As a healthcare provider, we collect Protected Health Information as defined by HIPAA regulations:

• Medical history and current health conditions
• Laboratory test results and diagnostic information
• Treatment plans and prescriptions
• Insurance information and billing records
• Clinical notes from healthcare providers
• Medical images and diagnostic scans

• Full name, date of birth, and gender
• Contact information (address, phone, email)
• Government-issued identification numbers
• Emergency contact information
• Payment information and financial data

• IP address and device identifiers
• Browser type and operating system
• Usage data and website interactions
• Cookies and tracking technologies
• Geolocation data (with consent)

We use your information primarily for providing medical care and related operations:

• Providing diagnosis, treatment, and medical care
• Coordinating care between healthcare providers
• Maintaining accurate medical records
• Quality improvement and patient safety initiatives
• Training medical staff and students
• Conducting medical research (with appropriate consent)

• Processing insurance claims and verifying coverage
• Billing for services rendered
• Collections activities
• Responding to payment and coverage inquiries

• Appointment reminders and follow-up care
• Treatment updates and test results
• Health education and wellness information
• Marketing communications (with opt-out option)
• Satisfaction surveys and feedback requests

• Complying with federal and state healthcare laws
• Responding to lawful requests from authorities
• Protecting against fraud and abuse
• Reporting to public health agencies when required

You have the following rights regarding your health information:

• Right to Access: Request copies of your medical records
• Right to Amendment: Request corrections to your records
• Right to Accounting: Request a list of disclosures
• Right to Restriction: Request limits on uses of your PHI
• Right to Confidential Communications: Request alternative contact methods
• Right to a Paper Copy: Receive a paper copy of this notice
• Right to File a Complaint: File complaints about privacy violations

HIPAA permits us to share your information without your authorization for:

• Treatment, payment, and healthcare operations
• Public health and safety purposes
• Law enforcement and legal proceedings
• Workers' compensation claims
• Medical research (with IRB approval)
• Organ and tissue donation
• Reporting abuse, neglect, or domestic violence

We work with Business Associates (third parties who perform services for us) who may have access to your PHI. These entities are contractually required to:

• Maintain the same privacy standards
• Use appropriate safeguards
• Report any breaches immediately
• Return or destroy PHI when services end

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request details about personal information collected
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of sale of personal information (we do not sell PHI)
• Right to Non-Discrimination: Not be discriminated against for exercising rights
• Right to Correct: Request correction of inaccurate information
• Right to Limit: Limit use of sensitive personal information

Residents of other states may have additional rights under state privacy laws including:

• Virginia Consumer Data Protection Act (VCDPA)
• Colorado Privacy Act (CPA)
• Connecticut Data Privacy Act (CTDPA)
• Utah Consumer Privacy Act (UCPA)

To exercise any of these rights, please contact us at:

We will respond to verified requests within 45 days as required by law.

• Essential Cookies: Required for website functionality
• Performance Cookies: Analyze how you use our site
• Functional Cookies: Remember your preferences
• Targeting Cookies: Deliver relevant advertisements

You can control cookies through your browser settings. Note that disabling certain cookies may limit website functionality.

Our website currently does not respond to Do Not Track signals as there is no established industry standard for compliance.

• 256-bit SSL/TLS encryption for data transmission
• AES-256 encryption for data at rest
• Multi-factor authentication (MFA)
• Regular security audits and penetration testing
• Intrusion detection and prevention systems
• Automatic logout after inactivity

• Comprehensive staff training on privacy and security
• Background checks for all personnel
• Role-based access controls
• Incident response and breach notification procedures
• Regular risk assessments

• Secure facility access with badge systems
• Video surveillance in sensitive areas
• Locked server rooms with climate control
• Secure disposal of physical records

In the unlikely event of a data breach affecting your PHI, we will:

• Notify affected individuals within 60 days
• Notify the Secretary of HHS if 500+ individuals affected
• Notify prominent media outlets if breach affects 500+ residents in a state
• Provide information about the breach and steps taken
• Offer credit monitoring services if applicable

When treating patients under 18, we require:

• Parental or legal guardian consent for treatment
• Parental access to medical records (subject to state laws)
• Special protections for sensitive services (reproductive health, mental health, substance abuse)

Some states grant teenagers privacy rights for certain healthcare services. We comply with all applicable state laws regarding adolescent consent and confidentiality.

Your PHI is primarily stored on servers located within the United States. Any international transfers comply with:

• HIPAA requirements for international data transfers
• Standard Contractual Clauses (SCCs)
• Appropriate safeguards and security measures

For international patients, we provide the same level of privacy protection as US patients, while also complying with applicable laws in your jurisdiction where possible.

• Post the updated policy on our website with the effective date
• Email notifications to registered users for material changes
• Notice in our facility for 60 days
• Make previous versions available upon request

Continued use of our services after policy updates constitutes acceptance of the new terms. However, we will obtain your consent for material changes affecting PHI as required by HIPAA.

If you believe your privacy rights have been violated, you may file a complaint with:

Important: You will not be penalized or retaliated against for filing a complaint.