Privacy Policy

Effective Date: January 1, 2024

Your Privacy Rights: Vallen Allergy & Asthma, PC is committed to protecting your privacy and maintaining the confidentiality of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable laws.

1. Introduction

Vallen Allergy & Asthma, PC (“we,” “our,” “us,” or the “Practice”) respects your privacy and is committed to protecting your personal and protected health information (PHI). This Privacy Policy describes our practices concerning information collected through our website, in our office, and through other interactions with our Practice.

This Privacy Policy should be read in conjunction with our Notice of Privacy Practices (NPP), which provides detailed information about how we use and disclose your protected health information for treatment, payment, and healthcare operations as required by HIPAA.

2. Information We Collect

2.1 Protected Health Information (PHI)

When you become a patient of our Practice, we collect and maintain health information that may include:

  • Personal identifiers (name, address, date of birth, Social Security number)
  • Contact information (phone numbers, email addresses)
  • Medical history and allergy information
  • Test results and diagnostic information
  • Treatment plans and clinical notes
  • Prescription and medication information
  • Insurance and billing information
  • Photographs or videos taken for medical documentation purposes

2.2 Website Information

When you visit our website (www.vallenallergyasthma.com), we may automatically collect:

  • Browser type and version
  • Operating system
  • IP address
  • Pages visited and time spent on pages
  • Referring website addresses
  • Date and time of visits

2.3 Information You Provide

We collect information you voluntarily provide through:

  • Online appointment request forms
  • Patient portal registration and use
  • Email communications
  • Phone conversations
  • New patient registration forms
  • Feedback or contact forms

3. How We Use Your Information

3.1 Treatment, Payment, and Healthcare Operations

We use your protected health information for:

  • Treatment: Providing, coordinating, and managing your healthcare and related services, including consultations with other healthcare providers
  • Payment: Billing and collection activities, insurance verification, claims processing, and payment processing
  • Healthcare Operations: Quality assessment, training, licensing, accreditation, compliance, and other business activities necessary to run our Practice

3.2 Website and Communication Purposes

We use website and contact information to:

  • Respond to your inquiries and appointment requests
  • Send appointment reminders and confirmations
  • Provide patient education and health information
  • Improve our website functionality and user experience
  • Maintain website security
  • Comply with legal obligations

4. How We Share Your Information

4.1 Required or Permitted by Law

We may disclose your information when required or permitted by law, including:

  • To public health authorities for disease control and prevention
  • To comply with court orders or legal proceedings
  • To law enforcement for specific law enforcement purposes
  • To coroners, medical examiners, and funeral directors as necessary
  • For workers’ compensation purposes
  • To prevent serious threats to health or safety

4.2 Business Associates

We may share your information with business associates who perform services on our behalf, such as:

  • Medical billing companies
  • Electronic health record vendors
  • IT service providers
  • Laboratory and diagnostic services
  • Medical transcription services

All business associates are required to sign agreements protecting your information and complying with HIPAA requirements.

4.3 With Your Authorization

Other uses and disclosures will be made only with your written authorization. You may revoke such authorization at any time in writing, except to the extent that we have already taken action in reliance on the authorization.

5. Your Rights Regarding Your Information

Under HIPAA, you have the following rights:

5.1 Right to Access

You have the right to inspect and obtain a copy of your protected health information in our records, with limited exceptions. We may charge a reasonable fee for copying and mailing records.

5.2 Right to Amend

You have the right to request that we amend your health information if you believe it is incorrect or incomplete. We may deny your request under certain circumstances.

5.3 Right to an Accounting of Disclosures

You have the right to receive a list of certain disclosures we have made of your health information.

5.4 Right to Request Restrictions

You have the right to request restrictions on how we use or disclose your health information. We are not required to agree to your request except in limited circumstances.

5.5 Right to Request Confidential Communications

You have the right to request that we communicate with you about your health information in a particular manner or at a particular location.

5.6 Right to a Paper Copy of This Notice

You have the right to obtain a paper copy of this Privacy Policy and our Notice of Privacy Practices upon request.

6. Website-Specific Privacy Practices

6.1 Cookies and Tracking Technologies

Our website may use cookies and similar tracking technologies to enhance your browsing experience. Cookies are small text files stored on your device. You can control cookie preferences through your browser settings.

6.2 Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

6.3 Online Forms and Communications

While we use secure methods to protect information submitted through our website, please be aware that email and online forms may not be completely secure. Do not send sensitive medical information via unsecured email.

6.4 Patient Portal

Our patient portal provides secure access to your health information. You are responsible for maintaining the confidentiality of your login credentials. Contact us immediately if you believe your portal access has been compromised.

7. Data Security

We implement appropriate administrative, physical, and technical safeguards to protect your information from unauthorized access, use, or disclosure, including:

  • Secure, encrypted electronic health record systems
  • Restricted access to patient information on a need-to-know basis
  • Staff training on privacy and security practices
  • Secure storage of physical records
  • Regular security assessments and updates
  • Encryption of data transmitted through our website
  • Firewall and antivirus protection

8. Data Retention

We retain your health information for as long as required by applicable federal and state laws. Medical records are typically retained for a minimum of seven years from the date of last treatment, or longer if required by law or if the patient is a minor.

9. Children’s Privacy

Our website is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 through our website. If you are under 18, please use our website only with the involvement of a parent or guardian. Our Practice does treat pediatric patients, and we protect the privacy of minors in accordance with HIPAA and applicable state laws.

10. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Changes will be effective immediately upon posting to our website. We will provide notice of material changes as required by law. The effective date at the top of this policy indicates when it was last updated.

11. State-Specific Privacy Rights

Depending on your state of residence, you may have additional privacy rights under state law. If you have questions about state-specific privacy rights, please contact our Privacy Officer.

12. Breach Notification

In the event of a breach of your unsecured protected health information, we will notify you as required by law. Notification may be provided by mail, telephone, or email, and will include information about the breach and steps you can take to protect yourself.

13. Contact Information

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact:

Vallen Allergy & Asthma, PC

14. Complaints

If you believe your privacy rights have been violated, you may file a complaint with our Practice or with the Secretary of the U.S. Department of Health and Human Services. You will not be retaliated against for filing a complaint.

To file a complaint with our Practice:
Contact our Privacy Officer using the information above.

To file a complaint with the Department of Health and Human Services:
Office for Civil Rights
U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201
Phone: 1-877-696-6775
Website: www.hhs.gov/ocr/privacy/hipaa/complaints/