This policy is designed to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, New York State public health laws, and applicable federal and state privacy regulations.
1. Information We Collect
1.1 Personal Information
When you interact with our website or office, we may collect the following types of personal information:
- Full name, date of birth, and gender
- Contact information including address, telephone number, and email address
- Health insurance information and insurance ID numbers
- Social Security Number (for billing and insurance purposes)
- Emergency contact information
1.2 Protected Health Information (PHI)
As a healthcare provider, we collect and maintain Protected Health Information (PHI) as defined by HIPAA. This may include:
- Medical history, diagnoses, and treatment records
- Prescription and medication information
- Laboratory and diagnostic test results
- Workers' Compensation and No-Fault accident documentation
- Information related to Testosterone Replacement Therapy (TRT) or weight loss programs
- Billing and payment records related to healthcare services
1.3 Website Usage Information
When you visit our website, we may automatically collect:
- IP address and browser type
- Pages visited and time spent on the site
- Referring website addresses
- Device type and operating system
2. How We Use Your Information
We use the information we collect for the following purposes:
2.1 Treatment
We use your health information to provide, coordinate, and manage your medical care, including consultations, diagnoses, treatment planning, and follow-up. Your information may be shared among our providers — including Dr. Gary Dicanio, D.O., Roberto Rodriguez, DNP, and Osvaldo Moreira-Gonzalez, PA-C — to deliver coordinated care.
2.2 Payment
We may use and disclose your PHI to obtain payment for healthcare services rendered. This includes submitting claims to insurance companies, Medicare, Medicaid, Workers' Compensation carriers, and No-Fault insurance providers.
2.3 Healthcare Operations
We may use your information for internal business operations, including quality assessment, staff training, compliance reviews, and administrative functions necessary to operate our practice.
2.4 Communications and Appointment Reminders
We may contact you via phone, email, or mail to remind you of upcoming appointments, inform you of test results, or communicate other care-related information. You may request that we use alternative contact methods.
2.5 Website Functionality
We use website usage data to maintain and improve our site, understand how visitors use our services, and enhance the patient experience.
3. Disclosure of Your Information
We do not sell your personal or health information. We may share your information only in the following circumstances:
3.1 As Permitted or Required by HIPAA
- To other treating healthcare providers involved in your care
- To insurance companies and payers for claims processing
- To business associates who perform services on our behalf (subject to HIPAA-compliant Business Associate Agreements)
- As required by law, including for public health reporting or legal proceedings
- To prevent serious threats to health or safety
- For Workers' Compensation and No-Fault claims as authorized or required
3.2 With Your Written Authorization
For any uses or disclosures not described in this policy, we will obtain your written authorization before sharing your information. You may revoke any such authorization in writing at any time, except where we have already acted in reliance upon it.
3.3 Third-Party Service Providers
We may share limited, non-health information (such as contact data) with third-party technology vendors who assist with website hosting, appointment booking platforms, or electronic health records management. These vendors are contractually obligated to protect your data and use it only as directed.
4. Your HIPAA Rights
As our patient, you have the following rights regarding your Protected Health Information:
You may request a copy of your medical records and other health information we maintain.
You may request corrections to your health information if you believe it is inaccurate or incomplete.
You may request a list of certain disclosures we have made of your PHI.
You may ask us to limit how we use or share your information, though we are not always required to agree.
You may request that we communicate with you through specific means or at specific locations.
You may request a printed copy of this Privacy Policy and our HIPAA Notice of Privacy Practices at any time.
To exercise any of the above rights, please contact us in writing at the address below or email info@health1med.com.
5. Data Security
Health 1 Medical PC employs reasonable administrative, physical, and technical safeguards to protect your personal and health information from unauthorized access, use, alteration, or disclosure. These measures include:
- Encrypted storage of electronic health records
- Restricted access to PHI on a need-to-know basis
- Secure disposal of paper records containing personal information
- Regular staff training on HIPAA compliance and privacy practices
While we take reasonable precautions, no data transmission over the internet or electronic storage system is 100% secure. If you have concerns about the security of your information, please contact our office directly.
6. Cookies and Website Tracking
Our website may use cookies and similar tracking technologies to improve functionality and user experience. Cookies are small text files stored on your device. You may configure your browser to refuse cookies, though this may limit certain website features. We do not use cookies to collect PHI.
7. Children's Privacy
Health 1 Medical PC provides medical services to adults ages 18 and older. Our website is not directed at individuals under the age of 18, and we do not knowingly collect personal information from minors through our website.
8. Links to Third-Party Websites
Our website may contain links to third-party sites (such as our appointment booking platform or Google Maps). We are not responsible for the privacy practices of those websites. We encourage you to review the privacy policies of any third-party sites you visit.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. We will post any revised policy on our website with an updated effective date. Your continued use of our website or services after any changes constitutes your acceptance of the revised policy. For material changes affecting your PHI, we will provide additional notice as required by HIPAA.
10. Notice of Privacy Practices
As a covered entity under HIPAA, Health 1 Medical PC maintains a separate Notice of Privacy Practices (NPP) that describes in detail how we may use and disclose your PHI and your rights regarding that information. You will be provided a copy of our NPP upon your first visit. A copy is also available upon request at our office.
11. Contact Us
If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, or to exercise your rights, please contact us: