Privacy Policy
# Privacy Policy & HIPAA Notice of Privacy Practices
---
## Introduction
BMS Family Health ("we," "us," or "our") is committed to protecting the privacy and security of your personal and health information. This Privacy Policy and Notice of Privacy Practices describes how we collect, use, disclose, and safeguard your information in compliance with the Health Insurance Portability and Accountability Act (HIPAA), state privacy laws, and other applicable regulations.
---
## HIPAA Notice of Privacy Practices
### Your Rights Regarding Your Health Information
Under HIPAA, you have the following rights:
**Right to Access:** You have the right to inspect and obtain a copy of your health information that we maintain in your medical record.
**Right to Amend:** You may request that we amend your health information if you believe it is incorrect or incomplete.
**Right to an Accounting of Disclosures:** You may request a list of certain disclosures we have made of your health information.
**Right to Request Restrictions:** You may request restrictions on how we use or disclose your health information for treatment, payment, or healthcare operations.
**Right to Request Confidential Communications:** You may request that we communicate with you about your health information in a specific way or at a specific location.
**Right to a Paper Copy:** You have the right to receive a paper copy of this Notice upon request.
**Right to Notification of Breach:** You have the right to be notified in the event of a breach of your unsecured protected health information.
### How We May Use and Disclose Your Health Information
**For Treatment:** We may use and disclose your health information to provide, coordinate, or manage your healthcare and related services.
**For Payment:** We may use and disclose your health information to obtain payment for services we provide, including billing insurance companies and collecting payment.
**For Healthcare Operations:** We may use and disclose your health information for healthcare operations such as quality assessment, staff training, and business planning.
**As Required by Law:** We will disclose your health information when required to do so by federal, state, or local law.
**To Avert a Serious Threat:** We may use and disclose your health information when necessary to prevent a serious threat to your health and safety or the health and safety of others.
**For Public Health Activities:** We may disclose your health information for public health purposes, such as reporting diseases or adverse reactions to medications.
---
## Information We Collect
### Protected Health Information (PHI)
We collect and maintain the following types of health information:
- Personal identifiers (name, address, date of birth, Social Security number)
- Medical history and physical examination findings
- Diagnostic test results and imaging
- Treatment plans and medications
- Insurance and billing information
- Communication records with healthcare providers
### Website Information
When you visit our website, we may collect:
- Usage data (pages visited, time spent, referring sources)
- Device information (IP address, browser type, operating system)
- Cookies and similar tracking technologies
---
## How We Protect Your Information
### Security Measures
We implement administrative, physical, and technical safeguards to protect your information:
**Administrative Safeguards:**
- Staff training on HIPAA compliance
- Regular risk assessments
- Written policies and procedures
- Business Associate Agreements with third-party vendors
**Physical Safeguards:**
- Secure facilities with restricted access
- Locked filing cabinets for paper records
- Secure disposal of records
**Technical Safeguards:**
- Encryption of electronic health records
- Secure authentication and access controls
- Firewall protection and antivirus software
- Regular security updates and patches
- Secure backup systems
---
## Data Retention
We retain your health information in accordance with federal and state laws, typically:
- Medical records: Minimum of 6 years from the date of creation or last use
- Billing records: 7 years
- Minor records: Until the patient reaches the age of majority plus applicable retention period
---
## Third-Party Services
We may use third-party service providers who have access to your information to perform services on our behalf, including:
- Electronic Health Record (EHR) systems
- Medical billing services
- Cloud storage providers
- Laboratory and diagnostic services
All third parties are required to sign Business Associate Agreements (BAAs) ensuring HIPAA compliance.
---
## Cookies and Tracking Technologies
Our website uses cookies to improve user experience. You can control cookie preferences through your browser settings. We use:
- Essential cookies for website functionality
- Analytics cookies to understand website usage
- No third-party advertising cookies
---
## Children's Privacy
We do not knowingly collect information from children under 13 through our website without parental consent. Healthcare services for minors are provided in accordance with applicable state laws regarding parental consent and minor's consent rights.
---
## Your Privacy Choices
You may:
- Opt out of marketing communications
- Request restrictions on disclosures
- Access and review your medical records
- Request corrections to your information
- Obtain a copy of this Notice
---
## Changes to This Policy
We reserve the right to modify this Privacy Policy and Notice of Privacy Practices. Any changes will be effective immediately upon posting on our website. We will provide notice of material changes through our website and, when required, through direct communication.
---
## Complaints
If you believe your privacy rights have been violated, you may file a complaint with:
**BMS Family Health Privacy Officer:**
Steve Ho
592 Rockaway Avenue, Brooklyn NY 11212
718-345-5000
**U.S. Department of Health and Human Services:**
Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
Phone: 1-877-696-6775
Website: www.hhs.gov/ocr/privacy/hipaa/complaints/
**You will not be retaliated against for filing a complaint.**
---
## Contact Information
For questions about this Privacy Policy or to exercise your rights:
**BMS Family Health**
592 Rockaway Avenue, Brooklyn NY 11212
Phone: 718-345-5000
Email: sho@bmsfhc.org
Website: bmsfamilyhealth.org
**Privacy Officer:** Steve Ho, sho@bmsfhc.org
---
## State-Specific Privacy Rights
Depending on your state of residence, you may have additional privacy rights under state law. Please contact our Privacy Officer for information about rights specific to your state.
---
## Acknowledgment
By using our services and website, you acknowledge that you have read and understood this Privacy Policy and Notice of Privacy Practices.
---
*This document serves as both our Privacy Policy and HIPAA Notice of Privacy Practices. We are required by law to maintain the privacy of your health information and to provide you with this notice of our legal duties and privacy practices.*
Messaging Privacy Policy
We collect phone numbers from users. Mobile information will not be shared with third parties/affiliates for marketing/promotional purposes. Text messaging originator opt-in data and consent will not be shared with any third parties. If you wish to be removed from receiving future communications, you can opt out by texting STOP.
Messaging Terms & Conditions
You agree to receive informational messages (appointment reminders, educational materials, surveys, two-way conversations, etc.) from BMS Family Health and Wellness Centers. Message frequency varies. Message and data rates may apply. For help, text HELP or call us at (718) 345-5000. You can opt out at any time by replying STOP.