top of page

Privacy Policy

Comprehensive Chiropractic Care

Last Updated: Aug 1, 2025

1. Introduction

Comprehensive Chiropractic Care ("we," "us," or "our") is committed to protecting your privacy and maintaining the confidentiality of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or receive our services.

We are a covered entity under the Health Insurance Portability and Accountability Act (HIPAA) and comply with all applicable privacy regulations.

2. Information We Collect

Personal Information

We may collect the following types of personal information:

  • Contact Information: Name, address, phone number, email address

  • Demographic Information: Age, date of birth, gender

  • Emergency Contact Information: Names and phone numbers of emergency contacts

  • Insurance Information: Insurance provider, policy numbers, group numbers

Protected Health Information (PHI)

As a healthcare provider, we collect and maintain protected health information including:

  • Medical History: Previous injuries, surgeries, medications, allergies

  • Treatment Information: Diagnosis, treatment plans, progress notes

  • Billing Information: Services provided, charges, payment history

  • Appointment Information: Scheduling preferences, visit history

Website Usage Information

When you visit our website, we automatically collect:

  • Technical Information: IP address, browser type, operating system

  • Usage Data: Pages viewed, time spent on site, referring websites

  • Cookies and Tracking: Information stored by cookies and similar technologies

3. How We Collect Information

Direct Collection

  • In-Person: During consultations, examinations, and treatment

  • Online Forms: Contact forms, appointment scheduling, patient intake forms

  • Phone Communications: When you call our office

  • Email Communications: When you email us directly

Automatic Collection

  • Website Analytics: Through Google Analytics and similar services

  • Cookies: To improve website functionality and user experience

  • Server Logs: Automatic recording of website visits and interactions

4. How We Use Your Information

Healthcare Purposes

We use your information for:

  • Treatment: Providing chiropractic care and related services

  • Payment: Processing insurance claims and collecting payment

  • Healthcare Operations: Quality improvement, staff training, business operations

  • Appointment Management: Scheduling, reminders, and follow-up communications

Website and Communication Purposes

  • Website Functionality: Improving user experience and site performance

  • Communication: Responding to inquiries and providing requested information

  • Marketing: Sending newsletters and promotional materials (with consent)

  • Legal Compliance: Meeting regulatory and legal requirements

Research and Analytics

  • Website Analytics: Understanding how visitors use our website

  • Treatment Outcomes: Analyzing treatment effectiveness (with de-identified data)

  • Service Improvement: Enhancing our services and patient experience

5. Legal Basis for Processing (HIPAA and Healthcare)

HIPAA Permitted Uses

Under HIPAA, we may use and disclose your PHI without authorization for:

  • Treatment Activities: Coordinating care with other healthcare providers

  • Payment Activities: Insurance billing and claims processing

  • Healthcare Operations: Quality assurance and business operations

Required Disclosures

We are required to disclose PHI:

  • To You: Upon your request for access to your own records

  • To HHS: When required for compliance investigations

  • As Required by Law: When mandated by federal, state, or local law

Authorized Disclosures

We may disclose PHI with your written authorization for:

  • Family Members: When specifically authorized by you

  • Other Healthcare Providers: For treatment coordination

  • Insurance Companies: For coverage determination and claims processing

6. Information Sharing and Disclosure

Healthcare-Related Sharing

  • Other Healthcare Providers: For coordinated care and referrals

  • Insurance Companies: For claims processing and coverage verification

  • Business Associates: HIPAA-compliant vendors who assist with healthcare operations

  • Emergency Situations: When necessary to prevent serious harm

Legal and Regulatory Sharing

  • Legal Requirements: When required by federal, state, or local law

  • Court Orders: When compelled by valid legal process

  • Public Health: For reportable diseases or public health emergencies

  • Workers' Compensation: When treatment is related to workplace injury

Third-Party Service Providers

  • Website Hosting: Secure hosting providers for our website

  • Email Services: HIPAA-compliant email and communication platforms

  • Analytics Providers: Website analytics services (with anonymized data)

  • Payment Processors: Secure payment processing services

7. Data Security and Protection

Physical Safeguards

  • Secure Facilities: Locked offices and restricted access areas

  • Equipment Controls: Secured computers and mobile devices

  • Workstation Security: Password-protected systems and automatic logoff

Technical Safeguards

  • Encryption: All PHI is encrypted in transit and at rest

  • Access Controls: Role-based access to patient information

  • Audit Logs: Monitoring and logging of system access

  • Backup Systems: Regular, secure backup of all data

Administrative Safeguards

  • HIPAA Training: Regular staff training on privacy and security

  • Policies and Procedures: Comprehensive privacy and security policies

  • Incident Response: Procedures for handling potential breaches

  • Business Associate Agreements: Contracts ensuring vendor compliance

8. Your Privacy Rights

Access Rights

  • Inspect and Copy: Request copies of your health records

  • Electronic Access: Receive records in electronic format when possible

  • Summary or Explanation: Request a summary of your health information

Amendment Rights

  • Request Changes: Ask us to correct or amend your health records

  • Denial Process: We will explain if we cannot make requested changes

  • Statement of Disagreement: Add your statement if you disagree with our decision

Restriction Rights

  • Request Restrictions: Ask us to limit how we use or share your information

  • Special Circumstances: We must agree to certain restriction requests

  • Emergency Override: Restrictions may be overridden in emergency situations

Communication Rights

  • Alternative Communications: Request we contact you in a specific way

  • Confidential Location: Request communications be sent to an alternative address

  • Appointment Reminders: Opt out of appointment reminder calls or messages

Disclosure Rights

  • Accounting of Disclosures: Request a list of when we've shared your information

  • Six-Year Period: We maintain disclosure records for six years

  • Exceptions: Some disclosures are not included in the accounting

9. Cookies and Website Tracking

Types of Cookies We Use

  • Essential Cookies: Required for website functionality

  • Analytics Cookies: Help us understand website usage

  • Preference Cookies: Remember your settings and preferences

  • Marketing Cookies: Used for relevant advertising (with consent)

Cookie Management

  • Browser Settings: You can control cookies through your browser settings

  • Opt-Out Options: You can opt out of analytics and marketing cookies

  • Third-Party Cookies: Some cookies are set by third-party services

Google Analytics

We use Google Analytics to understand website usage. Google Analytics:

  • Collects Anonymous Data: IP addresses are anonymized

  • Provides Usage Reports: Helps us improve website functionality

  • Can Be Disabled: You can opt out using Google's opt-out tool

10. Email and Electronic Communications

Email Security

  • Unencrypted Email: Regular email is not secure for PHI

  • Patient Portal: We provide secure portal for confidential communications

  • Email Consent: We obtain consent before sending PHI via email

Electronic Consent

  • Online Forms: You may provide consent electronically

  • Digital Signatures: We accept digital signatures for certain documents

  • Revocation: You can revoke electronic communication consent at any time

11. Minors and Parental Rights

Information from Minors

  • Parental Consent: Required for treatment of patients under 18

  • Parental Access: Parents generally have access to minor's health information

  • State Law Exceptions: Some situations may limit parental access per Missouri law

Teenage Privacy

  • Confidential Services: Some services may be provided confidentially per state law

  • Parental Notification: We follow Missouri requirements for parental involvement

  • Emancipated Minors: Special rules apply for legally emancipated minors

12. Data Retention

Health Records Retention

  • Active Patients: Records maintained for duration of treatment relationship

  • Inactive Patients: Records retained per Missouri state requirements

  • Minors: Records retained until patient reaches age of majority plus additional years

  • Legal Requirements: Some records must be retained for specific time periods

Website Data Retention

  • Analytics Data: Retained for 26 months or as required

  • Contact Information: Retained until you request deletion

  • Cookie Data: Varies by cookie type and purpose

13. International Data Transfers

Data Location

  • Primary Storage: All PHI is stored within the United States

  • Cloud Services: We use HIPAA-compliant cloud providers

  • International Access: Limited international access only for technical support

Safeguards

  • Encryption: All international transfers are encrypted

  • Contracts: International vendors must meet HIPAA standards

  • Limited Access: International access is logged and monitored

14. Privacy Officer and Contact Information

Designated Privacy Officer

[NAME]
Privacy Officer
Comprehensive Chiropractic Care
[ADDRESS]
Blue Springs, MO [ZIP CODE]
Phone: [PHONE NUMBER]
Email: [EMAIL ADDRESS]

How to Contact Us

For questions about this Privacy Policy or your privacy rights:

  • Phone: Call during business hours

  • Email: Send to our privacy officer

  • Mail: Write to our office address

  • In Person: Visit during office hours

15. Filing a Complaint

Internal Complaints

  • Privacy Officer: Contact our privacy officer with concerns

  • No Retaliation: We will not retaliate for filing complaints

  • Investigation: We will investigate all privacy complaints

External Complaints

You may also file complaints with:

U.S. Department of Health and Human Services
Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
Phone: 1-877-696-6775
Website: www.hhs.gov/ocr/privacy/hipaa/complaints/

16. Changes to This Privacy Policy

Updates and Modifications

  • Periodic Reviews: We review and update this policy regularly

  • Legal Changes: Updates may be required due to law changes

  • Notice of Changes: We will post updated policies on our website

  • Effective Date: Changes are effective on the posted date

Your Continued Use

Continued use of our services after policy updates constitutes acceptance of the changes.

17. Breach Notification

Security Incidents

  • Immediate Response: We respond immediately to suspected breaches

  • Investigation: All incidents are thoroughly investigated

  • Notification: We notify affected individuals as required by law

  • Mitigation: We take steps to minimize harm and prevent future incidents

Your Responsibilities

  • Report Incidents: Please report suspected privacy violations

  • Protect Information: Help protect your own health information

  • Update Contacts: Keep your contact information current

18. State-Specific Requirements

Missouri Privacy Laws

This policy complies with Missouri state privacy laws including:

  • Missouri Health Information Privacy Act

  • State medical records requirements

  • Professional licensing board regulations

 

Additional Protections

Missouri law may provide additional privacy protections beyond HIPAA requirements.

IMPORTANT LEGAL NOTICE: This privacy policy template is provided for informational purposes only and must be reviewed and customized by a qualified healthcare attorney familiar with HIPAA, Missouri state law, and healthcare regulations before implementation. Healthcare practices have specific legal requirements that may not be fully addressed in this general template.

For questions about this Privacy Policy, please contact our Privacy Officer at the information provided above.

bottom of page