Privacy Policy
Important: This policy primarily addresses website data. If an individual becomes a patient, the Practice’s use and disclosure of Protected Health Information (PHI) is governed by the Practice’s HIPAA Notice of Privacy Practices (NPP). The HIPAA Privacy Rule requires covered providers to develop and distribute an NPP and update it when privacy practices materially change.
Information Collected
A. Information an individual provides
The Practice may collect information submitted through the website, such as:
Name, phone number, email address
Preferred appointment times, reason for visit (if entered)
Insurance-related details (if entered)
Messages submitted through “Contact Us” forms
B. Automatically collected information
When someone visits the website, the Practice (and service providers) may automatically collect:
IP address, browser type, device identifiers
Pages visited, time spent, referring/exit pages
Approximate location (city/state), site performance data
Websites commonly use cookies and similar technologies (e.g., pixels) to understand usage and improve services.
Cookies, Pixels, and Analytics
The Practice may use:
Essential cookies (site functionality)
Preference cookies (remember settings)
Analytics tools (understand traffic and improve content)
Advertising/remarketing tools (only if enabled by the Practice)
Choices: Individuals can control cookies through browser settings and, where available, the site’s cookie banner/preferences.
How the Practice Uses Information
The Practice may use collected information to:
Respond to inquiries and appointment requests
Provide requested services or information
Improve website experience, accessibility, and performance
Send administrative messages (e.g., confirmations)
Send marketing communications only when permitted/consented (see Section 6)
How the Practice Shares Information
The Practice may share information:
With service providers who help operate the site (hosting, analytics, scheduling, secure forms, customer support), under appropriate contractual protections
To comply with law (subpoenas, court orders, regulatory requests)
To protect rights and safety (fraud prevention, security incidents)
Business transfers (merger/acquisition), with appropriate safeguards
The Practice does not sell PHI. If the Practice ever sells personal information (in states where “sale” is defined broadly), the policy should be updated with required disclosures and opt-out mechanisms.
Email, Phone Calls, and Text Messages (SMS)
If an individual opts in, the Practice may send texts or emails such as:
Appointment reminders and scheduling messages
Care coordination or service updates
Practice announcements
Opt-out: Marketing texts should allow opt-out (commonly by replying “STOP”) and the Practice should honor opt-out requests. Recent FCC-related developments emphasize honoring opt-outs in “reasonable” ways and processing them promptly.
Note: Message and data rates may apply. Message frequency varies. [Include vendor/carrier disclosures if required.]
Patient Portal and Secure Communications
If the Practice offers a patient portal, patients should use it for sensitive health information.
Do not submit urgent or highly sensitive medical information through standard website forms or email. Website forms may not be encrypted end-to-end.
Security
The Practice uses reasonable administrative, technical, and physical safeguards designed to protect information. However, no website can guarantee absolute security.
Data Retention
The Practice retains website-collected information for as long as needed for legitimate business purposes, legal compliance, dispute resolution, and security. Retention may differ for patient records and PHI (governed by law and the Practice’s policies).
Links to Third-Party Websites
The website may link to third-party sites (e.g., payment processors, patient portal vendors, social platforms). Their privacy practices govern information collected on those sites.