Privacy Policy & HIPAA Notice

Our Commitment to Your Privacy

ANATÔMÉ by Jafary is committed to protecting your privacy and maintaining the security of your Protected Health Information (PHI). This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable privacy laws.

HIPAA Notice of Privacy Practices

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

1. Information We Collect

We collect information that you provide directly to us, including:

• Personal Identifiers: Name, email address, phone number, mailing address
• Protected Health Information (PHI): Medical history, symptoms, treatment information, appointment details
• Payment Information: Insurance information, billing details (processed securely through encrypted channels)
• Technical Information: IP address, browser type, device information, usage data

2. How We Use Your Information

We use your information for the following purposes:

• Treatment: To provide, coordinate, and manage your healthcare and related services
• Payment: To obtain payment for services provided, including billing and insurance claims
• Healthcare Operations: To improve quality of care, train staff, and conduct business operations
• Appointment Management: To schedule, confirm, and remind you of appointments
• Communication: To respond to inquiries and provide information about our services
• Legal Compliance: To comply with applicable laws and regulations

3. How We Protect Your Information

We implement comprehensive security measures to protect your PHI:

• Encryption: All data transmitted through our website uses HTTPS/TLS encryption
• Access Controls: Role-based access restrictions ensure only authorized personnel can access PHI
• Audit Logging: All access to patient data is logged and monitored for compliance
• Secure Storage: Patient data is stored in encrypted databases with regular backups
• Staff Training: All staff members receive HIPAA compliance training
• Business Associate Agreements: We maintain BAAs with all third-party service providers who handle PHI

4. Your Rights Under HIPAA

You have the following rights regarding your Protected Health Information:

• Right to Access: You may request copies of your medical records
• Right to Amend: You may request corrections to your medical records
• Right to an Accounting: You may request a list of disclosures of your PHI
• Right to Request Restrictions: You may request limits on how we use or disclose your PHI
• Right to Request Confidential Communications: You may request that we communicate with you in a specific way or at a specific location
• Right to a Paper Copy: You may request a paper copy of this notice at any time

5. When We May Disclose Your Information

We may disclose your PHI in the following circumstances:

• With Your Authorization: When you provide written consent
• To Healthcare Providers: For treatment, payment, or healthcare operations
• To Business Associates: To third parties who assist in providing services (under BAA)
• As Required by Law: When required by federal, state, or local law
• Public Health Activities: To prevent or control disease, injury, or disability
• Health Oversight Activities: To government agencies for audits, investigations, or inspections
• Legal Proceedings: In response to court orders or subpoenas

6. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to improve your experience and analyze website usage. These technologies do not access your PHI. You can control cookies through your browser settings.

7. Third-Party Services

We may use third-party services for website hosting, analytics, and appointment management. All third parties that handle PHI have signed Business Associate Agreements and are required to maintain HIPAA compliance.

8. Data Retention

We retain your medical records and PHI as required by California state law and HIPAA regulations. Generally, adult medical records are retained for a minimum of 7 years from the date of last treatment.

9. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Changes will be posted on this page with an updated effective date. We will notify you of material changes by email or through a notice on our website.

10. Breach Notification

In the event of a breach of unsecured PHI, we will notify affected individuals as required by HIPAA within 60 days of discovery of the breach.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

12. Filing a Complaint

If you believe your privacy rights have been violated, you may file a complaint with:

• Our Privacy Officer at the contact information above
• The U.S. Department of Health and Human Services Office for Civil Rights

You will not be retaliated against for filing a complaint.