Privacy Policy

Updated April 30, 2024

This privacy policy exists to explain what information we collect, what we do with it, and how we protect it.

If you're a patient who books an appointment with our practice, your information will be saved in our HIPAA-compliant, CEHRT-certified Electronic Health Records (EHR) system. The combination of your name, email, phone number, and DOB will be used to uniquely identify you to our practice, which will allow us to determine if you're a new or existing patient.

Your "reason for visit" will be used by our practice to plan accordingly and confirm that the visit is appropriate.

We may use your phone number and email address to send appointment confirmations, reminders, and other messages related to your visit. When we contact you, we will always provide an option to opt out of future messages from us, although by opting out you acknowledge that this may mean that you don't get important reminders from us.

If we collect payment for a visit, we may send your information to financial partners to facilitate payment.

We do not:

• run third party ads on our platform
• sell patient or practice data to third parties
• use cookies to follow patients on other sites

Our practice will maintain your data for at least as long as you are a patient of ours.  Additionally, we may retain your data for period after you are no longer a patient in order to comply with Federal and State requirements. Our practice will maintain audit logs recording which practice employees accessed your demographic and health data and which records were viewed. Your demographic and medical data may live in our EHR database indefinitely, and may also exist in encrypted, off-site backups in compliance with HIPAA regulations.

You have the right to inspect and request corrections to your data that is contained in our EHR system. We agree to update your contact information and preferences upon request,and will update demographic information upon proper proof, such as a government ID or court records confirming such change. Additionally, you may request changes to your medical record; we agree to review your request, however we will not make changes to your medical record if we feel your record is complete and accurate.

All web traffic is encrypted is encrypted via SSL. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems. When we send emails regarding appointments, we will include your name, email, and name of the practice, but we won't include your date of birth or any medical information.

Your DOB and Reason for Visit will only be transferred to the medical practice over encrypted channels.

We use cookies to:

• Store login information that persists across the user's session.
• Generate website traffic reports in Google Analytics (GA). GA uses their own cookies to provide this information.

If you disable cookies in your browser, you might not be able to make book appointments.

We will not sell, trade, or transfer your personally identifiable information unless we provide you with advance notice. We will never disclose your mobile phone number to third parties or affiliates for marketing or promotional purposes. We may disclose your personal information without specific consent to:

• Any medical practices we're contacting on your behalf
• Website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.
• Certified health records systems providers that comply with HIPAA regulations. This may include third party service providers, if covered by HIPAA Business Associate Agreements that provide privacy protections at least as stringent as ours.

However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

According to CalOPPA we agree to the following:

• Users can visit our site anonymously
• Once this privacy policy is created, we will add a link to it on our home page, or as a minimum on the first significant page after entering our website.
• Our Privacy Policy link includes the word 'Privacy', and can be easily be found on the page specified above.
• Users will be notified of any privacy policy changes on our Privacy Policy Page
• Users are able to change their personal information by logging in to their account

When it comes to the collection of personal information from children under 13, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation's consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.

We do not specifically market to children under 13.

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices, should a data breach occur, we will notify the users via email within 7 business days

We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

To be in accordance with CANSPAM we agree to the following: If at any time you would like to unsubscribe from receiving future emails, you can email us at admin@derm.doctor and we will promptly remove you from all correspondence.

If there are any questions regarding this privacy policy you may contact us at admin@derm.doctor.