GET STARTED

Privacy Policy

A. Introduction

This HIPAA Privacy Policy contains our Practice policies, procedures, and standards of conduct designed to ensure our compliance with applicable Federal laws and regulations. Failure to abide by the rules, policies and procedures established by this Policy or behavior in violation of any HIPAA law, regulation or rule may result in disciplinary action. Willful failure by any employee of the Practice to comply with the policies and procedures contained in this Plan, will result in employment dismissal. Contact our HIPAA Compliance Personnel if you have any questions about our Practice commitment to effective compliance routines.

B. Compliance Mission Statement

This Practice strives at all times to maintain the highest degree of integrity in its interactions with patients and the delivery of quality health care. The Practice and its employees will at all times strive to maintain compliance with all laws, rules, regulations and requirements affecting the practice of medicine and the handling of patient information. The protection of the privacy of an individual’s health information and the security of an individual’s electronic protected health information (“ePHI”) is a critical concern to this Practice, and to the trust our patients offer in our treatment of their medical and/or mental health issues.

C. Privacy Policies

1. Notice of Privacy Practices

The HIPAA Privacy Regulations require health care providers to furnish patients with a written notice of the Practice’s policies and procedures regarding the use and disclosure of protected health information. This Notice of Privacy Practices is the starting point under HIPAA. It describes how the Practice will be handling confidential patient information in accordance with the HIPAA regulations. Clients can ask the front desk any questions regarding the policy. Front desk personnel should provide each client (new or established), at the time of the first office visit, with a copy of the Notice for review and return to the front desk prior to being seen by the provider.

The Practice will also keep on hand paper copies of the Notice for clients who ask for a take-home copy. A current copy of the Notice need only be provided once to the client. If the Notice is ever materially changed in terms of the description of permitted disclosures, clients rights, the Practice’s legal duties, or other privacy practices, then the Notice must be redistributed to each client. When the client receives the Notice, or arrives at the office for a visit after the Notice has been changed, front desk personnel should provide the client with the Written Acknowledgement form and ask the client to sign. This form merely signifies that the client has received a copy of the Notice.

2. Staff Access to Information

HIPAA provides that staff member job functions should be reviewed to determine the level of PHI access that the staff member strictly needs to do their job. Staff members should only have the minimum access necessary, and no more. Staff access is reviewed and determined by the Compliance officer.

3. Authorizations

“Authorizations” are basically patient consent forms that contain certain specific provisions required by HIPAA. Typical situations where authorizations are needed are:

  • Release of medical records to qualify for life insurance coverage;
  • Release of school physical results to the school, for purposes of qualifying for team sports, etc., unless the disclosure involves only immunizations and the parent or guardian has indicated their consent to the release through some other written agreement or through oral assent which has been documented. (You can also simply give the PHI directly to the parent/guardian or patient and direct them to give the information to the school);
  • Clinical trial participation (release of information to pharmaceutical company is not for treatment; it’s for research, which is not a HIPAA exception);
  • Completion of Family Medical Leave Act forms for employers (release of information to employer is not “treatment” – easiest course again is to give the patient the information, and instruct them to give the information to the employer); or
  • Psychotherapy notes in the chart (psychotherapy notes are notes by a mental health professional regarding the contents of counseling conversations and do not include such items as medication information, results of clinical tests, summary of diagnosis or symptoms or prognosis or progress to date).

When the client fills out the Authorization Form, note the required “expiration date” or “expiration event.” This may be any date or event desired by the client relating to him or her or the purpose of the disclosure. For instance, for authorization to provide the client’s employer with reports for Family and Medical Leave Act purposes, you could specify the expiration date as “termination of employment.” For research disclosures only, “none” may be specified as the expiration. Sometimes the office may receive an Authorization form signed by the patient that is on “somebody else’s form.” For instance, frequently life insurance companies have their medical technicians obtain the patient’s signature on a form at the time when all the other paperwork is filled out and the patient gives a blood sample. The life insurance company then sends the form to the office, asking for the medical records. If the form is digitally signed, an Acheron representative will contact the client to verify they do want the information disclosed.

Acheron may accept an outside party’s Authorization form provided it has all the elements required by HIPAA.

These are:

  1. A specific description of information to be used or disclosed;
  2. The identification of specific individuals authorized to make the requested use or disclosure of the information;
  3. The identification of specific individuals to whom the practice may make the requested use or disclosure of the information;
  4. A description of each purpose of the requested use or disclosure;
  5. The expiration date of the use or disclosure;
  6. A statement of the patient’s right to revoke the Authorization at any time in writing along with the procedure for revocation;
  7. A statement that the provider may not withhold treatment if the patient refuses to sign the authorization (except as noted below for research, school physicals and other situations where treatment would not normally be provided unless the patient authorized disclosure of his or her PHI);
  8. A statement that the PHI used or disclosed may be subject to re-disclosure by the party receiving the information and may no longer be protected;
  9. Patient’s signature and date.

If the form sent does not have these elements, have the client execute the Practice’s Authorization Form. Acheron will offer a copy of the authorization to the client, when it is signed, for their records. This is required by HIPAA.

4. Minors and Incompetent Patients

As noted, minors and incompetent patients generally cannot sign the Written Acknowledgment form for themselves. Typically, they do not have the legal authority to do this. Only the person(s) who have the ability to give informed consent for the minor or incompetent patient, under state law, can exercise these rights.

Normally, in the case of a minor, it is the parent who has such right to give informed consent for the child. Therefore it is the parent who signs the Written Acknowledgment or the Authorization or other forms and who exercises the child’s HIPAA rights as a patient.

5. Friends and Family

“Friends and family” pose a special challenge. These are the people who come with the client to the doctor’s office, or who pick up the phone when Acheron calls the client’s home. Under HIPAA, friends and family, even spouses, are not entitled to the patient’s PHI. Only the client himself or herself has an absolute right to the PHI. The exception is parents of minor children or other legal guardians, who are generally to be treated for HIPAA purposes as if they were the patient, as noted above. Having said this, HIPAA does permit some sharing of information with friends and family. HIPAA specifies that the Practice may, without written Authorization, disclose to a “family member, other relative, or a close personal friend of the [patient], or any other person identified by the [patient], the PHI directly relevant to such person’s involvement with the [patient]’s care or payment related to the [patient’s care].” However, there are some “strings attached.” To disclose to these people (referred to in this Manual as “friends and family”), one of the following must apply:

  • the Practice obtained the client’s oral or written agreement to disclosing information to the person in question;
  • the Practice provided the client with the opportunity to object to the disclosure, and the client did not object;
  • the Practice could “reasonably infer from the circumstances, based on the exercise of professional judgment, that the [client] does not object to the disclosure,” such as when the friend or family member accompanies the client into the exam room, or when a child arrives at the doctor’s office in the care of a babysitter (presumably the parent wants the babysitter to receive all resulting diagnoses and care instructions), or where a client arrives from the nursing home in the care of a nurse’s aide;
  • it is an emergency situation or the client is incapacitated, so that there is no chance to provide the client with the opportunity to agree or object;
  • the friend or family member has been sent to pick up filled prescriptions, medical supplies, xrays, or other PHI, in which case the practice is permitted to make a reasonable inference as to the client’s best interest, in accordance with common medical practice.

If a client wishes to identify a family member or other person with whom their medical information may be shared, the client should be given the opportunity to designate individuals to whom it is acceptable to make a disclosure of PHI. This determination will be kept inside the client’s chart and updated as designated acceptable PHI recipients are added or dropped. It is not necessary that the client indicate this in writing, including adding or dropping individuals from the list, since oral agreement suffices. Also, the friends and family who are named by the client do not represent the only individuals authorized to receive the client’s PHI. As noted, there may be situations where the Practice is entitled to infer that the client does not object to the release of information, such as in the case when the friend or family member accompanies the client into the room.

Simple appointment reminders can generally be left with family members even if the family member is not explicitly designated as a PHI recipient by the client. However, check the client’s file to see if the client has requested an alternative means of communication, and if so, honor it. In any event, do not indicate to the family member the reason for the client’s visit.

6. Patient Access to Chart

Except for psychotherapy notes, patients generally have the right to inspect and obtain a copy of their medical chart. Have the client fill out the Practice’s “Request for Access to Medical Information” form. Generally, the Practice has thirty (30) days to comply with a request for access, or sixty (60) days if the information requested is not on-site.

The Practice must honor the client’s request to have the information delivered in a particular format, if this can be easily done. The Practice may be entitled to demand a copying charge. If the client merely wants to look at the file, not copy it, arrange a mutually convenient time and place for this to be done. The client’s request for his or her PHI may be denied in very limited circumstances only. Access may be denied if:

  • the file contains information obtained from a source other than a health care provider under a promise of confidentiality, and the access would reveal the source;
  • the information requested has been compiled in a research trial that is still underway, and the patient previously agreed in writing that access would not be allowed until the trial was completed;
  • a licensed health care professional has made a judgment that access would likely endanger the life or physical safety of the patient or someone else;
  • the file makes reference to another person, and the licensed health professional makes a judgment that access would likely result in substantial harm to that other person;
  • the information is requested by the patient’s personal representative and the licensed health professional makes a judgment that access would likely result in substantial harm to the patient or another person.

If access is denied, the patient has a right to review the decision to deny access, unless it is for either of the first two reasons noted above. This review must be done by a licensed health care professional who was not involved in the original decision to deny access. Be sure to document any denials.

7. Patient Amendment of Chart

The client has a right to request an amendment to their medical record (so long as the Practice maintains it) if he or she believes it is incorrect or incomplete. To request an amendment, the clientt should complete the Practice’s form “Request to Amend Medical Information”. The amendment must be dated and signed by the client.

The Practice may deny the client’s request for an amendment if it is not in writing or does not include a reason to support the request. In addition, the Practice may deny a request to amend information that:

  • was not created by the Practice, unless the person or entity that created the information is no longer available to make the amendment;
  • is not part of the medical information kept by or for the Practice;
  • is not part of the information which the patient would be permitted to inspect and copy; or
  • is accurate and complete.

The Practice must respond to the request to amend within sixty (60) days.

8. Incidental or Inadvertent Disclosures

Taken literally, HIPAA’s prohibition against the disclosure of PHI would probably bring most medical practices to a standstill. For instance, the mere announcement of a client’s name in the waiting room is a disclosure of PHI – the client’s name. The same applies to sign-in sheets, overheard conversations with the check-in or check-out clerk regarding follow-up appointments, or other common situations where one client inadvertently learns information about another client.

Overheard conversations and other such inadvertent disclosures are called “incidental disclosures.” Under HIPAA, incidental disclosures are not violations, provided that the Practice has taken reasonable steps to “safeguard” PHI and avoid incidental disclosures to the extent possible.

9. Faxes, Answering Machines, Messages, Email

As noted, HIPAA requires “reasonable safeguards” to avoid the disclosure of PHI. Although some inadvertent disclosures will be excused as “incidental,” the Practice has established the following procedures to minimize the likelihood of HIPAA violations:

  • Do not fax information to patients; mail it. This will minimize the chances of a fax going to the wrong fax number. Information can also be sent through the HIPAA compliant patient portal. If a client is unable to access that and needs something sent in a rush, email will be acceptable as long as the client recognizes there is a risk of exposure and that they agree to take that risk and will not hold Acheron accountable should the information be exposed or compromised.
  • Faxes to hospitals, other physicians, labs, and other routine recipients are acceptable. However, double check the fax number before sending, and always use a cover sheet indicating that PHI may be attached and that if the fax has gone to the wrong person, it should be returned or destroyed.
  • Leaving messages on answering machines for appointment reminders is acceptable. Do not indicate the reason for the visit. Do not leave messages regarding lab or diagnostic results (even negative results) or any kind of medical information on the answering machine. Just ask that the call be returned. Do not leave a message of any kind on the answering machine if the answering machine tape does not furnish some reasonable indication that you have reached the correct number.
  • Leaving messages with family members at home is also acceptable for appointment reminders. Indicate only that an appointment is scheduled, not what the visit is for. Do not leave any other kind of information, unless the Practice’s records show that the person on the phone is a “friend or family” designated by the client to be a permitted recipient of PHI.
  • Leaving messages at work is very sensitive. Avoid calling the work number, but if necessary ask for a return call and nothing more.
  • Appointment reminders by postcard is acceptable, so long as the appointment is of a routine nature.

Do not use email to communicate with patients unless the Privacy Officer has developed a specific written policy to control the use of this form of communication.

D. Personal Data

Personal data (usually referred to just as “data” below) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered there. We may collect personal information such as your name, email address, home or work phone number or other information you provide us. We use this information to answer questions you may ask us, deliver services to you that you request, and send you updates and communicate with you when you ask us to. We may also collect information about your computer hardware and software, such as your IP address, browser type, domain names, access times and referring web site address. We use this information to operate our service, maintain our quality of service, and provide general statistics regarding use of our website.

Of the data we collect through our website (which we will talk about in more detail below), we do not collect or process what are called “special categories” of data that may risk your rights and freedoms. For example, through our website, we do not collect any characteristics of protected classifications including age, race or ethnic origin, religion or philosophical beliefs, sexual orientation, political opinions, trade union memberships, biometric data used to identify an individual, data related to sexual orientation, sexual preferences, sex life, gender, or data related to gender identity or expression.

You may provide us health-related information through our website in a form you can fill out, called “personal health information” which was explained and discussed earlier in this document.

The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of your data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our website and improve the user experience which may result in said third parties also processing data they collect and control.

Our privacy policy regarding your personal data is structured as follows:

  1. I. Information about us
  2. II. The data we collect, how we use it, and the rights you have regarding our use of your data
  3. III. Information about the data processing

I. Information about us and your data

The party responsible for this website for purposes of data protection is:
Acheron Psychiatry
11 Broadway, Ste 930
New York, NY 10004
info@acheronpsych.com

II. The data we collect, how we use it, and the rights you have regarding our use of your data.

We collect any information you enter on our site, send us through email, or that you give us in any other way. If you do not fill out contact forms or send us your information with your explicit consent, we do not collect this information about you. When you visit a website, you disclose certain information, such as your Internet Protocol (IP) address and the time of your visit. This site, like many other sites, records this basic information about visits to our site through Google Analytics, but we reasonably anonymize IP addresses by blocking part of your IP address so that it cannot be reasonably connected to you or used to identify you. We will talk more about this later. We encourage you to review the privacy policies of the websites you visit, as we cannot control the information third parties gather about you, including the websites you visit before you visit our website or websites you may visit after you visit our website.

We collect two types of information about you. The first type of information we collect is information by which you may be personally identified and you voluntarily provide to us, such as name and email address. If you have other requests of us, such as telling us how we can help when you fill in our website Contact Us form or reporting a problem with our website, you may choose to provide us information such as your name, postal address, email address, or any other identifier by which you may be contacted by us online or offline (“personally identifiable information”). We may keep a copy of your correspondence (including your email address) if you write us. This includes any social media posts you may make on our social media sites (such as Facebook or LinkedIn) so we can keep track of who submitted what and are able to contact you if we need to regarding your submission.

The second type of information we may collect is information that is about you individually but does not by itself identify you (“non-personal information”). This type of information is generally collected automatically as you navigate through a website, and could include such information as IP addresses, which URL you came from, browsing patterns and actions, location data, zip code, operating system of your computer, browser type and information collected through cookies, flash cookies, web beacons, logs and other tracking technologies that helps us continually improve our services to you, but when you use our website we reasonably anonymize and aggregate this information, so it cannot be used to reasonably identify you.

The information we collect is used for administering our business activities and fulfilling any other purpose for which you provide it and consent. If you are in the EU, UK or Switzerland, or any other country, this data is transferred out of the country you accessed our website with your consent. You have explicitly consented to us transferring your first and last name, email, and any other information you provide to us to New York, United States, in order for us to perform services for you and your requests of us to do so as well as to our processors, sub processors and third-party vendors, who are also located in the United States or Canada. If you do not fill out contact forms or send us your information with your explicit consent, we do not collect your information. We may use your information: to carry out our obligations and enforce our rights for contracts entered into between you and us; to prevent fraud; to protect the rights and/or life of an individual; to protect our rights or prevent misuse of our website, property or services; to notify you about changes to our website, new services, or special offers; to recognize you when you return to our Site and remember your preferences; and, when you ask us to use your information for business activities administered by third parties, such as releasing your address information to the delivery service to deliver products/services that you ordered or provide order information to third parties that help us provide customer service.

With regard to the data processing to be described in more detail below, users and data subjects have several rights and obligations that you should be aware of. It is important that you keep your personally identifiable information up to date. We may give you notice of certain changes and updates by sending you a notice, including to the email address you provided us. It is therefore important you acknowledge and agree that it is your responsibility to maintain a valid e-mail address as a user, review this site, our Terms of Use, our cookie policy, this privacy policy, and our other policies periodically and to be aware of any changes, updates, modifications, additions or deletions. Your continued use of the site after such changes will constitute your acknowledgment of the modified privacy policy and agreement to abide and be bound by the modified privacy policy.

Your personal data is yours and you have rights over it, including but not limited to:

  • the right to be informed about the collection and use of your personal data;
  • the right of access to your personal data and any supplementary information;
  • the right to have any errors in your personal data rectified;
  • the right to have your personal data erased (“right to be forgotten”);
  • the right to block or suppress the processing of your personal data;
  • the right to move, copy or transfer your personal data from one IT environment to another;
  • the right to withdraw your consent of our processing of your personal and data;
  • the right to file a complaint with your local supervisory authority;
  • the right to object to processing of your personal data in certain circumstances;the right to non-discrimination for the same prices and service as those who have and have not exercised their privacy rights (although, as mentioned above, exercising rights such as the right to be forgotten, may prevent you from using our services and certain aspects of our website); and,
  • rights related to automated decision-making (i.e. where no humans are involved) and profiling (i.e. where certain personal data is processed to evaluate an individual).

However, after saying all of that, please know there are exceptions to these rights, many examples of which we have listed in this policy.

California residents have the right to request specific disclosures about our privacy practices, including telling you about the information we share with third parties for marketing purposes and the rights listed above (such as the right to non-discrimination). To make such a request, please contact us at the addresses below.

We do not process or respond to “Do Not Track” signals or other similar transmissions that indicate a request to disable online tracking of users who visit our site or who use our services.

III. Information about the data processing

You can request access to all your personally identifiable information and manage your data, including your withdrawal of consent, by sending an e-mail to us. We may not accommodate a request to change information if we believe the change would violate a law or cause the information to be incorrect. Please note that the personally identifiable information and non-personal information that we maintain will be deleted or anonymized after we determine there is no longer any reason to process your information or otherwise fulfill our contractual obligations to you, whichever is more appropriate. While we do not hold personal data any longer than we need to, the duration will depend on your relationship with us. Also, if you request us to delete your information, you should realize that deleting personal information may affect our ability to deliver services or may result in deleting your account completely.

Depending on which of our services you use, more than one company may be the controller of your personal data in our processors and sub-processors, discussed below. We will not disclose any personally identifiable information to any third party without first receiving your permission, which includes our processors and sub-processors and third-party vendors, below. We do not sell, trade, or rent your personally identifiable information to others.

The importance of security of your personally identifiable information is also very important to us. We have implemented measures designed to secure your personally identifiable information from accidental loss and from unauthorized access, use, alteration, and disclosure. For example, we use security software to protect the confidentiality of your personally identifiable information. We use a Secure Socket Layer/Transport Layer Security technology when information is submitted to us online. We do not store any of your personal data at our location, but instead use secure cloud storage. However, please know that when we access your personally identifiable information from our computers, it is protected in several ways with firewalls, data encryption, physical security for our buildings, files and information contained therein and other current industry standards. In addition, our business practices are reviewed periodically for compliance with policies and procedures governing the security and confidentiality of our information. Our business practices limit employee access to confidential information, and limit the use and disclosure of such information to authorized persons.

Non-personal information that you provide or that we collect also resides on a secure server in our processor and sub processor and cloud infrastructure mentioned above and is only accessible via password. We also use old fashioned lock and key with locking office doors, locking desks, building security systems, and other physical security measures.

Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your personally identifiable information, you acknowledge that:

  1. (a) there are security and privacy limitations of the Internet which are beyond our control;
  2. (b) the security, integrity and privacy of any and all information and data exchanged between you and us through this site cannot be guaranteed; and
  3. (c) any such information and data may be viewed or tampered with in transit by a third party.

Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the website or other service.

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. Information sharing to subcontractors in support services, such as customer service is permitted. All other use case categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

You can read more about the protections and treatment of your PHI below in the HIPAA data part of our privacy notices.

Children and our websites:

This website does not provide services or sell products to children under the age of 18. If you are under the age of 18 years old, please do not enter any information into this site and do not use this site. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. If you are aware of any information we may have collected from a child under 18 years of age, please let us know so that we can delete that information.

Cookies

a) Session cookies:We use cookies on our website. Cookies are small text files or other storage technologies stored on your computer by your browser. These cookies process certain specific information about you, such as your browser, location data, or IP address. This processing makes our website more user-friendly, efficient, and secure, allowing us, for example, to display our website in different languages or to offer a shopping cart function. When you close your browser, these session cookies are deleted.

b) Third-party cookies: If necessary, our website may also use cookies from companies with whom we cooperate for the purpose of advertising, analyzing, or improving the features of our website. Please refer to the following information for details, in particular for the legal basis and purpose of such third-party collection and processing of data collected through cookies.

c) Disabling cookies: You can refuse the use of cookies by changing the settings on your browser. Likewise, you can use the browser to delete cookies that have already been stored. However, the steps and measures required vary, depending on the browser you use. If you have any questions, please use the help function or consult the documentation for your browser or contact its maker for support. Browser settings cannot prevent so-called flash cookies from being set. Instead, you will need to change the setting of your Flash player. The steps and measures required for this also depend on the Flash player you are using. If you have any questions, please use the help function or consult the documentation for your Flash player or contact its maker for support.

If you prevent or restrict the installation of cookies, not all of the functions on our site may be fully usable.

Log Data:

Like many Site operators, we collect information that your browser sends whenever you visit our Site (“Log Data”).

This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages and other statistics.

Who we share it with

The Site uses Google Analytics to collect information about the use of our Site and Services. Google Analytics collects information such as how often users visit our Site, what pages they visit when they do so, and what other Sites they used prior to coming to our Site. We use the information we get from Google Analytics to improve our Site. Google Analytics collects only the IP address assigned to you on the date you visit our Site, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit our Site, the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to our Site is restricted by the Google Analytics Terms of Use – http://www.google.com/analytics/terms/us.html. You can prevent Google Analytics from recognizing you on return visits to this Site by disabling cookies on your browser – https://tools.google.com/dlpage/gaoptout

We use Hotjar in order to better understand our Customers’ needs and to optimize the Site and Services. Hotjar is a technology service that helps us better understand our Customers experience. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices, in particular device’s IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our Site). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor Company will use, unless directed by a Court, or governmental agency, rule or regulation, this information to identify individual users or to match it with further data on an individual user.

For further details, please see Hotjar’s privacy policy by clicking on this link.

You can opt-out to the creation of a user profile, Hotjar’s storing of data about Your usage of our Site and Hotjar’s use of tracking cookies on other Sites by following this opt-out link.

Google-Maps

Our website uses Google Maps to display our location and to provide directions. This is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 (hereinafter: Google). To enable the display of certain fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed.

If you access the Google Maps components integrated into our website, Google will store a cookie on your device via your browser. Your user settings and data are processed to display our location and create a route description. We cannot prevent Google from using servers in the USA. By connecting to Google in this way, Google can determine from which website your request has been sent and to which IP address the directions are transmitted. If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Further details can be found in the section about cookies above. In addition, the use of Google Maps and the information obtained via Google Maps is governed by the Google Terms of Use and the Terms and Conditions for Google Maps. Google also offers further information at https://adssettings.google.com/authenticated and https://policies.google.com/privacy

Google Fonts

Our website uses Google Fonts to display external fonts. This is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 (hereinafter: Google).

To enable the display of certain fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed. When you access our site, a connection to Google is established from which Google can identify the site from which your request has been sent and to which IP address the fonts are being transmitted for display.

Google offers detailed information at: https://adssettings.google.com/authenticated and https://policies.google.com/privacy in particular on options for preventing the use of data.

Facebook plug-in

Our website uses the plug-in of the Facebook social network. Facebook.com is a service provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. In the EU, this service is also operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, hereinafter both referred to as “Facebook.” Further information about the possible plug-ins and their respective functions is available from Facebook at https://developers.facebook.com/docs/plugins.

If the plug-in is stored on one of the pages you visit on our website, your browser will download an icon for the plug-in from Facebook’s servers in the USA. For technical reasons, it is necessary for Facebook to process your IP address. In addition, the date and time of your visit to our website will also be recorded. If you are logged in to Facebook while visiting one of our plugged-in websites, the information collected by the plug-in from your specific visit will be recognized by Facebook. The information collected may then be assigned to your personal account at Facebook. If, for example, you use the Facebook Like button, this information will be stored in your Facebook account and published on the Facebook platform. If you want to prevent this, you must either log out of Facebook before visiting our website or use an add-on for your browser to prevent the Facebook plug-in from loading. Further information about the collection and use of data as well as your rights and protection options in Facebook’s privacy policy found at https://www.facebook.com/policy.php.

SMS Communication

By providing your phone number, you consent to receive SMS (text) messages from us for both marketing and appointment-related purposes. This section outlines how we collect, use, and protect your information when you opt in to receive these communications.

a) Collection of Information

When you provide your phone number, we collect it for the purposes of sending marketing messages, appointment reminders, and scheduling-related updates. Your phone number will not be sold or shared with third parties, except for service providers who assist in delivering SMS communications.

b) Use of SMS Data

We use SMS to send appointment reminders and scheduling-related messages. You will not receive SMS messages unrelated to marketing or scheduling without providing additional consent.

c) Data Security & HIPAA Compliance

We are committed to protecting your personal information. All data, including your phone number, is stored and managed according to our HIPAA policy, ensuring that your information is handled with the highest standards of security and privacy. Any third-party service providers we use for SMS communications are required to follow the same privacy and security standards to maintain HIPAA compliance.

d) Opting In and Out

You can opt into SMS communications by providing your phone number through our website or other registration methods. You may opt out of receiving SMS marketing or appointment-related messages at any time by replying with “STOP” or contacting us directly. Opting out of marketing messages will not affect appointment-related communications unless specifically requested.

e) Data Retention

Your phone number will be retained as long as necessary for both marketing and scheduling purposes, or until you opt out of SMS communications. All data will be stored securely and in accordance with HIPAA regulations.

Consent

By using our website and choosing to opt-in to our collection of your data, you consent to the collection and use of your personally identifiable information and non-personal information as described in this privacy policy and we assume we have your express permission and consent to use transfer your personally identifiable information and non-personal information as detailed herein.

Changes to our Privacy Notices

If our privacy policy or procedures change, we will immediately post those changes to our website. Any such changes will be effective immediately upon being posted, unless otherwise stated in the change. By continuing to access or use our services after those changes become effective, you agree to be bound by the revised privacy policy. The date the privacy policy was last revised is identified below. We may notify you of changes to this privacy policy, but you are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our website and this privacy policy to check for any changes.

Privacy Policies and Data Collection from Third Party Websites.

Except as described in this privacy policy, this document only addresses the use and disclosure of information that we collect from you. Although we strongly urge third parties to comply with our standards of protecting your data, please consult each website’s privacy policy and terms of use regarding their policies and data collection, as we are not responsible for the practices or policies of third parties and cannot control their collection of information.

Effective Date

This update to our privacy policy is effective as of July 31, 2025

Questions?

If you have any questions about this privacy policy, the practices of this site, or your dealings with this site, please contact us by sending a letter to:

Reach Out Today

You can use this form to ask us anything or to schedule a complimentary phone consultation.