Privacy Policy

Notice of Privacy Practices

This notice describes how Village Pediatrics, our healthcare providers, and staff may use and disclose your protected health information (PHI) to carry out treatment, payment, or healthcare operations, and for other purposes that are permitted or required by law. It also describes your rights to access and control your protected health information.

HIPAA Compliance Statement

Village Pediatrics is committed to compliance with the Health Insurance Portability and Accountability Act (HIPAA) and all applicable federal and state privacy laws. We understand that your health information is personal and we are committed to protecting it.

Protected Health Information (PHI)

PHI includes any individually identifiable health information we maintain or transmit in any form (electronic, paper, or oral) that relates to:

• Your child's past, present, or future physical or mental health condition
• Healthcare services provided to your child
• Payment for healthcare services provided to your child
• Information that identifies your child or could reasonably be used to identify your child

How We Use and Disclose Your Health Information

For Treatment

We may use and disclose your health information to provide, coordinate, or manage your child's healthcare and related services. Examples include:

• Sharing information with specialists or other healthcare providers involved in your child's care
• Sending medical records to laboratories for testing
• Coordinating care with schools for children with special health needs
• Communicating with pharmacies for prescription medications

For Payment

We may use and disclose your health information to obtain payment for healthcare services. Examples include:

• Submitting claims to your insurance company
• Verifying insurance coverage and benefits
• Collecting payments for services rendered
• Reviewing claims for medical necessity

For Healthcare Operations

We may use and disclose your health information for healthcare operations. Examples include:

• Quality assessment and improvement activities
• Reviewing the competence and qualifications of healthcare professionals
• Training medical students and residents
• Conducting audits and compliance reviews
• Business planning and management

Special Circumstances for Disclosure

In certain situations, we may use or disclose your health information without your authorization:

Public Health Activities

• Reporting communicable diseases to public health authorities
• Reporting suspected child abuse or neglect as required by Florida law
• Reporting adverse reactions to medications or medical devices to the FDA
• Participating in disease surveillance and prevention programs

Legal and Safety Requirements

• Responding to court orders, subpoenas, or legal proceedings
• Assisting law enforcement in certain circumstances
• Preventing serious threats to health or safety
• Complying with workers' compensation laws

Florida-Specific Requirements

• Reporting to the Florida Department of Health as required by state law
• Complying with Florida immunization registry requirements (SHOTS)
• Reporting suspected child abuse or neglect to Florida Department of Children and Families
• Reporting communicable diseases to Florida Department of Health within 24 hours
• Complying with Florida's medical marijuana patient registry requirements when applicable
• Participating in public health emergency preparedness activities
• Following Florida Medical Practice Act requirements for record retention (minimum 4 years for adult patients, 4 years after age of majority for minors)
• Adhering to Florida's specific requirements for mental health records of minors

Your Rights Regarding Your Health Information

Right to Access

You have the right to inspect and obtain copies of your child's health information used to make decisions about your child's care. This includes medical records, billing records, and other records used in making healthcare decisions.

Right to Request Amendments

If you believe that information in your child's medical record is incorrect or incomplete, you have the right to request that we amend the information. We may deny your request if the information was not created by us, is not part of our records, or is accurate and complete.

Right to Request Restrictions

You have the right to request restrictions on how we use or disclose your health information for treatment, payment, or healthcare operations. We are not required to agree to all requested restrictions, but we will consider each request carefully.

Right to Request Confidential Communications

You have the right to request that we communicate with you about your child's health information in a particular way or at a particular location. For example, you may request that we contact you at work instead of at home.

Right to an Accounting

You have the right to receive an accounting of disclosures of your health information made by us for purposes other than treatment, payment, and healthcare operations.

Right to a Paper Copy

You have the right to obtain a paper copy of this notice at any time, even if you have agreed to receive the notice electronically.

Florida State Privacy Laws Compliance

Florida Personal Information Protection Act

Village Pediatrics complies with Florida's Personal Information Protection Act (Florida Statute 501.171), which requires:

• Secure disposal of personal information in records
• Notification of security breaches affecting Florida residents
• Implementation of reasonable security measures to protect personal information
• Proper authorization before disclosing Social Security Numbers

Florida Medical Records Laws

Under Florida Statute 456.057, we ensure:

• Medical records are maintained for at least 4 years from the last patient contact for adults
• Pediatric records are maintained for 4 years after the patient reaches age of majority or 7 years from last contact, whichever is longer
• Records of minors receiving mental health services have enhanced privacy protections
• Proper procedures for transferring or releasing medical records

Florida Department of Health Regulations

We comply with all Florida Department of Health privacy and reporting requirements:

• Mandatory reporting of communicable diseases within prescribed timeframes
• Participation in state immunization tracking systems
• Compliance with emergency preparedness and public health surveillance
• Adherence to Florida's healthcare facility licensing requirements

Privacy Rights for Minors in Florida

Parental Rights and Florida Law

In most cases, parents or legal guardians have the right to access their minor child's health information under Florida Statute 743.0645. However, Florida law recognizes certain situations where minors may have enhanced privacy rights:

• Minors who are married, divorced, or parents themselves (Florida Statute 743.046)
• Minors who are legally emancipated (Florida Statute 743.015)
• Minors seeking mental health counseling (with certain limitations under Florida Statute 394.4784)
• Minors seeking treatment for sexually transmitted diseases (Florida Statute 384.30)
• Minors seeking substance abuse treatment under certain circumstances

Adolescent Privacy and Consent

We respect the developing autonomy of adolescent patients while recognizing parental rights and responsibilities under Florida law. Our approach includes:

• Encouraging open communication between adolescents and parents when appropriate
• Providing age-appropriate privacy during portions of healthcare visits when clinically indicated
• Following Florida law regarding confidential health services for minors
• Discussing privacy expectations and limitations with both adolescents and parents
• Obtaining appropriate consent for treatment as required by Florida Statute 743.0645

Special Circumstances for Minor Privacy

Under Florida law, certain situations may affect parental access to minor records:

• Court-ordered restrictions on parental access
• Suspected abuse situations where disclosure to parents may not be in the child's best interest
• Mental health services where the provider determines disclosure would be harmful
• Situations involving mature minors and specific medical decisions

Digital Privacy and Security

Electronic Health Records

We use electronic health record systems to maintain your child's medical information. These systems are secured with:

• Encryption of data both in transit and at rest
• Multi-factor authentication for access
• Regular security audits and updates
• Staff training on privacy and security protocols

Patient Resources Security

Our patient portal provides secure access to your child's health information. Security measures include:

• Secure login credentials and password requirements
• Automatic session timeouts
• Encrypted data transmission
• Access logging and monitoring

Communication Privacy

When communicating electronically:

• We use secure messaging systems for sensitive health information
• Email communications may not be secure and are used only for non-sensitive information
• We do not send protected health information via unencrypted email unless you specifically request it
• SMS text messaging is available through our HIPAA-compliant Yosi Health platform (see SMS Text Messaging Privacy & Security section below for complete details)

SMS Text Messaging Privacy & Security

What Information We Collect

When you consent to receive SMS text messages from Village Pediatrics, we collect and maintain:

• Mobile Phone Number: The phone number you provide for text message communications
• Consent Records: Documentation of your express consent to receive SMS messages, including date, time, and method of consent
• Message Content: The content of text messages sent to you, which may include appointment details, billing information, health updates, and other patient communications
• Delivery Information: Message delivery timestamps, read receipts (when available), and delivery status
• Opt-Out Preferences: Records of any opt-out or communication preference changes you make
• Patient Identification Information: Information linking your mobile number to your patient account and medical records

How We Use SMS Information

We use your mobile phone number and related information for the following purposes only:

• Appointment Reminders: Sending notifications about upcoming appointments, appointment confirmations, and schedule changes
• Billing Communications: Payment reminders, billing statements, insurance information, and financial communications
• Health Notifications: Important health updates, lab results, prescription refill reminders, care instructions, and follow-up information
• Patient Surveys: Periodic surveys to gather feedback about your experience with our practice (sent no more than quarterly)
• Two-Factor Authentication (2FA): Security verification codes for accessing your patient portal or confirming your identity
• Practice Updates: Important announcements about office hours, location changes, or other practice-related information

Legal Basis for Processing

We process your mobile phone number and send text messages based on:

• Express Consent: Your voluntary, affirmative consent to receive text messages from Village Pediatrics
• HIPAA-Permitted Uses: Text messages containing protected health information (PHI) are sent in accordance with HIPAA regulations for treatment, payment, and healthcare operations
• Legitimate Healthcare Interests: Communications necessary for providing quality patient care and maintaining the patient-provider relationship
• Regulatory Compliance: Messages sent to comply with legal obligations such as appointment reminders and billing notifications

SMS Service Providers and Business Associate Agreements

Village Pediatrics uses the following third-party service providers for SMS messaging:

• Yosi Health: HIPAA-compliant patient engagement platform that manages our text messaging program. Yosi Health has signed a Business Associate Agreement (BAA) with Village Pediatrics.
• Bandwidth: Telecommunications carrier infrastructure provider that delivers our text messages. Bandwidth has signed a Business Associate Agreement (BAA) with Village Pediatrics.

Both service providers are required to:

• Maintain HIPAA compliance for all protected health information
• Implement appropriate security safeguards to protect your information
• Use your information only for providing SMS services to Village Pediatrics
• Not disclose your information to unauthorized parties
• Report any security incidents or breaches to Village Pediatrics immediately
• Comply with all applicable federal and state privacy laws

Security Measures for SMS Communications

We implement the following security measures to protect your SMS communications:

• End-to-End Encryption: Messages are encrypted during transmission between our systems and mobile carriers
• Secure Platform Access: Our SMS platform uses multi-factor authentication, role-based access controls, and audit logging
• Staff Training: All staff members who send text messages receive training on HIPAA privacy and security requirements
• Access Monitoring: We monitor and log all access to the SMS platform to detect unauthorized use
• Regular Security Audits: Yosi Health and Bandwidth undergo regular security audits and maintain SOC 2 certification
• Data Minimization: We send only the minimum necessary health information via text message
• Secure Storage: Message records are stored on secure, encrypted servers with restricted access

Important Security Warnings and Limitations

Alternative Communication Methods

If you have concerns about the security of text messaging, we offer alternative communication methods:

• Phone calls to our office at (904) 940-1577
• Secure patient portal messaging (most secure option)
• In-person communication during office visits
• U.S. Mail for written communications
• Secure email (for non-sensitive information only)

Your Rights Regarding SMS Communications

You have the following rights regarding our SMS messaging program:

• Right to Opt Out: You may opt out of receiving text messages at any time by replying "STOP" to any message, calling our office at (904) 940-1577, or requesting opt-out in person.
• Right to Access: You have the right to request copies of text messages sent to you as part of your medical record.
• Right to Amend: You may request corrections to any health information sent via text message if you believe it is inaccurate or incomplete.
• Right to Restrict: You may request that we not send certain types of information via text message (e.g., request billing notifications only, not health information).
• Right to Update: You have the right and responsibility to update your mobile phone number with our office if it changes.
• Right to Withdraw Consent: You may withdraw your consent to receive text messages at any time without affecting your ability to receive medical care.

Data Retention for SMS Messages

We retain SMS message records in accordance with:

• HIPAA Requirements: Text messages containing protected health information are retained as part of your medical record
• Florida Medical Records Law: Pediatric records are retained for 4 years after the patient reaches age of majority or 7 years from last contact, whichever is longer
• Billing and Payment Records: Messages related to billing are retained for 7 years in accordance with federal requirements
• Consent Records: Records of your consent to receive SMS messages are retained for the duration of the patient relationship plus 7 years

After the retention period expires, message records are securely deleted or destroyed in compliance with HIPAA disposal requirements.

Sharing SMS Information with Third Parties

Patient opt-ins and mobile phone numbers will NOT be shared with third parties for marketing purposes. We will not sell, rent, or trade your mobile phone number or consent information to any third party.

Your mobile phone number and SMS information may only be shared with:

• Yosi Health and Bandwidth as necessary to provide SMS services (under Business Associate Agreements)
• Healthcare providers involved in your child's care when necessary for treatment coordination
• Legal authorities when required by law (e.g., court orders, subpoenas)
• Public health authorities when required for mandatory reporting

Parental Consent for Minors

Special considerations apply to SMS communications for minor patients:

• Parental Consent Required: For patients under 18 years of age, a parent or legal guardian must provide consent for SMS communications
• Guardian Phone Numbers: Text messages about minor patients are sent to the parent or guardian's mobile phone number unless otherwise specified
• Adolescent Privacy: For adolescent patients, we balance the minor's privacy rights with parental involvement as required by Florida law. Parents may receive appointment reminders while age-appropriate health information is discussed privately during visits
• Updating Contact Information: Parents/guardians are responsible for notifying us if the mobile number for their child's account changes
• Multiple Guardians: We can send messages to multiple phone numbers if both parents/guardians consent and provide their mobile numbers

SMS Message Frequency and Timing

To respect your privacy and avoid disruption:

• Messages are typically sent during business hours (8:00 AM to 6:00 PM Eastern Time) unless urgent
• Appointment reminders are sent 24-48 hours before scheduled appointments
• We limit the number of messages to avoid excessive communication
• Survey requests are sent no more than quarterly
• You can request to receive messages at specific times by contacting our office

Emergency and Urgent Situations

Regulatory Compliance for SMS Program

Our SMS messaging program complies with all applicable laws and regulations:

• HIPAA (Health Insurance Portability and Accountability Act): All text messages containing protected health information comply with HIPAA Privacy Rule and Security Rule requirements
• TCPA (Telephone Consumer Protection Act): We obtain express written consent before sending text messages and honor all opt-out requests immediately
• CTIA Messaging Principles: We follow Cellular Telecommunications Industry Association best practices for business text messaging
• 10DLC (10-Digit Long Code) Registration: Our business and messaging campaigns are registered with The Campaign Registry (TCR) as required by federal regulations effective December 1, 2024
• Florida Personal Information Protection Act: We implement appropriate security measures and provide breach notification as required by Florida law
• Florida Medical Records Laws: SMS messages containing health information are maintained as part of medical records in accordance with Florida Statute 456.057

Data Breach Notification for SMS

In the event of a security breach affecting your SMS communications or mobile phone number, we will:

• Investigate the incident immediately and document all findings
• Notify affected patients within 60 days of discovery as required by HIPAA
• Provide detailed information about what information was involved, when the breach occurred, and what steps we are taking
• Offer guidance on steps you can take to protect yourself (e.g., monitoring for suspicious activity, changing passwords)
• Report to the U.S. Department of Health and Human Services as required
• Notify local media if the breach affects 500 or more Florida residents
• Work with Yosi Health and Bandwidth to remediate any vulnerabilities

Changes to SMS Privacy Practices

We reserve the right to modify our SMS privacy practices as technology and regulations evolve. If we make material changes:

• We will update this privacy policy and the effective date
• We will notify you via text message if the change significantly affects your rights or our practices
• We may request renewed consent if required by law
• The updated policy will apply to all SMS communications going forward

Contact Information for SMS Privacy Questions

Acknowledgment of SMS Privacy Risks

By opting into SMS communications with Village Pediatrics, you acknowledge that:

• You have read and understand this SMS Text Messaging Privacy & Security policy
• You understand the security limitations of SMS text messaging
• You accept the risks associated with receiving protected health information via text message
• You are responsible for securing your mobile device and protecting your messages from unauthorized access
• You will immediately notify Village Pediatrics if your mobile phone number changes or your device is lost or stolen
• You understand that text messaging is not appropriate for emergency or urgent medical situations
• You have been offered alternative communication methods and choose to use SMS messaging

Website Privacy Policy

Information We Collect

When you visit our website, we may collect:

• Information you voluntarily provide through contact forms or appointment requests
• Technical information such as IP address, browser type, and pages visited
• Cookies and similar technologies to improve website functionality

How We Use Website Information

Website information is used to:

• Respond to your inquiries and appointment requests
• Improve our website functionality and user experience
• Analyze website traffic and usage patterns
• Ensure website security and prevent fraud

Third-Party Services

Our website may use third-party services such as:

• Google Analytics for website analytics (anonymized data)
• Social media plugins and sharing features
• Online scheduling and appointment booking systems
• Customer review and feedback platforms

Data Breach Notification

In the unlikely event of a breach of your protected health information, we will:

• Investigate the incident promptly and thoroughly
• Take immediate steps to mitigate any harm
• Notify affected individuals within 60 days of discovery (as required by HIPAA)
• Report to the Department of Health and Human Services as required by law
• Notify local media if the breach affects 500 or more individuals in Florida
• Provide information about what happened, what information was involved, and steps you can take to protect yourself

Changes to This Privacy Policy

We reserve the right to change this privacy notice at any time. Any changes will be effective for all protected health information that we maintain, including information created or received before the change.

If we make material changes to this notice, we will:

• Post the new notice on our website
• Provide copies to patients at their next visit
• Make the new notice available upon request
• Update the effective date at the top of this notice