HIPAA Compliant

Privacy Policy

Your privacy matters to us. This policy describes how we collect, use, and protect your personal and health information in accordance with HIPAA regulations.

HIPAA Compliant Secure Data Handling Patient Rights Protected

Introduction

Orovia Medical ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal and health information. This Privacy Policy, including our Notice of Privacy Practices under the Health Insurance Portability and Accountability Act (HIPAA), describes how we collect, use, and safeguard information about you.

As a healthcare provider, we understand that your medical information is personal and sensitive. We are dedicated to maintaining the confidentiality of your Protected Health Information (PHI) and complying with all applicable federal and state privacy laws, including:

  • Health Insurance Portability and Accountability Act (HIPAA) – Federal law protecting the privacy and security of health information
  • Health Information Technology for Economic and Clinical Health (HITECH) Act – Strengthened HIPAA privacy and security provisions
  • 42 CFR Part 2 – Special protections for substance abuse treatment records
  • State Privacy Laws – Additional protections under New Jersey law

By using our website and services, you consent to the collection and use of information in accordance with this policy. If you have questions about this policy, please contact our Privacy Officer.

Information We Collect

Personal Information

We collect information you provide directly to us, including:

  • Name and contact information
  • Date of birth and demographics
  • Insurance information
  • Medical history and records
  • Social Security Number (if required)
  • Emergency contact information

Protected Health Information (PHI)

As a healthcare provider, we collect and maintain PHI, which includes:

Medical Records

Diagnoses, treatments, test results, and clinical notes

Medications

Prescriptions, allergies, and medication history

Visits & Appointments

Appointment records and billing information

Website Usage Information

When you visit our website, we automatically collect certain technical information:

Device Information

Browser type, operating system, device identifiers

Usage Data

Pages visited, time spent, referral sources

IP Address

General location and network information

Cookies

Session data and preference storage

How We Use and Disclose Information

Uses and Disclosures Without Authorization

Under HIPAA, we may use and disclose your PHI for the following purposes without your explicit authorization:

Treatment

Providing, coordinating, and managing your healthcare and related services

Payment

Billing, collection, and insurance claims processing

Healthcare Operations

Quality assessment, staff training, compliance, and audits

Other Permitted Uses and Disclosures

Legal Requirements

When required by federal, state, or local law

Public Health Activities

Reporting diseases, vital records, or safety concerns

Victims of Abuse or Neglect

To appropriate authorities when required

Judicial Proceedings

In response to court orders or subpoenas

Serious Threat to Health or Safety

When necessary to prevent harm

Research

With proper authorization or IRB approval

Uses Requiring Your Authorization

Your written authorization is required for any use or disclosure of your PHI that is not listed above, including:

  • Marketing communications
  • Sale of PHI
  • Most research purposes
  • Psychotherapy notes

You may revoke your authorization at any time by contacting our Privacy Officer in writing.

Your Rights Under HIPAA

As a patient, you have the following rights regarding your Protected Health Information:

Right to Access

You have the right to request access to your medical records and PHI. We will provide access within 30 days of your written request.

Right to Amend

If you believe your PHI is incomplete or inaccurate, you may request an amendment. We will respond within 60 days.

Right to Accounting of Disclosures

You may request a list of disclosures we have made of your PHI for purposes other than treatment, payment, or healthcare operations.

Right to Request Restrictions

You may request restrictions on certain uses and disclosures of your PHI. We will consider all reasonable requests.

Right to Confidential Communications

You may request that we contact you by alternative means or at an alternative location. We will accommodate reasonable requests.

Right to Paper Copy of Notice

You have the right to receive a paper copy of this Notice of Privacy Practices at any time, even if you have agreed to receive it electronically.

Exercising Your Rights

To exercise any of these rights, please submit a written request to our Privacy Officer. Your request should:

  • Be in writing and signed by you (or your authorized representative)
  • Clearly describe the right you wish to exercise
  • Include your full name, address, and contact information
  • Provide any identification required to verify your identity

Security of Your Information

We take the security of your personal and health information seriously. We implement comprehensive administrative, physical, and technical safeguards to protect your information.

Administrative

  • HIPAA-trained staff
  • Written privacy policies
  • Regular risk assessments
  • Incident response plans

Physical

  • Secure facility access
  • Locked storage areas
  • Workstation security
  • Device controls

Technical

  • SSL/TLS encryption
  • Multi-factor authentication
  • Access controls
  • Audit logging

Breach Notification

In the event of a breach of your unsecured PHI, we will notify you in accordance with HIPAA requirements:

Immediate Notification

Within 60 days of discovery for breaches affecting 500+ individuals

Annual Reporting

Breaches affecting fewer than 500 individuals reported annually

Department of Health

All breaches reported to HHS as required by law

Cookies and Online Tracking

Our website uses cookies and similar technologies to enhance your browsing experience and analyze website usage.

Types of Cookies We Use

Essential Cookies

Required for basic website functionality, security, and core features. Cannot be disabled.

Performance Cookies

Help us understand how visitors interact with our website through anonymous analytics data.

Functionality Cookies

Remember your preferences and settings for a better browsing experience.

Marketing Cookies

Used to deliver relevant advertisements and track campaign performance (if applicable).

Third-Party Services

We may use third-party services that also collect information:

Google Analytics

Used to analyze website traffic and usage patterns. You can opt out using browser add-ons.

Google Maps

Embedded location maps. Google's privacy policy applies to their data collection.

Social Media Links

Social media platforms may set cookies when you interact with our social media content.

Managing Your Cookie Preferences

You can control cookie settings through:

Browser Settings

Most browsers allow you to block or delete cookies

Device Settings

Control permissions on your mobile devices

Opt-Out Tools

Industry opt-out mechanisms for advertising cookies

Note: Disabling certain cookies may affect website functionality.

Third-Party Disclosure & Business Associates

We may share your information with trusted third parties and business associates who help us operate our practice, subject to strict confidentiality requirements.

What We Do NOT Do

  • We do NOT sell your personal information or PHI to third parties
  • We do NOT rent or lease patient lists to marketing companies
  • We do NOT use or disclose sensitive information (race, religion, political views) without your explicit consent
  • We do NOT share information for marketing purposes without authorization

Business Associates

We may share PHI with business associates who perform services on our behalf, including:

Laboratory Services

External labs for diagnostic testing

Imaging Centers

Radiology and imaging facilities

Pharmacies

Prescription fulfillment services

Insurance & Billing

Claims processing and billing services

IT Service Providers

Electronic health record and IT support

Specialist Referrals

Other healthcare providers in your care

All business associates are required to sign Business Associate Agreements (BAAs) and maintain the same level of privacy and security protections as required under HIPAA.

Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child under 18, please contact us immediately.

Changes to This Policy

We reserve the right to update or modify this Privacy Policy at any time. We will notify you of material changes by:

  • Posting the revised policy on our website with an updated "Last Revised" date
  • Providing prominent notice through our patient portal or at your next visit
  • Sending notifications via email for significant changes

Last Revised: [Insert Date]
Effective Date: [Insert Date]

Version History

Version Date Description
1.0 [Insert Date] Initial Privacy Policy

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Privacy Officer

Primary Contact for Privacy Matters

Orovia Medical

[email protected]

(973) 868-9269

Office Hours

For Privacy-Related Inquiries

Monday - Friday 8:00 AM - 6:00 PM
Saturday 9:00 AM - 1:00 PM
Sunday Closed

Additional Resources

Department of Health & Human Services

File a complaint if you believe your privacy rights have been violated

www.hhs.gov/hipaa

OCR Privacy Briefs

Official HIPAA guidance documents and summaries

HIPAA Privacy Guidance
FAQ

Frequently Asked Questions

Have Questions About Your Privacy?

Our team is here to help. Contact our Privacy Officer for any questions, concerns, or to exercise your patient rights.

Contact Us Find a Location

Your privacy is protected. All inquiries are handled with strict confidentiality.