Effective Date: November 14, 2022
Best Practice, LLC and Phoenix Spine and Joint Services that are unrelated to medical care (such as our newsletter, videos, and other information on our Website) are not medical providers or an entity covered by the Health Information Portability and Accountability Act (“HIPAA”). Therefore, information provided to Best Practice and Phoenix Spine and Joint is not considered to be protected health information or PHI. However, Best Practice and Phoenix Spine and Joint recognize that you are providing us with sensitive information about yourself. This Policy explains how we will use, disclose, and protect your information.
WHAT PERSONAL INFORMATION DO WE COLLECT?
We collect two types of personal information: Protected Health Information and Sensitive Information.
When you provide information to Phoenix Spine and Joint to obtain surgery services or other medical services, the information you provide us is considered protected health information or PHI. PHI can include your name, your date of birth, your medical history, and your demographic information. PHI is governed by HIPAA. We must comply with HIPAA’s security and privacy requirements when we collect your PHI.
When you use our Website Services, this information is considered Sensitive Information. Sensitive information is not governed by HIPAA. Sensitive Information can include your name, date of birth, medical information, and demographic information. We are required to comply with applicable portions of this Policy and Arizona state laws to protect the privacy and security of your Sensitive Information.
We receive and store any Sensitive Information you knowingly provide to us when you fill out any online forms on the Website or use our Services. You can choose not to provide us with certain information, but then you may not be able to take advantage of some of the Website’s features. Users who are uncertain about what information is mandatory are welcome to contact us.
When you provide Best Practice with personal information through its online forms, its television show, and other requests for information, this information is considered Sensitive Information. Sensitive information provided to Best Practice is not governed by HIPAA. Best Practice is required to comply with applicable portions of this Policy and Arizona state laws to protect the privacy and security of your Sensitive Information.
WHAT NON-PERSONAL INFORMATION DO WE COLLECT?
When you visit the Website our servers automatically record information that your browser sends. This data may include information such as your device’s IP address, browser type and version, operating system type and version, language preferences or the webpage you were visiting before you came to our Website, pages of our Website that you visit, the time spent on those pages, information you search for on our Website, access times and dates, and other statistics.
HOW DO WE USE AND PROCESS PERSONAL AND NON-PERSONAL COLLECTED INFORMATION?
We, including Best Practice, use the information that we gather about you, including personal information, for the following purposes:
- Providing and Improving Our Services. To provide and maintain our Services; to develop new features, products, or services; to perform technical operations, such as updating our Website and for other customer service and support services.
- Research Analytics. To analyze how our users interact with our Services; to monitor and analyze usage and activity trends; and for other research, analytical, and statistical purposes.
- Marketing and Communications. To communicate with you about our Services; to send you product, service, or event updates; to respond to your inquiries; to provide you with news, newsletters, special offers, promotions, and other information we think may interest you; and for other informational marketing, or promotional purposes. We may sell or disclose your Sensitive Information to third parties for business purposes.
- Protecting Right and Interests. To protect the safety, rights, property, or security of our services and our Website, any third party, or the general public; to detect, prevent, or otherwise address fraud, security, or technical issues; to prevent or stop activity, which we, in our sole discretion, may consider to be, or to pose a risk of being, an illegal, unethical or legally actionable activity; to use as evidence in litigation; and to enforce this Policy or our Website Terms of Service.
- Legal Compliance. To comply with applicable legal or regulatory obligations, including as part of a judicial proceeding; to respond to a subpoena, warrant, court order, or other legal process; or as part of an investigation or request from law enforcement or governmental authority.
We may use, process, and disclose your anonymized PHI for improvement of health care services. We will anonymize your PHI by following HIPAA regulations. If you do not want us to share your anonymized PHI, please contact our Privacy Officer immediately using the information at the bottom of this policy.
We may use, process and disclose your Sensitive Information provided to us or Best Practice. We will not anonymize your Sensitive Information, which means your information will be fully identifiable. We may sell and/or disclose your Sensitive Information to surgeons, physicians, and other business entities who seek referral sources. We may also use your Sensitive Information to directly market services and products to you. We may sell or share your Sensitive Information for other business purposes. We will update this Policy to reflect our changing business practices, so please check back regularly for updates. If you do not want your Sensitive Information collected or used in this manner, please do not provide us or Best Practice with your Sensitive Information.
WHERE WILL PERSONAL AND NON-PERSONAL INFORMATION BE STORED AND PROCESSED?
Access to our Services, including Best Practice’s Services, are administered in the United States (“US”) and is intended for users in the US. You may not use our services in any jurisdiction where offering, accessing or using our Services would be illegal or unlawful. If you are located outside the US, please note the information you submit to us will be transferred to the US. By using our Services, you consent to this transfer and the processing of personal and non-personal information by us. If you are located in a country other than the US, you should note that, at the present, laws of the US and certain other countries have not been approved by the European Commission or privacy authorities in certain other countries as providing adequate protection for personal information within the meaning of the General Data Protection Regulation or applicable laws of other countries.
HOW DO WE PROTECT CHILDREN’S PRIVACY?
Our online, publicly available Services, including Best Practice’s Services, are not targeted to children. Children under the age of 13 are not permitted to use our Services. We do not knowingly collect information online from children under age 13. If we discover that we have collected personal information from a child under age 13, we will take steps to delete it.
HOW CAN YOU EXERCISE YOUR RIGHTS RELATED TO YOUR INFORMATION?
You may exercise certain rights regarding your information processed by us. In particular, you have the right to do the following: (i) you have the right to withdraw consent where you have previously given your consent to the processing of your information; (ii) you have the right to object to the processing of your information if the processing is carried out on a legal basis other than consent; (iii) you have the right to learn if information is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of the information undergoing processing; (iv) you have the right to verify the accuracy of your information and ask for it to be updated or corrected; (v) you have the right, under certain circumstances, to restrict the processing of your information, in which case, we will not process your information for any purpose other than storing it; and vi) you have the right, under certain circumstances, to obtain the erasure of your Personal Information from us.
We offer electronic newsletters, promotional emails, and informational emails to which you may voluntarily subscribe at any time. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails or by contacting our Privacy Officer.
Any requests to exercise User rights can be directed to our Privacy Officer using the contact details below.
WHAT ARE COOKIES AND HOW DO WE USE THEM?
In addition to using cookies and related technologies as described above, we also may permit certain third-party companies to help us tailor advertising that we think may be of interest to users and to collect and use other data about user activities on the Website. These companies may deliver ads that might also place cookies and otherwise track user behavior.
DO WE USE “DO NOT TRACK: SIGNALS?
Some browsers incorporate a Do Not Track feature that signals to websites you visit that you do not want to have your online activity tracked. Tracking is not the same as using or collecting information in connection with a website. For these purposes, tracking refers to collecting personally identifiable information from consumers who use or visit a website or online service as they move across different websites over time. Our Website does not track its visitors over time and across third party websites. However, some third party sites may keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you.
WHAT ABOUT LINKS TO OTHER WEBSITES?
Our Website contains links to other websites that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such other websites or third-parties. We encourage you to be aware when you leave our Website and to read the privacy statements of each and every website that may collect Personal Information.
WHAT INFORMATION SECURITY DO WE USE TO PROTECT YOUR INFORMATION?
We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We maintain reasonable administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of Personal Information in its control and custody. However, no data transmission over the Internet or wireless network can be guaranteed. Therefore, while we strive to protect your Personal Information, you acknowledge that (i) there are security and privacy limitations of the Internet which are beyond our control; (ii) the security, integrity, and privacy of any and all information and data exchanged between you and our Website cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with in transit by a third-party, despite best efforts.
HOW DO WE RESPOND TO A DATA BREACH?
In the event we become aware that the security of the Website has been compromised or users’ Personal Information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the user as a result of the breach or if notice is otherwise required by law. When we do, we will send you an email.
WHAT ABOUT POLCY CHANGES?
This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Website. Continued use of the Website and our Services after any such changes shall constitute your consent to such changes.
HOW CAN YOU TO CONTACT US?
If you have any questions about this Policy, please contact our Privacy Officer at email@example.com or call us at (602)256-2525 and ask to speak to our Privacy Officer.