Privacy Policy

This Privacy Policy applies to information collected through our website, during the provision of medical services, and through any other interactions with Whole Pediatrics Group. By using our services or website, you consent to the practices described in this policy.

1. Information We Collect

We collect several types of information to provide and improve our healthcare services:

Personal Information

• Patient and parent/guardian names
• Contact information (address, phone number, email address)
• Date of birth and age
• Emergency contact information
• Insurance information (if applicable)
• Social Security number (for billing and identification purposes)
• Demographic information

Medical Information

• Complete medical history
• Physical examination findings
• Diagnoses and treatment plans
• Prescription and medication records
• Laboratory and diagnostic test results
• Immunization records
• Allergies and adverse reactions
• Growth and development data
• Family medical history (as relevant to the child's care)
• Parent/guardian medical history (as relevant to the child's care)

Payment and Billing Information

• Credit card or bank account information for membership fees
• Billing address
• Payment history and transaction records
• Insurance information and claims (when applicable)

Website Information

• IP address and browser type
• Pages visited and time spent on our website
• Referring website or search terms
• Device information (mobile, tablet, desktop)
• Cookies and similar tracking technologies

2. How We Use Your Information

We use your information for the following purposes:

Providing Medical Care

• Diagnosing and treating medical conditions
• Coordinating care with specialists and other healthcare providers
• Maintaining medical records
• Monitoring growth, development, and health outcomes
• Providing preventive care and health education
• Following up on treatment and test results

Communication

• Scheduling and confirming appointments
• Sending appointment reminders
• Communicating test results and treatment recommendations
• Responding to your questions and concerns
• Providing health education and wellness information
• Sending practice updates and newsletters (with your consent)

Billing and Payment

• Processing membership fees and payments
• Submitting insurance claims (when applicable)
• Verifying insurance coverage and benefits
• Collecting outstanding balances
• Providing receipts and billing statements

Practice Operations

• Improving the quality of our services
• Training staff and students (with patient identifiers removed)
• Conducting quality assurance and improvement activities
• Managing practice operations and administration
• Complying with legal and regulatory requirements

Research and Analytics

• Conducting medical research (with your explicit consent and with identifiers removed)
• Analyzing aggregate health trends and outcomes
• Improving website functionality and user experience

3. Information Sharing and Disclosure

We take your privacy seriously and only share your information in limited circumstances:

Healthcare Providers

We may share your medical information with:

• Specialists, consultants, and other physicians involved in your child's care
• Hospitals, laboratories, and imaging facilities for diagnostic testing and treatment
• Pharmacies for prescription fulfillment
• Emergency medical personnel in urgent situations

Third-Party Service Providers

We may share information with trusted service providers who assist in practice operations:

• Electronic health record (EHR) system providers
• Billing and payment processing companies
• IT support and cybersecurity services
• Practice management software providers
• Secure messaging and telemedicine platforms

These providers are bound by strict confidentiality agreements and are only permitted to use your information for the specific services they provide to us.

Legal Requirements

We may disclose your information when required by law:

• In response to court orders, subpoenas, or legal process
• To comply with mandatory reporting laws (child abuse, communicable diseases, etc.)
• To law enforcement when required by law
• To public health authorities for disease surveillance and prevention
• In response to government investigations or audits

Emergency Situations

We may disclose medical information without your consent in emergency situations where:

• Immediate medical intervention is necessary
• Disclosure is necessary to prevent serious harm
• Your child's life or health is in danger

Business Transfers

In the event of a merger, acquisition, or sale of our practice, your information may be transferred to the new owner, subject to the same privacy protections outlined in this policy.

With Your Consent

We may share your information with your explicit written consent for purposes not otherwise described in this policy.

4. Data Security

We implement comprehensive security measures to protect your information:

Physical Safeguards

• Secure office facilities with controlled access
• Locked filing cabinets for physical records
• Secure disposal of documents containing personal information

Technical Safeguards

• Encrypted electronic health records systems
• Secure, password-protected computers and devices
• Firewall protection and antivirus software
• Secure backup systems
• Encrypted email and messaging for sensitive communications
• Regular security audits and updates

Administrative Safeguards

• Staff training on privacy and security policies
• Confidentiality agreements with all staff and contractors
• Limited access to information based on job role
• Regular privacy policy reviews and updates

Important: While we implement strong security measures, no electronic transmission or storage system is 100% secure. We cannot guarantee absolute security of your information.

5. Your Privacy Rights

Under HIPAA and California law, you have the following rights regarding your information:

Right to Access

You have the right to inspect and obtain copies of your medical records. Requests should be made in writing. We will respond within 30 days and may charge a reasonable fee for copying costs.

Right to Correction

If you believe your medical records contain errors, you have the right to request corrections. We will review your request and either make the correction or explain why we cannot.

Right to Request Restrictions

You may request restrictions on how we use or disclose your medical information. We will consider your request but are not required to agree to it except in certain circumstances.

Right to Confidential Communications

You may request that we communicate with you in a specific manner or at a specific location for privacy reasons.

Right to an Accounting

You may request an accounting of certain disclosures of your medical information made by our practice within the past six years.

Right to Opt-Out

You may opt-out of receiving:

• Marketing communications (newsletters, promotions)
• Non-essential appointment reminders
• Practice updates and announcements

You cannot opt-out of essential communications related to your child's medical care, billing, or appointments.

Right to Withdraw Consent

If you have provided consent for specific uses of your information, you may withdraw that consent at any time by notifying us in writing.

Right to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with:

• Whole Pediatrics Group (contact information below)
• U.S. Department of Health and Human Services Office for Civil Rights

You will not be penalized or retaliated against for filing a complaint.

6. Data Retention

We retain your information for the following periods:

Type of Information	Retention Period
Medical Records (Active Patients)	Duration of doctor-patient relationship + 7 years from last contact
Medical Records (Minors)	Until patient reaches age 25 (minimum)
Billing and Payment Records	7 years from date of service
Website Analytics	26 months (automatically deleted)
Email Communications	Duration of patient relationship + 3 years

We may retain information longer if required by law or for legitimate business purposes. Medical records of deceased patients are retained according to California law.

7. Children's Privacy

Our practice provides medical services to children from birth through age 18. We collect and maintain medical information about children only with appropriate parental or guardian consent.

Parents and legal guardians have the right to:

• Access their child's medical records
• Request corrections to their child's records
• Make healthcare decisions on behalf of their minor child

For adolescent patients (typically ages 12-18), California law provides certain privacy rights regarding sensitive health services (reproductive health, mental health, substance abuse treatment). We will discuss these rights with parents and adolescent patients as appropriate.

8. Website Cookies and Tracking

Our website uses cookies and similar tracking technologies to improve user experience:

Types of Cookies We Use

• Essential Cookies: Required for website functionality (cannot be disabled)
• Analytics Cookies: Help us understand how visitors use our website
• Preference Cookies: Remember your settings and preferences

We use Google Analytics to analyze website traffic. Google Analytics collects anonymized data about website usage. You can opt-out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

You can control cookies through your browser settings. Disabling cookies may affect website functionality.

9. Third-Party Links

Our website may contain links to third-party websites for your convenience. We are not responsible for the privacy practices or content of external websites. We encourage you to review the privacy policies of any third-party sites you visit.

10. California Privacy Rights

California residents have additional privacy rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request information about the personal information we collect, use, and disclose
• Right to Delete: You can request deletion of your personal information (subject to legal and regulatory exceptions)
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

Note: Medical information protected by HIPAA is generally exempt from CCPA. However, information collected through our website may be subject to CCPA.

To exercise these rights, contact us using the information provided below.

11. Direct Primary Care Model Notice

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• We will post the updated policy on our website with a new "Effective Date"
• We will notify you of material changes by email or through a notice on our website
• Continued use of our services after changes indicates acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Us

14. Consent and Acknowledgment

By using our website or services, you acknowledge that you have read and understood this Privacy Policy and consent to our collection, use, and disclosure of your information as described herein.

Upon enrollment as a patient, you will be asked to sign a separate consent form acknowledging receipt of our complete Notice of Privacy Practices as required by HIPAA.

Effective Date: January 1, 2025
Last Updated: January 1, 2025