Your privacy is important to us. This policy explains how Dr. Hardik Doshi and Doshi Plastic Surgery (we, us, our) collect, use, disclose, safeguard, and retain personal and health information in connection with our website www.doshiplasticsurgery.com and our practice operations. This policy is supplemental to, and does not replace, our HIPAA Notice of Privacy Practices.
Collection and Use of Information
We collect personal information only when necessary to provide services, schedule consultations, respond to inquiries, or otherwise support patient care and practice operations. We collect information by lawful and transparent means and will inform you of the purposes for which information is collected and used.
Data Retention and Security
We retain personal and protected health information only as long as reasonably necessary to fulfill treatment, payment, and health care operations, and as otherwise required by law. We maintain administrative, physical, and technical safeguards that are commercially reasonable to protect information against loss, theft, unauthorized access, disclosure, copying, use, or modification.
HIPAA Compliance and Business Associate Agreements
We are committed to complying with HIPAA. We maintain Business Associate Agreements with vendors and contractors who create, receive, maintain, or transmit protected health information on our behalf. Staff who are members of our workforce are subject to confidentiality obligations and practice policies that require the appropriate protection and limited use of PHI.
Patient Initiated and Nonsecure Communications
For your convenience our website includes a contact form and we may communicate with you by email, text message, and telephone. These channels are not encrypted or HIPAA secure unless otherwise explicitly stated. By initiating communications through the website contact form or by providing your telephone number or email address to our team you acknowledge that these methods are not fully secure and you consent to receiving communications by these methods. You accept the risk that information transmitted by these channels may be intercepted or accessed by third parties. To the fullest extent permitted by law you release and hold harmless Dr. Hardik Doshi, Doshi Plastic Surgery, and our staff from liability for unauthorized disclosure of information that results from your voluntary use of nonsecure communication channels.
Internal Use and Staff Access
Information you provide will be used internally by staff members on a need-to-know basis to provide care, schedule visits, coordinate services, bill and collect for services, and manage practice operations. Staff members are authorized to access PHI only as required to perform their assigned duties. Staff are required to follow confidentiality policies and training. If an employee improperly accesses or discloses PHI outside of permitted duties, the practice will investigate and may take disciplinary or legal action as appropriate.
Limitations on Revocation of Consent
If you accept this privacy policy and elect to communicate with us through nonsecure channels, that consent applies to communications and disclosures already made and to those reasonably necessary to provide your requested services. Because information once shared may be further disclosed through channels beyond our control and may be retained by third parties, any consent or acknowledgment you provide cannot be retroactively revoked to require the recall or deletion of information already disseminated. To the extent applicable law permits, acceptance of this policy is irrevocable for information already shared or disseminated.
Minimum Necessary and Authorized Disclosures
We will make reasonable efforts to apply the minimum necessary standard when using, disclosing, or requesting PHI. Disclosures to third parties outside the practice will occur only when required by law, when necessary to provide the services you request, or with your explicit authorization. Where feasible we will obtain a signed authorization prior to disclosures for purposes other than treatment, payment, or health care operations.
Third Party Websites and Services
Our website may link to external sites or use third-party services over which we have no control. We are not responsible for the content, privacy practices, or security of external sites or vendors. Links to third-party resources do not imply endorsement and personal information you disclose on outside sites is not subject to this policy.
Audit Logging and Documentation
We maintain records and logs of access to PHI and of security events relevant to PHI consistent with applicable law and our policies. Audit logs, access records, and documentation of disclosures will be retained in accordance with our records retention policies and applicable law and will be available for review as required.
Incident Response and Breach Notification
If we become aware of an unauthorized disclosure or security incident involving PHI we will promptly investigate, take steps to mitigate harm, and notify affected individuals and regulators as required by applicable law. Business associates are required by contract to report suspected incidents to us without undue delay.
Patient Rights
Subject to applicable law you may request access to, amendment of, or restrictions on use of your PHI. You may opt out of receiving certain nonurgent communications by nonsecure channels. To exercise your rights, contact our privacy officer at the contact information provided on our site. We will process requests as required by law.
Staff Protections and Practice Policies
Staff who act pursuant to practice policies and within the scope of their employment and training will not be subject to adverse claims against the practice for authorized disclosures necessary for patient care and operations. Staff are nonetheless personally accountable for violations of policy. The practice reserves the right to discipline or terminate staff who violate confidentiality or who misuse information.
Limitations and Legal Remedies
This policy is intended to provide transparency and to document patient acknowledgments and consents when using nonsecure communications. This policy does not waive or alter any statutory rights provided by federal or state law. Nothing in this policy is intended to eliminate legal remedies available to individuals and the practice as provided by law. Where permitted by law you agree to pursue remedies in accordance with applicable dispute resolution provisions and notice requirements.
Arbitration Agreement
Any dispute, claim, or controversy arising out of or relating to your use of our website, your communications with our practice, or the services provided by Dr. Hardik Doshi and Doshi Plastic Surgery shall be resolved exclusively through binding arbitration administered by American Arbitration Association (AAA) under its applicable Healthcare or Commercial Arbitration Rules and Procedures. The seat of arbitration shall be New York, New York, and the arbitration will be conducted by a single arbitrator. By using our website or services, you waive the right to a trial by jury, waive the right to participate in a class action, and agree that the arbitrator’s decision is final and binding and may be entered as a judgment in any court of competent jurisdiction. Each party shall bear its own legal fees and costs unless the arbitrator determines otherwise.
Acceptance of Policy
By using our website, contacting us through the website contact form, providing your telephone number or email address, or otherwise engaging our services, you acknowledge that you have read this policy, you accept its terms, and you consent to communications and disclosures as described herein.
