Privacy Policy

Last updated: March 2024

Introduction

Theoria Medical PLLC, and its affiliates (hereafter, “Theoria”) are committed to providing you with quality healthcare and fostering a relationship. This privacy policy (“Policy”) describes how we collect, use, and disclose information that you submit to us or that we collect through any Theoria website, digital platform, and application (collectively, “the Sites”).

By accessing the Sites, you agree to the terms of this Policy, including the collection, use, and disclosure of your information, as described in this Policy.

Links to External Web Sites

Theoria's Sites have links to external Internet pages, including social media platforms and websites that might have information on health topics of interest to you. Theoria, however, does not make any guarantee, warranty or representation regarding the accuracy of the information contained on the websites. In addition, Theoria has no control over the privacy or security practices of external websites. You should read and understand the policies of all websites with respect to these practices. These links are provided for your general information and education only, and should NOT be relied upon for personal diagnosis or treatment. If you have questions, please contact your clinician.

Information We Collect

Information You Provide Us Directly
Theoria may collect certain information from you, such as your name, address, phone number, email address, or other demographic information when you request additional information, search and apply for a job with Theoria, fill out a contact form, submit feedback to Theoria, attend a Theoria event, or otherwise engage with us. We may retain any messages you send us through the Sites pursuant to our retention policies. We use this information to operate, maintain, and provide you a superior website user experience as well as provide you information about Theoria.

If you apply for employment at Theoria, you may choose to provide information about yourself as well as information regarding your education, employment history, demographic/equal employment opportunity data, educational history, degrees, certifications, credentials, references, locations, and other information included in your resume and in the application for employment that you submit.

Information We May Receive From Third Parties
We also may collect information regarding how you interact with the Sites and other websites, such as Theoria pages and content on social media platforms. For example, if you “like” a photo on one of our social media sites, we may collect information related to that interaction. In some cases, we may receive information about you from third parties. Theoria may receive information about you that you directly provided to a third party. For instance, Theoria may use a third party to manage event registrations. The third party would provide Theoria registrants’ data to facilitate the event.

Analytics Information
Theoria uses website analytics to provide you the best possible experience with our web platforms, Sites and offerings. For example, when we send you emails, we may use technologies to determine whether the email has been opened and whether the links contained in it have been clicked on. We may combine this data with other information collected to measure your interest in Theoria, improve our offerings to audiences, or our marketing campaigns, as well as tailor our interactions with you.

Some of the Sites may use website analytics vendors to better understand usage of the Sites or for offerings to audiences or general marketing campaigns. These tools collect information sent by your browser or mobile device, including the pages you visit and other information that assists us in improving the Sites and offerings.

Cookies
Theoria may place Internet "cookies" on the computer or other devices used by visitors to the Sites. Cookies are small text files that contain small amounts of information and are downloaded to your device. Cookies help us and/or the third parties who provide such cookies obtain information about your use of the Sites and assist us in our offerings. Theoria uses two types of cookies: "session" cookies and "persistent" cookies.

A session cookie is temporary and expires after you end a session and close a Web browser. We may use session cookies to help customize visitors' experiences on the Sites, maintain a signed-on status while exploring the Sites, and track which Web pages visitors view on the Sites.

On the other hand, persistent cookies remain on your hard drive. For instance, we use a persistent cookie when we ask you to agree to the use of an educational resource so that when you return to that resource later, you do not need to go through the agreement page again.

We use cookies to help us tailor the Sites to our users and in our offerings or for marketing. Some features of the Sites may not work as intended if you decline to allow cookies or deactivate cookies. For instructions on how to remove existing cookies from your hard drive and/or block cookies from all websites, go to your browser's web settings for detailed instructions

In addition, further information regarding cookies may be available from your Internet service provider, operating system, or browser provider. Please review how to delete and remove existing cookies and block future cookies from your device, as well as making your opt-in or opt-out election with regard to future use of certain cookies by Theoria.

Log File Information
Log file information is sent automatically to Theoria by your browser each time you visit the Sites. This is not dependent on the presence or use of cookies and is unaffected by your opt-in or opt-out election concerning cookies. These logs may contain information such as the Internet domain from which you access the Sites; the date and time you visited the Sites; the areas of the Sites that you viewed; your computer's IP address that is automatically assigned when you log onto the Internet; the type of browser and operating system you use; and the address of the Web site you came from, if any.

Theoria uses log file information to help us design the Sites; identify popular features; resolve user, hardware and software problems; and make the Sites more useful to patients and other visitors.

Web Beacon
 A web beacon is a small image file on a web page that may be used to collect certain information from your device. This information may include IP address, time of access, browser, and identification of cookies. Theoria, or its vendors, may utilize web beacons to track visitor statistics and manage cookies.

In some of our newsletters or other email communications, we may track recipient actions with the email. This may include opening the email or clicking a link included in the email. This is used to monitor user engagement with our communications.

Location Data
Theoria may utilize a feature that, when you access the Sites by or through a mobile device or through your browser, accesses, collects, monitors and/or remotely stores “location data,” and may include GPS coordinates (longitude and latitude) or similar information regarding the location of your device. This data may be used to convey information about how you browse and use the Sites, as well as provide you personalized information based on that location data (such as the closest Theoria location to you). You may opt-in or opt-out of sharing location data from your computer by clicking the location icon on the top left of the Site.

SMS Terms
Theoria Medical PLLC offers you the option to engage in SMS text conversations about your job application. By participating, you also understand that message frequency may vary depending on the status of your job application, and that message and data rates may apply. Please consult your carrier for further information on applicable rates and fees. Carriers are not liable for delayed or undelivered messages. Reply STOP to cancel and HELP for help.

By opting-in to receiving SMS text messages about your job application, you acknowledge and agree that your consent data, mobile number, and personal information will be collected and stored solely for the purpose of providing you with updates and information related to your job application. No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Use and Disclosure of Information

We may use your information:

• To contact you (for example, sending you a newsletter or other informational materials, offers, announcements, or surveys);
• To manage business relationships, employment lifecycle, or other employee-data purposes;
• To communicate with you about our services, products, and Sites, including to follow up on requests or questions that you may submit;
• To send you emails or text messages regarding upcoming events, newsletters, etc. (if you do not wish to receive these communications, you may opt out using the “unsubscribe” link in the email or replying “STOP” for text message);
• To provide marketing and advertising communications;
• To maintain our philanthropic endeavors and programs;
• To track and analyze use of the Sites;
• To prevent, detect, and investigate misuse, fraud, and illegal activities;
• To enhance and maintain the Sites, services, and products;
• To complete a transaction;
• To administer surveys or contests, as applicable;
• For any lawful, legitimate business purpose; and
• As otherwise necessary to perform the services Theoria Health provides.

We may disclose your information:

• With our service providers who perform certain services or functions on our behalf (for example, we may share your information with a hosting service provider who hosts one of the Sites that you have visited, or with a benefits administrator for employment benefit purposes);
• In the event of a change in ownership or control, such as a sale or merger (in the event of a sale or merger, we would request the new entity adhere to this Policy, however, we may not have control over the new entity's privacy practices); in accordance with your consent or direction, as permitted by law;
• As required to comply with applicable laws and legal process, including law enforcement requests;
• To investigate and defend our and others’ rights and property (including intellectual property rights); and
• To protect the personal safety of us and others.

If you use the Sites from outside the United States, you consent to the transfer of your information to the United States, and the use and disclosure of your information as permitted under United States laws.

We may combine information collected through different Sites or portions of Sites. In the event we combine personal information collected through the Sites with your personal health information, we will use and disclose such combined information as described below in our HIPAA Notice of Privacy Practices, which relates to our collection, use, and disclosure of medical information.

Security Measures
Protecting your information is a top priority at Theoria. In addition to applying confidentiality policies that govern access and use of information by Theoria clinicians and staff, we have implemented physical, administrative, and technical security features and methods designed to safeguard your data in our information systems, including the use of, as appropriate, encryption, firewalls, monitoring, access controls, and other controls where appropriate. While we take reasonable steps to protect your information, we cannot guarantee the security of all systems against any potential incident. If we ever learn of a breach of your information, then we will notify you in accordance with applicable law.

Protecting Your Username and Password
It is extremely important that you keep any of your usernames and passwords for Theoria Sites completely confidential. Anyone with access to your username and password will be able to assume your online identity and view your information. It is your responsibility to prevent disclosure of your usernames and passwords and to change your usernames and passwords if you feel that their security has been compromised. Please note that no one from Theoria will ever ask you for your passwords.

Revisions to this Privacy and Security Policy
As state and federal laws change, and as we add new features to the Sites, Theoria may periodically revise this Policy. We will post changes to this policy on the Sites. Your continued use of the Sites following the posting of changes will mean you accept those changes.

Contact Information
If you have any questions regarding the information in this Policy or your privacy rights or if you are unable to opt-out of our data collection or usage through the means described above, please contact  compliance@theoriamedical.com

HIPAA NOTICE OF PRIVACY PRACTICES

This Notice of Privacy Practices is NOT an authorization. It describes how we, our Business Associates, and their subcontractors may use and disclose your Protected Health Information (PHI) to carry out treatment, payment, health care operations, and for other purposes that are permitted or required by law. It also describes your rights to access and control your Protected Health Information. “Protected Health Information” or “PHI” is information that identifies you individually, including demographic information that relates your past, present, or future physical or mental health condition and related health care services

In compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) we are required to ask that each of our patients acknowledge receipt of our Notice of Privacy Policies and Practices.

Theoria Medical’s Privacy Practices: Theoria Medical is committed to keeping your PHI private by:

• Not sharing PHI through insecure means;
• Storing all PHI in password protected databases that may not be accessed by unauthorized users;
• Following the practices and procedures defined in this Notice of Privacy Policies and Procedures;
• Training our staff on our privacy policies and practices and ensuring compliance with the same;
• Being transparent about your rights to authorize disclosure of PHI; and,
• Providing you with information regarding the uses of your PHI.

USES AND DISCLOSURES OF YOUR PROTECTED HEALTH INFORMATION

• Treatment.  We may disclose medical information about you to coordinate your healthcare. Doctors, Registered Nurses, Physicians assistants, and other medical staff working for Theoria Medical who are involved in providing you with healthcare services will have access to PHI as needed to provide you with appropriate medical care. This may include certain marking materials for Theoria products and services including coordination of care, home health services, telemedicine services, long term care services, wound care services and other health care benefits available to you as a Theoria patient. Additionally, medical partners (pharmacists, lab partners) and specialists and other healthcare partners who are responsible for treatments and services not available at Theoria Medical or at the time of service may need access to PHI in order to fulfill their roles in providing you with excellent healthcare.
• Payment. We may use and disclose information so the care you receive may be properly billed and paid for. For example, PHI may be disclosed to validate insurance eligibility, inform you of expected out-of-pocket expenses, accept payment, or to carry out Theoria Medical’s contractual obligations relating to billing and collection.
• Health Care Operations. We may need to use and disclose information for our healthcare operations for the administration and support of healthcare services, quality control and quality assurance measures that help us identify areas in which we can improve our applications, websites, web portals for both staff and patients. We will use the information you provide us to schedule appointments, provide you with reminders and otherwise administer care. Additionally, we may need to disclose certain information to contractors, business associates and other third-party companies involved in our healthcare operations. Each of these third-parties are also required to protect your PHI and abide by HIPAA.
• Health Oversight Activities. We may disclose your PHI to a health oversight agency such as Medicaid or Medicare that oversees health care systems and delivery, to assist with audits or investigations designed for ensuring compliance with such government health care.
• Victims of Abuse, Neglect, Domestic Violence. Where we have reason to believe that you are or may be a victim of abuse, neglect or domestic violence, we may disclose your PHI to the proper governmental authority, including social or protective service agencies, who are authorized by law to receive such reports.
• We may disclose your PHI to medical coroners for purposes of identifying or determining cause of death or to funeral directors for them to carry out their duties as permitted or required by law.
• Workers’ Compensation.  We may use or disclose your PHI to the extent necessary to comply with state law for workers’ compensation or other similar programs, for example, regarding a work-related injury you received.
• Educational Research. Although generally we will ask for your written authorization for any use or disclosure of your PHI for research purposes, we may use or disclose your PHI under certain circumstances without your written authorization where our innovation professionals have waived the authorization requirement.
• As Required by Law. We will release information when we are required by law to do so. Examples of such releases would be for law enforcement or national security purposes, subpoenas, or other court orders, communicable disease reporting, disaster relief, review of our activities by government agencies, to avert a serious threat to health or safety, or in other kinds of emergencies.

USES AND DISCLOSURES THAT REQUIRE YOUR WRITTEN AUTHORIZATION
Theoria Medical will not sell, disclose or use your PHI for third-party marketing purposes without your consent. Other than as described in this notice, Theoria will not utilize your PHI without your express written consent.

PROTECTED HEALTH INFORMATION AND YOUR RIGHTS
The following are statements of your rights, subject to certain limitations, with respect to your Protected Health Information:

• You have the right to inspect and copy your Protected Health Information (reasonable fees may apply): Pursuant to your written request, you have the right to inspect and copy your Protected Health Information in paper or electronic format. We have up to 30 days to provide the Protected Health Information and may charge a fee for the associated costs.
• You have a right to a summary or explanation of your Protected Health Information: You have the right to request only a summary of your Protected Health Information if you do not desire to obtain a copy of your entire record. You also have the option to request an explanation of the information when you request your entire record.
• You have the right to obtain an electronic copy of medical records: You have the right to request an electronic copy of your medical record for yourself or to be sent to another individual or organization when your Protected Health Information is maintained in an electronic format.
• You have the right to receive a notice of breach: In the event of a breach of your unsecured Protected Health Information, you have the right to be notified of such breach.
• You have the right to request Amendments: At any time if you believe the Protected Health Information we have on file for you is inaccurate or incomplete, you may request that we amend the information. Your request for an amendment must be submitted in writing and detail what information is inaccurate and why. Please note that a request for an amendment does not necessarily indicate the information will be amended.
• You have the right to request restrictions of your Protected Health Information: You have a right to restrict and/or limit the information we disclose to others, such as family members, friends, and individuals involved in your care or payment for your care. You also have the right to limit or restrict the information we use or disclose for treatment, payment, and/or health care operations. Your request must be submitted in writing and include the specific restriction requested, whom you want the restriction to apply, and why you would like to impose the restriction.
• You have a right to request to receive confidential communications: You have a right to request confidential communications from us by alternative means or at an alternative location. For example, you may designate we send mail only to an address specified by you which may or may not be your home address. You may indicate we should only call you on your work phone or specify which telephone numbers we are allowed or not allowed to leave messages on. You do not have to disclose the reason for your request; however, you must submit a request with specific instructions in writing.
• Right to Revoke Authorization. You may at any time revoke your authorization, whether it was given verbally or in writing. You will generally be required to revoke your authorization in writing by contacting our Privacy Officer/Compliance Department at compliance@theoriamedical.com. Any revocation will be granted except to the extent we may have taken action in reliance upon your authorization.

Our Duties
We are required by law to maintain the privacy of your PHI and to provide you with a copy of this Notice. We are also required to abide by the terms of this Notice. We reserve the right to amend this Notice at any time in the future and to make the new Notice provisions applicable to all your PHI – even if it was created prior to the change in the Notice. However, if we do change this Notice, we will only make changes to the extent permitted by law. You may obtain the Notice in hard copy from our Privacy Officer/Compliance Department by contacting us at compliance@theoriamedical.com.

QUESTIONS/COMPLAINTS
If you have any questions regarding the information in this form or your privacy rights or if you believe privacy rights have been violated and you would like to register a complaint please contact compliance@theoriamedical.com.

If you wish to file a complaint regarding the treatment of your PHI with the Secretary of the United States Department of Health and Human Services, please go to the website of the Office for Civil Rights (www.hhs.gov/ocr/hipaa/), call 202-619-0257 (toll free 877-696-6775), or mail to: