PRIVACY POLICY
Privacy Policy
At our company, ("we," "our," "us"), protecting your privacy and maintaining the confidentiality of your personal and health information is a top priority.
PLEASE REVIEW IT CAREFULLY.
This privacy policy (“Policy”) describes how the company, including our parent companies, subsidiaries, and affiliated companies (“The Company,” “we,” “us,” “our”, and/or “The Company”) may collect, use, and share information about you that we obtain through our website and associated links and applications that link to this Policy (collectively, the “Sites”). This Policy also applies to any information we collect offline, such as when you visit our offices, attend company events, or interact with company representatives.
This policy does not apply to the companies’ product offerings that have their own privacy policies, or to websites of third parties to which we provide links. We do not control and are not responsible for the privacy practices of the websites of other entities and we urge you to review any applicable third-party privacy policies for yourself.
Our processing of data on behalf of our healthcare provider customers is governed by the agreements we enter with our customers, which may include Business Associate Agreements as applicable and required under the Health Insurance Portability and Accountability Act (“HIPAA”). Your healthcare provider may also have its own privacy practices and/or policies that govern its collection and use of your data. We are not responsible for how your healthcare provider treats your information, and we recommend you review their privacy policies.
I. WHAT IS “PROTECTED HEALTH INFORMATION”?
We are dedicated to maintaining the privacy of your protected health information (“PHI”). PHI is information about you that may be used to identify you (such as your name, social security number or address), and that relates to (a) your past, present or future physical or mental health or condition, (b) the provision of healthcare to you, or (c) your past, present, or future payment for the provision of healthcare. In conducting its business, we may receive and create records containing your PHI. PHI may be in oral, written or electronic form. Examples of PHI include your medical record, claims record, and communications between you and your health care provider about your care. We are required by law to maintain the privacy of your PHI and to provide you with notice of its legal duties and privacy practices with respect to your PHI.
II. ABOUT OUR RESPONSIBILITY TO PROTECT YOUR PHI
By law, we must:
a. protect the privacy of your PHI;
b. tell you about your rights and our legal duties with respect to your PHI;
c. notify you if there is a breach of your unsecured PHI; and
d. tell you about our privacy practices and follow our notice currently in effect.
We take these responsibilities seriously and, have put in place administrative safeguards (such as security awareness training and policies and procedures), technical safeguards (such as encryption and passwords), and physical safeguards (such as locked areas and requiring badges) to protect your PHI and, as in the past, we will continue to take appropriate steps to safeguard the privacy of your PHI.
We must abide by the terms of this Notice while it is in effect. This Notice is in effect from the date noted above until we replace it. We reserve the right to change the terms of this Notice at any time, as long as the changes are in compliance with applicable law. If we change the terms of this Notice, the new terms will apply to all PHI that it maintains, including PHI that was created or received before such changes were made. If we change this Notice, we will post the new Notice on our website and will make the new Notice available upon request.
III. HOW WE MAY USE AND DISCLOSE YOUR PHI
Your confidentiality is important to us. Our clinicians and employees are required to maintain the confidentiality of the PHI of our members/patients, and we have policies and procedures and other safeguards to help protect your PHI from improper use and disclosure. Sometimes we are allowed by law to use and disclose certain PHI without your written permission. We briefly describe these uses and disclosures below and give you some examples.
How much PHI is used or disclosed without your written permission will vary depending, for example, on the intended purpose of the use or disclosure. Sometimes we may only need to use or disclose a limited amount of PHI, such as to send you an appointment reminder. At other times, we may need to use or disclose more PHI such as when we are providing clinical treatment.
a. Treatment, Payment and Healthcare Operations.. Company is permitted to use and disclose your PHI for purposes of (a) treatment, (b) payment and (c) healthcare operations. For example:
i. Treatment. Company may disclose your PHI to a physician in connection with the provision of treatment to you.
ii. Payment. Company may use and disclose your PHI to your health insurer or health plan in connection with the processing and payment of claims and other charges.
iii. Healthcare Operations. Company may use and disclose your PHI in connection with its healthcare operations, such as providing customer services and conducting quality review assessments. Company may engage third parties to provide various services for Company. If any such third party must have access to your PHI in order to perform its services, Company will require that third party to enter an agreement that binds the third party to the use and disclosure restrictions outlined in this Notice.
b. Business Associates: We may contract with business associates to perform certain functions or activities on our behalf, such as payment and health care operations. These business associates must agree to safeguard your PHI.
c. Appointment Reminders: We may use your PHI to contact you about appointments for treatment or other health care you may need.
d. Identity verification: We may photograph you for identification purposes, storing the photo in your medical record. This is for your protection and safety, but you may opt out.
e. Authorization. Company is permitted to use and disclose your PHI upon your written authorization, to the extent such use or disclosure is consistent with your authorization. You may revoke any such authorization at any time.
f. As Required by Law. Company may use and disclose your PHI to the extent required by law.
g. Special Circumstances. The following categories describe unique circumstances in which Company may use or disclose your PHI, including:
i. Public Health Activities. Company may disclose your PHI to public health authorities or other governmental authorities for purposes including preventing and controlling disease, reporting child abuse or neglect, reporting domestic violence and reporting to the Food and Drug Administration regarding the quality, safety and effectiveness of a regulated product or activity. Company may, in certain circumstances disclose PHI to persons who have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition.
ii. Workers’ Compensation. Company may disclose your PHI as authorized by, and to the extent necessary to comply with, workers’ compensation programs and other similar programs relating to work-related illnesses or injuries.
iii. Health Oversight Activities. Company may disclose your PHI to a health oversight agency for authorized activities such as audits, investigations, inspections, licensing and disciplinary actions relating to the healthcare system or government benefit programs.
iv. Judicial and Administrative Proceedings. Company may disclose your PHI, in certain circumstances, as permitted by applicable law, in response to an order from a court or administrative agency, or in response to a subpoena or discovery request.
v. Law Enforcement. Company may, under certain circumstances, disclose your PHI to a law enforcement official, such as for purposes of identifying or locating a suspect, fugitive, material witness or missing person.
vi. Decedents. Company may, under certain circumstances, disclose PHI to coroners, medical examiners and funeral directors for purposes such as identification, determining the cause of death and fulfilling duties relating to decedents.
vii. Organ Procurement. Company may, under certain circumstances, use or disclose PHI for the purposes of organ donation and transplantation.
viii. Research. Company may, under certain circumstances, use or disclose PHI that is necessary for research purposes.
ix. Threat to Health or Safety. Company may, under certain circumstances, use or disclose PHI if necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.
x. Specialized Government Functions. Company, may in certain situations, use and disclose PHI of persons who are, or were, in the Armed Forces for purposes such as ensuring proper execution of a military mission or determining entitlement to benefits. Company may also disclose PHI to federal officials for intelligence and national security purposes.
IV. ALL OTHER USES AND DISCLOSURES OF YOUR PHI REQUIRE YOUR PRIOR WRITTEN AUTHORIZATION
Except for those uses and disclosures described above, we will not use or disclose your PHI without your written authorization. Some instances in which we may request your authorization for use or disclosure of PHI are:
a. Marketing: We may ask for your authorization in order to provide information about products and services that you may be interested in purchasing or using. Note that marketing communications do not include our contacting you with information about treatment alternatives, prescription drugs you are taking or health-related products or services that we offer or that are available only to our health plan enrollees. Marketing also does not include any face-to-face discussions you may have with your providers about products or services.
b. Psychotherapy Notes: On rare occasions, we may ask for your authorization to use and disclose “psychotherapy notes”. Federal privacy law defines “psychotherapy notes” very specifically to mean notes made by a mental health professional recording conversations during private or group counseling sessions that are maintained separately from the rest of your medical record.
c. When your authorization is required and you authorize us to use or disclose your PHI for some purpose, you may revoke that authorization by notifying us in writing at any time. Please note that the revocation will not apply to any authorized use or disclosure of your PHI that took place before we received your revocation.
V. YOUR RIGHTS REGARDING YOUR PHI
This section tells you about your rights regarding your PHI and describes how you can exercise these rights.
a. Confidential Communication. You have the right to receive confidential communications of your PHI. You may request that Company communicate with you through alternate means or at an alternate location, and Company will accommodate your reasonable requests. You must submit your request in writing to Company.
b. Restrictions. You have the right to request restrictions on certain uses and disclosures of PHI for treatment, payment or healthcare operations. You also have the right to request that Company limits its disclosures of PHI to only certain individuals involved in your care or the payment of your care. You must submit your request in writing to Company. Company is not required to comply with your request. However, if Company agrees to comply with your request, it will be bound by such agreement, except when otherwise required by law or in the event of an emergency.
c. Inspection and Copies. You have the right to inspect and copy your PHI. You must submit your request in writing to Company. Company may impose a fee for the costs of copying, mailing, labor and supplies associated with your request. Company may deny your request to inspect and/or copy your PHI in certain limited circumstances. If that occurs, Company will inform you of the reason for the denial, and you may request a review of the denial.
d. Amendment. You have a right to request that Company amend your PHI if you believe it is incorrect or incomplete, and you may request an amendment for as long as the information is maintained by Company. You must submit your request in writing to Company and provide a reason to support the requested amendment. Company may, under certain circumstances, deny your request by sending you a written notice of denial. If Company denies your request, you will be permitted to submit a statement of disagreement for inclusion in your records.
e. Accounting of Disclosures. You have a right to receive an accounting of all disclosures Company has made of your PHI. However, that right does not include disclosures made for treatment, payment or healthcare operations, disclosures made to you about your treatment, disclosures made pursuant to an authorization, and certain other disclosures. You must submit your request in writing to Company and you must specify the time period involved (which must be for a period of time less than six years from the date of the disclosure). Your first accounting will be free of charge. However, Company may charge you for the costs involved in fulfilling any additional request made within a period of 12 months. Company will inform you of such costs in advance, so that you may withdraw or modify your request to save costs.
f. Breach Notification. You have the right to be notified in the event that Company (or a Company Business Associate) discovers a breach of unsecured PHI.
g. Paper Copy. You have the right to obtain a paper copy of this Notice from Company at any time upon request. To obtain a paper copy of this notice, please contact Company by calling (855) 434-7763.
VI. Information We Collect
We collect the following types of information from our patients:
a. Personal Information: Name, address, date of birth, contact details, and other identifying information.
b. Health Information: Medical history, treatment details, medications, allergies, and other health-related data necessary for your care.
c. Billing Information: Insurance details, payment information, and other data required for billing purposes.
d. Digital Information: If you use our website, we may collect data such as IP address, browser type, and usage statistics.
VII. How We Use Your Information
We use your information for the following purposes:
a. Healthcare Services: To provide medical care, including diagnosis, treatment, and follow-up care.
b. Billing and Payments: To bill you or your insurance for services rendered.
c. Communications: To contact you regarding appointments, test results, and follow-up care.
d. Compliance: To comply with legal and regulatory requirements, including reporting obligations and audits.
e. Internal Operations: For administrative, research, and quality improvement purposes, including staff training
VIII. Opt-In Consent Language for Collecting Mobile Numbers
By providing your mobile number, you consent to receive text messages (SMS) and/or phone calls from the company regarding appointment reminders, medical updates, and other healthcare-related information. Message and data rates may apply. You can opt-out of receiving these messages at any time by replying STOP to any text message or by contacting our office directly.
Your mobile number will only be used for the purposes outlined above and will not be shared with third parties without your explicit consent, except as required by law. For more information, please review our privacy policy and terms of use.
By submitting your mobile number, you acknowledge that you have read, understood, and agreed to these terms.
IX. How We Share Your Information
We may share your information in the following ways:
a. With Healthcare Providers: To coordinate your care with other healthcare professionals, hospitals, and labs.
b. With Third-Party Service Providers: For billing, collections, or other services necessary to manage our practice.
c. With Your Consent: We may share information with family members or others when you give us explicit permission.
d. As Required by Law: To comply with legal processes, court orders, or regulatory requirements.
We will never sell or rent your personal or health information to third parties.
X. Data Security
We implement administrative, technical, and physical safeguards to protect your personal and health information. This includes:
a. Secure storage and encryption of sensitive data.
b. Access controls to ensure only authorized personnel can view or process your information.
c. Regular audits and staff training on data protection and privacy practices.
However, no system is completely secure. While we strive to protect your data, we cannot guarantee absolute security.
I. SOCIAL MEDIA AND OTHER INTEGRATIONS
Some of our Sites and services may have social media and technology integrations that are operated or controlled by separate entities. We also may collect information from third party social media and marketing companies to enhance our data sets. Some examples include:
a. Links. Our Sites include links that hyperlink to websites, platforms, and other services not operated or controlled by us.
b. Liking, Sharing, and Logging-In. We may embed a pixel or SDK on our Sites that allows you to “like” or “share” content on, or log in to, your account through social media. If you choose to engage with such integration, we may receive information from the social network that you have authorized to share with us. Please note that the social network may independently collect information about you through integration.
c. Brand Pages and Chatbots. We may offer our content through social media. Any information you provide to us when you engage with our social media content is treated in accordance with this Policy. Also, if you publicly reference our Sites on social media (e.g., by using a hashtag associated with The Company in a tweet or post), we may use your reference on or in connection with our Sites.
d. Platform Linking. Our Sites may offer you the ability to link to another service or partner to retrieve certain data about your account on that service. For example, if you link your account to one of the partners in the company marketplace, the link may allow us to obtain information such as your username and email address. For more information about how these platforms handle information about you, please refer to their respective privacy policies and terms of use.
Please note that when you interact with other entities, including when you leave our Sites, those entities may independently collect information about you and solicit information from you. The information collected and stored by those entities remains subject to their own policies and practices, including what information they share with us, your rights and choices on their services and devices, and whether they store information in the U.S. or elsewhere. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.
XI. Your Rights Regarding Your Information
You have the following rights concerning your personal and health information:
a. Access: You can request copies of your medical records.
b. Amendment: You can request changes or corrections to your information if you believe it is inaccurate.
c. Restriction: You can request limits on how we use or disclose your information.
d. Confidential Communications: You can ask us to contact you through specific methods (e.g., phone or email) or at specific locations.
e. Revocation of Consent: You can withdraw your consent for us to share your information at any time (except where disclosure is required by law).
To exercise these rights, please contact our office using the contact information provided below
I. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or industry standards. Any changes will be posted on our website and will become effective upon posting. Your continued use of our sites following the posting of changes constitutes your acceptance of such changes.
XII. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how your personal and health information is handled, please contact us at:
Senior Doc 5 Hutton Centre Dr, STE 950
Santa Ana, CA 92707
(855) 434-7763
info@seniordoc.com
Thank you for trusting us with your healthcare needs.
This policy ensures compliance with applicable regulations, including the Health Insurance Portability and Accountability Act (HIPAA) or other local privacy laws.
The company is defined as the parent company and subsidiaries, attached here.
This notice is effective on January 1, 2024.