patients’ PHI for research purposes, subject to the requirements of applicable law. For example, a research project may involve comparisons of the health of all patients who received a particular dental treatment. All research projects are subject to a special approval process which balances research needs with a patient’s need for privacy. When required, we will obtain a written authorization from your patients prior to using the health information for research.

We will use or disclose PHI about patients when required to do so by applicable law. 

Note: Incidental uses and disclosures of PHI sometimes occur and are not considered to be a violation of a HIPAA. Incidental uses and disclosures are by-products of otherwise permitted uses or disclosures which are limited in nature and cannot be reasonably prevented.


Subject to the requirements of applicable law, we will make the following uses and disclosures of PHI:

Public Health Activities. We may disclose PHI about a patient for public health activities, including disclosures:

  • to prevent or control disease, injury or disability; to report births and deaths; to report child abuse or neglect;
  • to persons subject to the jurisdiction of the Food and Drug Administration (FDA) for activities related to the quality, safety, or effectiveness of FDA-regulated products or services and to report reactions to medications or problems with products; 
  • to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition; and
  • to notify the appropriate government authority if we believe that an adult patient has been the victim of abuse, neglect or domestic violence. We will only make this disclosure if the patient agrees or when required or authorized by law.

Health Oversight Activities. We may disclose PHI to federal or state agencies that oversee our activities (e.g., providing health care, seeking payment, and civil rights).

Lawsuits and Disputes. If a patient is involved in a lawsuit or a dispute, we may disclose PHI subject to certain limitations.

Law Enforcement. We may release PHI if asked to do so by a law enforcement official:

  • In response to a court order, warrant, summons or similar process;
  • To identify or locate a suspect, fugitive, material witness, or missing person;
  • About the victim of a crime under certain limited circumstances;
  • About a death we believe may be the result of criminal conduct;
  • About criminal conduct on our premises; or In emergency circumstances, to report a crime, the location of the crime or the victims, or the identity, description or location of the person who committed the crime.

National Security and Intelligence Activities. We may release PHI about patients to authorized federal officials for intelligence, counterintelligence, other national security activities authorized by law or to authorized federal officials so they may provide protection to the President or foreign heads of state.

Serious Threats. As permitted by applicable law and standards of ethical conduct, we may use and disclose PHI if we, in good faith, believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public or is necessary for law enforcement authorities to identify or apprehend an individual.

Note: HIV-related information, genetic information, alcohol and/or substance abuse records, mental health records and other specially protected health information may enjoy certain special confidentiality protections under applicable state and federal law. Any disclosures of these types of records will be subject to these special protections.


Certain uses and disclosures of PHI will be made only with a patient’s written authorization, including uses or disclosures: (a) of psychotherapy notes (where appropriate); (b) for marketing purposes; and (c) that constitute a sale of PHI under the Privacy Rule. Other uses and disclosures of PHI not covered by this notice or the laws that apply to us will be made only with patient’s written authorization. Patients have the right to revoke that authorization at any time, provided that the revocation is in writing, except to the extent that we already have taken action in reliance on your authorization.

As of May 1, 2022