Privacy Policy — HIPAA Notice

Introduction

AP Medical Center, LLC ("we," "us," or "our") is committed to protecting the privacy and security of your personal and health information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with our medical facility located at 10030 SW 40th ST Ste A, Miami, FL 33165.

This policy applies to all information collected through our website, our medical practice, and any related services, communications, or interactions. By accessing our website or using our services, you acknowledge that you have read and understood this Privacy Policy. We encourage you to review this policy periodically, as it may be updated from time to time.

Information We Collect

We may collect and process the following categories of information in the course of providing healthcare services and operating our website:

Personal Information

• Full name, date of birth, gender, and Social Security Number (when required)
• Home address, phone number, and email address
• Insurance information, policy numbers, and billing details
• Emergency contact information
• Government-issued identification numbers
• Employment information (when relevant to your care or billing)

Protected Health Information (PHI)

• Medical history, diagnoses, and treatment records
• Prescription and medication information
• Laboratory results, diagnostic imaging, and test results
• Clinical and progress notes from healthcare providers
• Mental and behavioral health records
• Immunization and vaccination records
• Referral information and specialist correspondence

Website Usage Data

• IP address, browser type, operating system, and device information
• Pages visited, time spent on pages, and navigation patterns
• Referring website addresses and search terms
• Information submitted through online contact forms or appointment requests
• Cookies and similar tracking technologies (see Cookies section below)

How We Use Your Information

We use the information we collect for the following purposes:

• Treatment: To provide, coordinate, and manage your medical care and related services
• Appointment Management: To schedule, confirm, and send reminders about your appointments
• Payment and Billing: To process insurance claims, billing, and payment for services rendered
• Healthcare Operations: To support quality assessment, compliance audits, staff training, and accreditation activities
• Communication: To respond to your inquiries, provide customer support, and send follow-up communications related to your care
• Legal Compliance: To comply with federal, state, and local laws and regulatory requirements
• Website Improvement: To analyze website usage and improve the user experience
• Public Health: To report certain conditions and vital statistics as required by public health authorities

HIPAA Compliance

AP Medical Center, LLC is a covered entity under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and complies with all applicable provisions of the HIPAA Privacy Rule (45 CFR Part 160 and Subparts A and E of Part 164), the HIPAA Security Rule (45 CFR Part 160 and Subparts A and C of Part 164), and the HITECH Act.

We maintain comprehensive administrative, technical, and physical safeguards to protect the confidentiality, integrity, and availability of your Protected Health Information (PHI). Our workforce members are trained on HIPAA requirements and are bound by our privacy and security policies. We require all business associates who handle PHI on our behalf to enter into Business Associate Agreements (BAAs) to ensure they also safeguard your information.

We will not use or disclose your PHI without your written authorization, except as described in this policy and our Notice of Privacy Practices, or as otherwise permitted or required by law.

Notice of Privacy Practices

As required by HIPAA, we maintain a Notice of Privacy Practices (NPP) that describes in detail how your medical information may be used and disclosed, and how you can access this information. A copy of our Notice of Privacy Practices is available on our website and will be provided to you upon request at our office.

Your Rights Under HIPAA

Under HIPAA, you have the following rights with respect to your Protected Health Information:

Right to Access

You have the right to inspect and obtain a copy of your medical records and other health information maintained by our practice. We may charge a reasonable fee for copying and mailing costs. We will respond to your request within 30 days. In certain limited circumstances, we may deny your request, and you will have the right to have the denial reviewed.

Right to Request Amendment

You have the right to request that we amend your health information if you believe it is incorrect or incomplete. Your request must be made in writing and must include a reason for the amendment. We may deny your request under certain circumstances, such as if the information was not created by our practice, is not part of our records, or is accurate and complete.

Right to an Accounting of Disclosures

You have the right to request a list of certain disclosures we have made of your health information. This accounting will not include disclosures made for treatment, payment, or healthcare operations, or disclosures made with your written authorization. The first accounting in any 12-month period is free; additional requests may be subject to a reasonable fee.

Right to Request Restrictions

You have the right to request that we restrict how we use or disclose your health information for treatment, payment, or healthcare operations. You may also request restrictions on disclosures to family members or others involved in your care. We are not required to agree to your request, except we must agree to restrict disclosures to a health plan for services you have paid for in full out of pocket.

Right to Confidential Communications

You have the right to request that we communicate with you about your health information in a particular way or at a particular location. For example, you may request that we contact you only by mail or at a specific phone number. We will accommodate reasonable requests.

Right to File a Complaint

If you believe your privacy rights have been violated, you have the right to file a complaint with our practice or with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights. We will not retaliate against you for filing a complaint. To file a complaint with HHS, visit www.hhs.gov/ocr/privacy/hipaa/complaints/ or call 1-877-696-6775.

Information Sharing and Disclosure

We do not sell, trade, or rent your personal or health information to third parties. We may share your information only in the following circumstances:

• Treatment: With other healthcare providers directly involved in your medical care, including referring physicians, specialists, laboratories, and pharmacies
• Payment: With your insurance company, health plan, or other entities responsible for payment of your healthcare services
• Healthcare Operations: For quality improvement, compliance audits, accreditation, staff training, and other operational purposes
• Business Associates: With third-party vendors who perform services on our behalf and are bound by HIPAA-compliant Business Associate Agreements
• Legal Requirements: When required by federal, state, or local law, including court orders, subpoenas, or government investigations
• Public Health Activities: To report communicable diseases, vital statistics, or suspected abuse or neglect as required by public health authorities
• Health and Safety: To prevent or lessen a serious and imminent threat to health or safety
• Workers' Compensation: As authorized by workers' compensation laws
• With Your Authorization: For any other purpose with your written authorization, which you may revoke at any time

Data Security

We implement comprehensive security measures to protect your personal and health information from unauthorized access, alteration, disclosure, or destruction. Our security program includes:

• Administrative Safeguards: Written security policies and procedures, workforce training, access management, and incident response plans
• Technical Safeguards: Encrypted data transmission (SSL/TLS), secure access controls, audit logging, automatic session timeouts, and data backup systems
• Physical Safeguards: Facility access controls, workstation security, device and media controls, and secure disposal of records
• Ongoing Monitoring: Regular risk assessments, vulnerability scanning, and security audits to identify and address potential threats

While we employ industry-standard security measures to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but are committed to maintaining the highest level of protection reasonably available.

Cookies and Tracking Technologies

Our website may use cookies and similar tracking technologies to enhance your browsing experience. Cookies are small text files stored on your device that help us understand how you use our website.

We may use the following types of cookies:

• Essential Cookies: Required for the basic functionality of our website, such as navigation and form submissions
• Analytics Cookies: Help us understand how visitors interact with our website, allowing us to improve content and usability
• Functionality Cookies: Remember your preferences and settings to provide a personalized experience

You can control cookie settings through your browser preferences. Disabling cookies may affect the functionality of certain features on our website. We do not use cookies to collect Protected Health Information.

Third-Party Links

Our website may contain links to third-party websites, services, or resources that are not operated or controlled by AP Medical Center, LLC. We are not responsible for the privacy practices, content, or security of these external sites. We encourage you to review the privacy policies of any third-party websites you visit. The inclusion of a link on our website does not imply endorsement of the linked site or its content.

Children's Privacy

Our website is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 through our website. If we become aware that we have inadvertently collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly.

For minors who are patients of our practice, their health information is managed in accordance with HIPAA and applicable Florida state laws regarding the privacy of minors' medical records. Parents or legal guardians may exercise privacy rights on behalf of their minor children.

Changes to This Policy

We reserve the right to update or modify this Privacy Policy at any time. When we make changes, we will update the "Last Updated" date at the top of this page. Material changes will be communicated through a prominent notice on our website or by other appropriate means. Your continued use of our website or services after any changes constitutes your acceptance of the updated policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Contact Us

If you have questions about this Privacy Policy, wish to exercise any of your privacy rights, need a copy of our Notice of Privacy Practices, or want to file a complaint, please contact us:

You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights: