Privacy Policy & HIPAA Notice

1. Notice of Privacy Practices

This Privacy Policy describes how Charles County Surgical Arts may use and disclose your Protected Health Information (PHI) and your rights regarding your health information. We are required by law to:

• Maintain the privacy of your health information
• Provide you with notice of our legal duties and privacy practices
• Follow the terms of the notice currently in effect
• Notify you if we are unable to agree to a requested restriction

2. Information We Collect

2.1 Protected Health Information (PHI)

When you request an appointment or receive services, we may collect:

• Personal Identifiers: Name, address, email, phone number, date of birth
• Medical Information: Health history, treatment records, diagnosis, medications
• Insurance Information: Insurance provider, policy numbers, coverage details
• Billing Information: Payment methods, billing addresses, financial information

2.2 Website Usage Information

When you visit our website, we may automatically collect:

• IP address and device information
• Browser type and version
• Pages visited and time spent on pages
• Referral source and clickstream data
• Cookies and similar tracking technologies

3. How We Use Your Information

3.1 Treatment, Payment, and Healthcare Operations (TPO)

We may use and disclose your PHI for the following purposes without your authorization:

• Treatment: To provide, coordinate, or manage your healthcare and related services
• Payment: To bill and collect payment for services provided
• Healthcare Operations: For quality improvement, training, and business management

3.2 Communications

With your consent, we may contact you for:

• Appointment confirmations and reminders
• Treatment follow-ups and care coordination
• Practice updates and health-related information
• Billing and insurance matters

4. Information Sharing and Disclosure

4.1 Required by Law

We may disclose your PHI when required by federal, state, or local law, including:

• Public health authorities for disease prevention
• Law enforcement in response to court orders or subpoenas
• Health oversight agencies for audits and investigations
• Coroners, medical examiners, and funeral directors

4.2 Business Associates

We may share your information with third-party service providers (Business Associates) who perform services on our behalf, such as:

• Medical billing and coding services
• Cloud storage and IT service providers
• Email and communications platforms
• Practice management software vendors

All Business Associates are required to sign HIPAA-compliant agreements to protect your information.

4.3 Never Shared Without Consent

We will NEVER share your PHI for marketing purposes or sell your information to third parties without your explicit written authorization.

5. Your Privacy Rights

Under HIPAA and applicable state laws, you have the following rights regarding your health information:

To exercise any of these rights, please submit a written request to our Privacy Officer at the address listed below.

6. Data Security

We implement appropriate technical, administrative, and physical safeguards to protect your information, including:

• Encryption: SSL/TLS encryption for data transmission
• Access Controls: Role-based access and authentication requirements
• Secure Storage: HIPAA-compliant cloud infrastructure
• Regular Audits: Ongoing security assessments and monitoring
• Staff Training: HIPAA compliance training for all employees
• Business Associate Agreements: Contracts with all third-party vendors

7. Website Cookies and Tracking

Our website uses cookies and similar technologies to improve your experience. You can control cookie preferences through your browser settings. Note that disabling cookies may affect website functionality.

Types of Cookies We Use:

• Essential Cookies: Required for website operation
• Analytics Cookies: Help us understand how visitors use our site
• Functional Cookies: Remember your preferences and settings

8. Minors' Privacy

For patients under 18 years of age, we require parental or guardian consent for treatment and information disclosure. Parents/guardians have the right to access their minor child's health information, subject to applicable state laws.

9. Retention of Information

We retain your health information for as long as required by Maryland state law and applicable federal regulations. Medical records are typically retained for a minimum of 7 years after the last date of service, or longer if required by law.

10. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Changes will be effective immediately upon posting to our website. We will provide notice of material changes as required by law. The current version will always be available on our website.

11. Your Consent

By using our website and services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.