Privacy Policy & Notice of Privacy Practices (HIPAA)
Effective Date: October 1, 2025
Open Access Care is committed to protecting your privacy and safeguarding your health information. This page explains how we may use and disclose Protected Health Information (PHI) under HIPAA, your rights regarding your information, and how we handle data collected through our website, communications, and related services.
This page may be updated at any time, with or without notice. Any changes will apply to information we already maintain about you, as well as information we receive in the future.
Our commitment to your privacy
We are required by law to maintain the privacy of your health information, provide you with this notice of our legal duties and privacy practices, and notify you following a breach of unsecured PHI as required by law.
We will follow the privacy practices described in this notice and provide you a copy upon request.
Uses and disclosures of your health information
The sections below describe ways we may use and disclose your health information. Not every use or disclosure is listed, but all permitted uses and disclosures will fall within one of these categories.
For treatment
We may use and disclose your health information to provide, coordinate, or manage your healthcare and related services.
Examples include sharing information with other providers, specialists, labs, imaging centers, pharmacies, hospitals, or others involved in your care, as well as making referrals when appropriate.
For payment
We may use and disclose your health information to bill and collect payment for services provided.
Examples include sharing information with your health plan or payer, submitting claims and supporting documentation, addressing coverage questions, prior authorizations, or appeals.
For healthcare operations
We may use and disclose your health information for practice operations and to improve quality, safety, and efficiency.
Examples include quality assessment and improvement activities, staff training, auditing and compliance activities, business planning, and administrative operations.
Appointment reminders and care communications
We may contact you to remind you about appointments and to provide information about treatment alternatives or other health-related benefits and services that may be of interest to you.
This may include voicemail messages, texts, emails, phone calls, and follow-up care messages.
Individuals involved in your care
We may disclose health information to a family member, friend, or another person you identify who is involved in your care or payment for your care, unless you object.
As required by law
We may disclose your information when required to do so by federal, state, or local law.
Public health and safety
We may disclose health information for public health activities, including reporting certain diseases, adverse events, and vital events (births/deaths) as required by law. We may also disclose information to prevent or lessen a serious and imminent threat to health or safety.
Abuse, neglect, and domestic violence
We may disclose information to appropriate authorities if we reasonably believe a patient is a victim of abuse, neglect, or domestic violence, consistent with applicable law.
Health oversight activities
We may disclose information to oversight agencies for activities authorized by law, such as audits, inspections, investigations, and licensure actions.
Legal proceedings and law enforcement
We may disclose information in response to a court order, subpoena, warrant, or other lawful process, as required or permitted by law.
Coroners, medical examiners, and funeral directors
We may disclose information to a coroner or medical examiner to identify a deceased person or determine a cause of death, and to funeral directors as necessary.
Workers’ compensation
We may disclose information for workers’ compensation claims and similar programs as authorized by law.
Business associates
We may share information with third-party vendors (“business associates”) who perform services on our behalf (such as billing, IT support, communications, analytics, and hosting) and who are required to protect your information.
Marketing and sale of information
We do not sell your health information. Most uses and disclosures of PHI for marketing purposes require your written authorization, unless an exception applies under law.
Other uses and disclosures
Any other use or disclosure of your health information not described above will be made only with your written authorization, and you may revoke that authorization in writing (with limited exceptions described below).
Your rights regarding your health information
Right to revoke an authorization
If you have given written authorization to use or disclose your information, you may revoke it at any time in writing. Your revocation will not affect actions already taken based on your authorization.
We may be unable to honor revocation requests in certain situations, such as when we have already relied on your authorization before receiving the revocation, or when authorization was required as a condition of insurance coverage and the insurer has legal rights to contest claims.
To revoke an authorization, write to the Privacy Officer at the address listed in the Contact section below.
Right to request restrictions
You may request that we restrict certain uses or disclosures. We are not required to agree to all requests, but if we agree, we will comply unless needed to provide emergency treatment.
Right to request confidential communications
You may request that we communicate with you in a specific way or at a specific location (for example, only by mail or only at a specific phone number). We will accommodate reasonable requests.
Right to inspect and obtain a copy
You may request access to your health information. We will provide it in the format you request if readily producible, including electronic copies when possible. In certain circumstances, access may be denied as permitted by law, and you may have appeal rights.
Right to request an amendment
If you believe information in your record is incorrect or incomplete, you may request an amendment in writing. We may deny requests in certain cases as allowed by law, but we will provide a written explanation.
Right to an accounting of disclosures
You may request an accounting of certain disclosures of your health information made in the past six years, excluding disclosures for treatment, payment, and operations and certain other exceptions. Fees may apply as permitted by law.
Right to receive a paper copy
You may request a paper copy of this notice at any time, even if you have agreed to receive it electronically.
Re-disclosure notice
Information that we disclose may be subject to re-disclosure by the recipient and may no longer be protected by federal privacy rules, depending on the circumstances and applicable law.
Website and digital privacy
This section explains how we collect and use information through our website and digital services.
Information we collect
Depending on how you use our website, we may collect:
Information you provide voluntarily:
- Name, email address, phone number
- Messages submitted through contact forms
- Appointment request details
- Any information you choose to include in a form or message
Information collected automatically:
- Device type, browser type, operating system
- IP address and approximate location (such as city/state)
- Pages viewed, links clicked, and time spent on pages
- Referring and exit pages, date, and time of visit
Cookies and similar technologies:
We may use cookies, pixels, and similar tools to improve site performance and user experience. You can control cookies through your browser settings. Some site features may not function properly if cookies are disabled.
How we use information
We may use information to:
- Respond to questions and requests
- Facilitate appointment scheduling and communications
- Improve website performance and user experience
- Maintain security and prevent fraud or abuse
- Support internal operations, analytics, and quality improvement
- Comply with legal obligations
Sharing of information
We do not sell or rent your personal information. We may share information:
- With service providers that support our operations (such as hosting, IT, communications, and analytics), under appropriate safeguards
- If required by law or legal process
- To protect rights, safety, and security of patients, visitors, and our organization
Links to other websites
Our website may link to third-party websites. We are not responsible for the privacy practices of third parties. Review their privacy policies before providing information.
Children’s privacy
Our website is not directed to children under 13, and we do not knowingly collect information from children under 13. If you believe a child provided information to us, contact us so we can address it.
Phone calls, SMS, and email communications
Phone call recordings
Phone calls with Open Access Care may be recorded for training, quality assurance, and operational purposes where permitted by law. We take reasonable steps to secure recordings and limit access to authorized personnel.
SMS text messaging
If you provide your phone number, we may send texts related to appointment reminders and confirmations, care coordination messages, and operational updates you request.
Phone numbers collected for SMS consent will not be sold or shared with third parties or affiliates for marketing purposes.
Message and data rates may apply. You can opt out by replying STOP (or using another opt-out method we provide).
Email communications
Email is not always a fully secure method of communication. By emailing us or requesting email communications, you acknowledge and accept this risk. For sensitive matters, we recommend calling our office.
Electronic health records
Open Access Care uses electronic systems to create, store, and manage health information and related records. These systems may include electronic health records, scheduling, billing, secure communications, and other technology services that support patient care and operations.
We limit access to authorized workforce members and vendors who need access to perform their duties, and we take reasonable steps to safeguard information stored in these systems. When third-party vendors support these systems, they may be required to protect information consistent with applicable laws and, when appropriate, HIPAA requirements.
Security and retention
We use reasonable administrative, technical, and physical safeguards designed to protect your information from loss, misuse, unauthorized access, disclosure, alteration, or destruction.
No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
We retain information only as long as necessary for legitimate business purposes and as required by law, including medical record retention requirements. Retention periods may depend on the type of information, legal and regulatory requirements, limitation periods for claims, and operational and clinical needs.
Questions, complaints, and contact information
If you have questions about this notice, want to exercise your rights, or believe your privacy rights have been violated, contact us:
Open Access Care – Privacy Officer
Mailing Address: P.O. Box 573041, Tarzana, CA 91357
Phone: 818-855-9850
Email: helpdesk@openaccesscare.com
Website: https://openaccesscare.com
Changes to this notice
We may update this notice at any time, with or without notice. Updates will be posted on this page and will apply to information we already have about you and any information we receive in the future.