(thehealthcaremisfit.com/)

At Grayson Starbuck DPT, PLLC dba The Healthcare Misfit, we respect your privacy and are committed to protecting any personal information that you provide us through our website. This Privacy Policy explains how we collect, use, and share your personal information, and how we comply with the General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA).

Consent under GDPR: By using our website, you consent to the terms of this Privacy Policy and agree to the processing of your personal information in accordance with this policy. You have the right to withdraw your consent at any time by contacting us.

Personal information we collect: We collect personal information that you provide us when you fill out a form or sign up for our newsletter. This may include your name, email address, phone number, and other contact information. We will only collect and process your personal information for the purposes described in this Privacy Policy.

Non-personal information we collect: We may also collect non-personal information, such as your IP address, browser type, and the pages you visit on our website. This information is used to analyze and improve our website’s performance.

How we use your information: We may use your personal information to respond to your inquiries, send you newsletters or marketing emails, and provide you with information about our services. We may also use your information to improve our website and our services.

We will not sell, rent, or share your personal information with any third parties, except as required by law or as necessary to provide our services to you. We will obtain your explicit consent before sharing your personal information with any third parties.

How we protect your information: We take reasonable steps to protect your personal information from unauthorized access, disclosure, or destruction. We use industry-standard security measures to safeguard your personal information, and we review our security practices on a regular basis. However, no method of transmission over the internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee the absolute security of your personal information.

Cookies: We use cookies to enhance your experience on our website. Cookies are small data files that are stored on your device when you visit our website. They allow us to remember your preferences and provide you with a personalized experience.

You can choose to disable cookies through your browser settings, but this may affect your ability to use certain features of our website.

Third-party links: Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these websites. We encourage you to review the privacy policies of these websites before providing any personal information.

Children’s privacy: Our website is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately.

Changes to this Privacy Policy: We reserve the right to modify this Privacy Policy at any time. If we make any material changes to this policy, we will notify you by posting the updated policy on our website.

CPRA privacy message: Under the CPRA, California residents have the right to request that we disclose the categories of personal information that we have collected about them, and the specific pieces of personal information that we have collected about them. California residents also have the right to request that we delete their personal information. To exercise these rights, please contact us at contact@thehealthcaremisfit.com.

Contact us: If you have any questions about this Privacy Policy, please contact us at contact@thehealthcaremisfit.com.

Google Analytics and HIPAA Compliance

We are committed to safeguarding the privacy and security of personal information. When utilizing Google Analytics, we take special care to ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA). Although Google Analytics is not inherently HIPAA-compliant, we have made careful configurations to our setup to prevent any potential violations of HIPAA regulations.

*Our Best Practices Include*:

1. *Avoiding PII and PHI in URLs*: URLs are structured so that no Personally Identifiable Information (PII) or Protected Health Information (PHI) appears.

2. *Data Sharing Restrictions*: We have turned off all data-sharing options within Google Analytics.

3. *IP Anonymization*: IP addresses are anonymized to prevent storing the complete IP address of our users.

4. *No Usage of UserID Feature*: We avoid using the UserID feature to prevent any link to specific individuals.

5. *Exclusion of Sensitive Data*: Filters are in place to prevent the transmission of potential PII or PHI data to Google Analytics.

6. *Data Retention Control*: Data retention settings are adjusted to prevent indefinite storage of user and event data.

7. *Careful Use of Custom Dimensions*: We ensure no sensitive data is captured within custom dimensions or metrics.

8. *Safe Event and Goal Tracking*: Our tracking methods are configured to prevent the capture of any PII or PHI. 

9. *Disabling User Explorer Reports*: Detailed individual user journey reports, known as User Explorer reports, are disabled.

10. *Search Query Protection*: We ensure that no PII or PHI can be entered into site search queries or captured by Google Analytics.

11. *Acceptance of Data Processing Amendment*: We have reviewed and accepted Google Analytics’ Data Processing Amendment for added contractual protection.

12. *Routine Audits*: Our team conducts regular checks on our Google Analytics setup to ensure the safety of the data.

13. *Staff Training*: All team members involved with Google Analytics are trained on the importance of data security and HIPAA compliance.

We highly advise all users to consult our privacy policy in detail and encourage anyone with concerns or questions to contact us. It’s also worth noting that circumstances and technologies change; thus, it’s always a good practice to review policies regularly. Please note that it’s essential to consult with a legal expert familiar with HIPAA when setting up or reviewing any analytics or data collection practices.

Effective Date: [9/23/2023]