Privacy Policy

1. Introduction

Vitrona Health, LLC ("Vitrona Clinic," "we," "us," or "our") is committed to protecting the privacy and security of your personal information and protected health information (PHI). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us as a patient or prospective patient.

This policy complies with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended, and applicable state and federal privacy laws, including those in Ohio and Kentucky where we operate.

2. HIPAA Notice of Privacy Practices

As a covered healthcare provider under HIPAA, we are required to maintain the privacy of your protected health information and to provide you with notice of our legal duties and privacy practices. This Privacy Policy serves as our Notice of Privacy Practices as required by HIPAA.

Your Rights Under HIPAA:

• Right to Access: You have the right to inspect and obtain a copy of your health records.
• Right to Amend: You may request corrections to your health information if you believe it is incorrect or incomplete.
• Right to an Accounting: You may request a list of certain disclosures we have made of your health information.
• Right to Request Restrictions: You may request restrictions on how we use or disclose your health information.
• Right to Confidential Communications: You may request that we communicate with you in a certain way or at a certain location.
• Right to a Paper Copy: You have the right to receive a paper copy of this Privacy Policy upon request.

3. Information We Collect

We may collect the following types of information:

3.1 Protected Health Information (PHI)

When you become a patient, we collect health information necessary to provide medical care, including:

• Medical history and current health conditions
• Medications and allergies
• Treatment plans and clinical notes
• Lab results and diagnostic information
• Insurance and billing information
• Contact information (name, address, phone, email)

3.2 Contact and Inquiry Information

When you contact us through our website or by phone, we collect:

• Name, email address, and phone number
• Content of your inquiry or message
• Any information you voluntarily provide

4. How We Use Your Information

We use your information for the following purposes:

4.1 Treatment

To provide, coordinate, and manage your healthcare services and related treatments.

4.2 Payment

To obtain payment for services we provide, including billing, claims management, and collection activities.

4.3 Healthcare Operations

For our healthcare operations, including quality assessment, staff training, accreditation, certification, licensing, and business planning.

4.4 Communication

To communicate with you about appointments, treatment options, educational materials, and administrative matters.

4.5 Legal Compliance

To comply with applicable laws, regulations, legal processes, and governmental requests.

5. How We Disclose Your Information

We may disclose your protected health information in the following circumstances:

• With Your Consent: When you provide written authorization
• To Healthcare Providers: For treatment coordination with other providers involved in your care
• To Business Associates: To third parties who perform services on our behalf (e.g., billing, IT services) under strict confidentiality agreements
• As Required by Law: When required by federal, state, or local law
• For Public Health: To public health authorities for disease prevention and reporting
• To Prevent Harm: When necessary to prevent a serious threat to health or safety
• For Legal Proceedings: In response to court orders, subpoenas, or legal processes

We do not sell your personal information or protected health information to third parties.

5.1 Electronic Medical Records Platform

Vitrona Clinic uses Healthie, a HIPAA-compliant electronic medical records (EMR) platform, to securely store and manage patient health information. Healthie serves as a Business Associate under HIPAA and has executed a Business Associate Agreement (BAA) with us.

Healthie's role includes:

• Secure storage of electronic health records
• Appointment scheduling and management
• Patient communication and messaging
• Treatment documentation and care coordination
• Encrypted data transmission and storage

Healthie maintains industry-leading security standards and is SOC 2 Type II certified. For more information about Healthie's privacy practices, visit gethealthie.com/security

6. How We Protect Your Information

We implement appropriate technical, administrative, and physical safeguards to protect your information from unauthorized access, disclosure, alteration, or destruction:

• Secure, encrypted storage of electronic health records
• Restricted access to PHI on a need-to-know basis
• Regular staff training on HIPAA compliance and privacy practices
• Secure communication channels for sensitive information
• Physical security measures at our facilities
• Regular security assessments and updates
• Business Associate Agreements with third-party vendors

7. Website Privacy

Our website is designed with your privacy in mind. We do not use tracking cookies or third-party analytics tools that collect personal information.

Any forms submitted through our website (such as contact forms) are transmitted securely and handled in accordance with this Privacy Policy.

8. Your Privacy Choices

You have the right to:

• Request access to your health records by contacting our office
• Request amendments to your health information if you believe it is inaccurate
• Request restrictions on the use and disclosure of your information
• Request confidential communications through alternative means or locations
• Opt out of marketing communications (if applicable)
• File a complaint if you believe your privacy rights have been violated

9. Minors' Privacy

Our services are not directed to individuals under the age of 18 without parental consent. We comply with applicable laws regarding the treatment of minors and obtain appropriate parental consent as required.

10. State-Specific Privacy Rights (Ohio & Kentucky)

As a healthcare provider operating in Ohio and Kentucky, we comply with all applicable state privacy laws and regulations in both jurisdictions, including but not limited to Ohio Revised Code and Kentucky Revised Statutes provisions governing the confidentiality of medical records and patient information.

11. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Any changes will be effective immediately upon posting the updated policy on our website with a new "Last Updated" date. We will provide notice of material changes as required by HIPAA and applicable law.

We are required by law to follow the terms of the privacy policy currently in effect.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need to file a complaint, please contact us:

You also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your privacy rights have been violated:

We will not retaliate against you for filing a complaint.

13. Acknowledgment

By using our website or services, you acknowledge that you have read and understood this Privacy Policy. If you are a patient, you will be asked to sign an acknowledgment of receipt of our Notice of Privacy Practices as required by HIPAA.