Wellspring Health Clinic
Wellspring Health Clinic

Privacy Policy

Your privacy is important to us

Last Updated: March 26, 2026

1. Introduction

Wellspring Health Clinic ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website your-domain.com and use our services.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site or use our services.

2. Information We Collect

2.1 Personal Information

We may collect personal information that you voluntarily provide to us when you:

  • Schedule an appointment
  • Register for an account
  • Fill out contact forms
  • Subscribe to our newsletter
  • Participate in surveys or feedback requests

This information may include:

  • Full name
  • Email address
  • Phone number
  • Date of birth
  • Insurance information
  • Medical history (when necessary for services)
  • Payment information

2.2 Health Information

As a healthcare provider, we collect Protected Health Information (PHI) in accordance with HIPAA regulations. This includes medical records, test results, prescriptions, and treatment information necessary for providing healthcare services.

2.3 Automatically Collected Information

When you visit our website, we automatically collect certain information about your device, including:

  • IP address
  • Browser type and version
  • Operating system
  • Referring URLs
  • Pages viewed and time spent on pages
  • Device information

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Healthcare Services: To provide, maintain, and improve our medical services
  • Appointment Management: To schedule, confirm, and manage your appointments
  • Communication: To send appointment reminders, test results, and health-related information
  • Billing: To process payments and manage insurance claims
  • Legal Compliance: To comply with healthcare regulations and legal obligations
  • Website Improvement: To analyze website usage and improve user experience
  • Marketing: To send newsletters and promotional materials (with your consent)
  • Security: To protect against fraud and maintain platform security

4. Cookies and Tracking Technologies

4.1 What Are Cookies

Cookies are small text files placed on your device to store data that can be recalled by a web server. We use cookies and similar tracking technologies to track activity on our website and store certain information.

4.2 Types of Cookies We Use

  • Essential Cookies: Required for the website to function properly
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Help us understand how visitors use our website
  • Marketing Cookies: Track your browsing habits to show relevant advertisements

4.3 Managing Cookies

You can control and manage cookies through your browser settings. Please note that disabling cookies may affect the functionality of our website.

5. Third-Party Services

We may share your information with third-party service providers who perform services on our behalf, including:

  • Payment Processors: To process secure payments
  • Cloud Storage Providers: To store medical records securely
  • Email Service Providers: To send appointment reminders and communications
  • Analytics Services: Such as Google Analytics to understand website usage
  • Appointment Scheduling Software: To manage bookings and calendars
  • Insurance Verification Services: To verify coverage and process claims

All third-party service providers are required to maintain the confidentiality and security of your information and are prohibited from using your personal information for any purpose other than providing services to us.

6. Data Sharing and Disclosure

We may disclose your information in the following circumstances:

  • With Your Consent: When you explicitly authorize us to share information
  • Healthcare Operations: With other healthcare providers involved in your care
  • Legal Requirements: When required by law, court order, or legal process
  • Emergency Situations: To protect your vital interests or those of others
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Public Health: To authorized public health authorities when required

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

  • SSL/TLS encryption for data transmission
  • Encrypted storage of sensitive information
  • Regular security assessments and audits
  • Access controls and authentication requirements
  • Employee training on data protection
  • HIPAA-compliant systems and procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law.

Medical records are retained in accordance with applicable healthcare regulations and legal requirements, typically for a minimum of:

  • Adult patients: 7-10 years from the last date of service
  • Minor patients: Until age of majority plus 7-10 years
  • Specific conditions may require longer retention periods

When your information is no longer needed, we securely delete or anonymize it in accordance with our data retention and disposal policies.

9. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

9.1 GDPR Rights (European Union)

  • Right to Access: Request copies of your personal information
  • Right to Rectification: Request correction of inaccurate or incomplete information
  • Right to Erasure: Request deletion of your personal information
  • Right to Restrict Processing: Request limitation on how we use your information
  • Right to Data Portability: Receive your information in a structured format
  • Right to Object: Object to processing of your personal information
  • Right to Withdraw Consent: Withdraw consent at any time

9.2 HIPAA Rights (United States)

  • Right to access your medical records
  • Right to request amendments to your records
  • Right to an accounting of disclosures
  • Right to request restrictions on uses and disclosures
  • Right to confidential communications
  • Right to receive a copy of our Notice of Privacy Practices

9.3 Exercising Your Rights

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within the timeframe required by applicable law.

10. Children's Privacy

Our services are not directed to children under 13 years of age without parental consent. We do not knowingly collect personal information from children under 13 without verifiable parental consent. If you are a parent or guardian and believe your child has provided us with personal information without consent, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your jurisdiction.

When we transfer information internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by relevant authorities
  • Other legally compliant transfer mechanisms

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request information about data collection and sharing practices
  • Right to Delete: Request deletion of personal information we have collected
  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
  • Right to Non-Discrimination: Not be discriminated against for exercising your rights

To submit a request, contact us at the information provided below. We will verify your identity before processing your request.

13. Do Not Track Signals

Some web browsers have a "Do Not Track" feature that signals to websites you visit that you do not want your online activity tracked. Our website currently does not respond to Do Not Track signals or similar mechanisms.

14. Changes to This Privacy Policy

We reserve the right to update this privacy policy at any time. When we make changes, we will update the "Last Updated" date at the top of this page. Material changes will be communicated through:

  • Prominent notice on our website
  • Email notification to registered users
  • Other appropriate communication channels

We encourage you to review this privacy policy periodically to stay informed about how we protect your information.

15. Contact Us

If you have questions, concerns, or requests regarding this privacy policy or our privacy practices, please contact us:

Wellspring Health Clinic

Privacy Officer

123 Wellness Avenue
Suite 100
Your City, ST 12345

Phone: (555) 123-4567
Fax: (555) 123-4568
Email: [email protected]

Business Hours: Monday - Friday, 8:00 AM - 5:00 PM

We will respond to all privacy-related inquiries within 30 days of receipt.

16. HIPAA Notice of Privacy Practices

For detailed information about how we use and disclose your Protected Health Information (PHI), please review our separate Notice of Privacy Practices, which is required under the Health Insurance Portability and Accountability Act (HIPAA).

17. Consent

By using our website and services, you consent to our privacy policy and agree to its terms. For healthcare services, you will be asked to provide separate written consent for the use and disclosure of your Protected Health Information.