Advanced Hearing & Balance Specialists Privacy Policy

Effective Date: October 1st, 2025

1. Introduction & Scope

At Advanced Hearing Docs (or “we,” “our,” “us”), we are committed to protecting the privacy and security of your health information and personal data. This Privacy Policy / Notice of Privacy Practices describes how we collect, use, disclose, and protect your information, particularly Protected Health Information (PHI) governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and applicable state laws. It also describes your rights regarding your information.

This policy is designed to align with HIPAA’s Privacy Rule, Security Rule, and Breach Notification Rule. 

By using our website, services, or by becoming a patient, you accept the practices described in this policy (unless otherwise indicated).

2. Definitions & Key Terms

• Protected Health Information (PHI): Any health information, including demographic data, that identifies you or could reasonably identify you and relates to your past, present or future physical or mental health condition, provision of health care to you, or payment for health care.
• Personally Identifiable Information (PII): Information such as your name, address, email, phone number, etc., especially when not in the context of health services.
• Business Associate: A person or entity that performs certain functions or activities on behalf of or for the benefit of our practice involving PHI (e.g. billing companies, IT service providers).
• Health Care Operations: Activities necessary to run our practice, such as quality assessment, training, audits, internal management, licensing, compliance reviews, and related administrative tasks.

3. Information We Collect & How

3.1 Information You Provide Voluntarily

We may obtain information from you when you:

• Request information or services (e.g. consultations, appointments)
• Fill out forms (online or paper)
• Communicate with us via email, phone, or web contact forms
• Sign up for newsletters, promotional offers, or educational materials
• Submit employment or career applications

This information may include name, contact details, insurance information, health history, hearing health information, and other relevant details.

3.2 Automatically Collected / Technical Data

When you visit our website:

• We may collect non-identifiable technical information such as device type, browser, IP address, pages visited, time stamps, referral URLs, etc.
• We use cookies, web beacons, and similar technologies to improve site performance, user experience, and analytics.

We ensure that no PHI or identifying health details are transmitted via analytics platforms in violation of HIPAA. 

3.3 From Third Parties

We may receive information about you from:

• Insurance companies or other payors
• Referring providers
• Business associates or partners
• Public or commercial databases (only when lawfully permitted)

4. Uses & Disclosures of PHI (HIPAA Permitted Uses)

Under HIPAA, we may use or disclose your PHI for the following purposes (without needing your written authorization, except where noted):

4.1 Treatment

We may share PHI as needed to deliver, coordinate, or manage hearing health care and related services (e.g. with specialists, labs, or other providers).

4.2 Payment

We may use/disclose PHI so that services you receive may be billed to you, insurance companies, or other third parties (e.g. verifying benefits, claims processing).

4.3 Health Care Operations

We may use/disclose PHI for internal operations that ensure quality care, manage practice efficiency, conduct audits, training, compliance reviews, and performance evaluations.

4.4 Communications & Marketing

• We may communicate with you regarding treatment alternatives, new services, or hearing health products if permitted by law.
• If such communication is considered marketing (particularly when we receive remuneration in exchange), we will request a separate written authorization from you before disclosure of your PHI
• You have the right to opt out of receiving promotional or fundraising communications.

4.5 Disclosures to Family or Others Involved in Your Care

Unless you object, we may share PHI with your spouse, family member, or another person you identify, if the PHI relates directly to their involvement in your care or payment for care.

4.6 Other Permitted Disclosures

We may disclose PHI without your consent in limited circumstances as required or allowed by law, including:

• Public health purposes (reporting disease, injuries, etc.)
• Health oversight and regulatory activities
• Judicial and administrative proceedings (e.g. court orders, subpoenas)
• To law enforcement authorities under specific conditions
• Coroners, funeral directors, organ donation purposes
• To avert a serious threat to health or safety
• Military, national security, or intelligence purposes
• Workers’ compensation matters
• Required by law (e.g. mandatory disclosures)
• Business associates who need PHI in order to perform services on our behalf (with safeguards and a written agreement)

5. Uses & Disclosures Requiring Your Authorization

We will not use or disclose your PHI for the following purposes without your explicit written authorization:

• Marketing communications where we or a business associate receive payment
• Sale of PHI
• Use or disclosure of psychotherapy notes (if applicable)
• Any other use or disclosure not otherwise specified in this policy

You may revoke any authorization at any time in writing, except to the extent we have already acted in reliance on it.

6. Your Rights Regarding PHI

You have the following rights, subject to certain limitations:

1. Right to Inspect and Copy — You may request access to inspect or obtain a copy of your PHI in our records. We may charge a reasonable fee for the costs of copying, mailing, or other associated expenses.
2. Right to Request Amendment — You may ask us to correct or amend your PHI if you believe it is incorrect or incomplete. We may deny your request under certain circumstances.
3. Right to an Accounting of Disclosures — You may request a list of certain disclosures of your PHI we have made (excluding treatment, payment, and health care operations) over the past six years (or as allowed by law).
4. Right to Request Restrictions — You may request limits on how we use or disclose your PHI for treatment, payment, or health care operations. We are not required to agree to every restriction, but will consider your request.
5. Right to Confidential Communications — You may request that we send communications to you via alternative methods or at alternative locations (e.g. by mail rather than email).
6. Right to Withdraw Consent / Authorization — You may revoke any authorization you have given (except to the extent we have relied on it).
7. Right to Notification of a Breach — You have the right to be notified if there is a breach of your unsecured PHI involving your information.

To exercise any of these rights, you must submit a written request to our Privacy Officer (see contact below).

7. Privacy & Security Safeguards

We maintain administrative, technical, and physical safeguards to protect the confidentiality, integrity, and availability of PHI. This includes access controls, encryption (where feasible), secure storage, and staff training.

In the event of a breach involving unsecured PHI, we will comply with HIPAA breach notification rules: notifying affected individuals, the Secretary of the U.S. Department of Health & Human Services, and, when required, the media.

8. Analytics, Advertising & Google Ads Considerations

• We do not include any PHI or identifying health information in analytics tools or tracking scripts on HIPAA designated pages.
• We comply with Google Ads and healthcare advertising policies. We avoid targeting or retargeting that relies on PHI or sensitive health data.
• Google Ads does not sign a Business Associate Agreement (BAA), so we ensure compliance by avoiding PHI involvement in conversions, remarketing, or audience segments. 
• We also restrict any third-party ad or tracking vendors from collecting PHI via our site unless there is a written agreement placing strict safeguards.

9. Retention & Deletion

We will retain your PHI for as long as needed to provide care, meet legal obligations, and maintain business operations, consistent with federal and state laws. When no longer needed, we securely destroy or deidentify PHI according to standard protocols.

10. Changes to This Policy

We reserve the right to modify this Privacy Policy / Notice of Privacy Practices at any time, effective for all PHI we maintain at the time of change. We will post the revised policy with an updated Effective Date and, where required by law, notify you of material changes.

11. Contact & Complaints

If you have questions or complaints about this policy or our practices, or want to exercise your rights:

Privacy Officer / Contact
Advanced Hearing Docs
Mesa Medical Plaza 295 S.1470 East, Suite 301 St. George, UT 84790
(435) 688-8866
info@advancedhearingdocs.com

If you believe your privacy rights have been violated, you may file a complaint with us (no retaliation) or with the U.S. Department of Health & Human Services Office for Civil Rights.