PRIVACY POLICY FOR TAPROOT CHIROPRACTIC

Last Updated: 12/12/2025

1. INTRODUCTION

Taproot Chiropractic ("we," "our," or "us") is committed to protecting your privacy and maintaining the confidentiality of your health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website thetaprootchiro.com or use our services.

As a healthcare provider, we comply with the Health Insurance Portability and Accountability Act (HIPAA), California state privacy laws, and other applicable regulations.

2. INFORMATION WE COLLECT

Protected Health Information (PHI)

  • Medical history and health records

  • Treatment information and clinical notes

  • Payment and insurance information

  • Contact information (name, address, phone, email)

  • Emergency contact information

  • Date of birth and demographic information

Website Usage Information

  • IP address

  • Browser type and version

  • Pages visited and time spent

  • Referring website

  • Device information

  • Cookies and similar tracking technologies

Communication Information

  • Email correspondence

  • Phone call records

  • Text messages (if you opt-in)

  • Contact form submissions

3. HOW WE USE YOUR INFORMATION

We use your information for:

Treatment, Payment, and Healthcare Operations (TPO)

  • Providing chiropractic care and treatment

  • Care coordination and consultation

  • Quality improvement and safety monitoring

  • Billing and payment processing

  • Insurance verification and claims

  • Appointment scheduling and reminders

  • Practice management and administration

With Your Authorization

  • Marketing communications (you may opt-out)

  • Research or educational purposes

  • Testimonials or case studies (de-identified)

  • Referrals to other healthcare providers

Legal Requirements

  • Compliance with laws and regulations

  • Response to legal process or government requests

  • Prevention of fraud or abuse

  • Public health and safety activities

4. INFORMATION SHARING AND DISCLOSURE

We do not sell your personal or health information. We may share your information with:

Healthcare Operations

  • Other healthcare providers involved in your care

  • Business associates who assist with our operations (e.g., billing services, IT support)

  • Insurance companies for payment and claims processing

Legal Requirements

  • Law enforcement in response to valid legal process

  • Public health authorities as required by law

  • In cases of suspected abuse, neglect, or domestic violence as required by law

With Your Consent

  • Family members or friends you designate

  • For purposes you specifically authorize

All business associates sign Business Associate Agreements ensuring HIPAA compliance.

5. COOKIES AND TRACKING TECHNOLOGIES

Our website uses cookies and similar technologies to:

  • Enhance user experience

  • Analyze website traffic and usage

  • Remember your preferences

  • Provide personalized content

Types of Cookies We Use:

  • Essential cookies (necessary for website function)

  • Analytics cookies (Google Analytics)

  • Functional cookies (remember preferences)

You can control cookies through your browser settings. Note that disabling cookies may limit website functionality.

6. THIRD-PARTY SERVICES

We use the following third-party services that may collect information:

  • Google Analytics - Website analytics

  • Scheduling Software - Appointment management

  • Payment Processors - Secure payment processing

  • Email Marketing Platforms - Communication (if you opt-in)

  • Cloud Storage - Secure data backup (HIPAA-compliant)

All third-party vendors are required to maintain confidentiality and comply with applicable privacy laws.

7. DATA SECURITY

We implement appropriate security measures to protect your information:

  • Encrypted data transmission (SSL/TLS)

  • Secure, password-protected systems

  • Regular security assessments

  • Limited employee access (need-to-know basis)

  • Staff training on privacy and security

  • Physical security of premises and records

  • Secure backup and disaster recovery procedures

Despite our efforts, no electronic transmission or storage system is 100% secure. We cannot guarantee absolute security.

8. YOUR PRIVACY RIGHTS

Under HIPAA and California law, you have the right to:

  • Access - Request copies of your health records

  • Amendment - Request corrections to your health information

  • Accounting - Request a list of certain disclosures

  • Restriction - Request limits on how we use/share your information

  • Confidential Communication - Request communications by alternative means

  • Notice - Receive a copy of our Notice of Privacy Practices

  • Revoke Authorization - Withdraw consent (except for actions already taken)

  • Opt-Out - Unsubscribe from marketing communications

California Residents (CCPA/CPRA Rights):

  • Right to know what personal information is collected

  • Right to delete personal information

  • Right to opt-out of sale (we do not sell information)

  • Right to non-discrimination for exercising privacy rights

9. PATIENT PORTAL AND ONLINE ACCESS

If we offer a patient portal:

  • You are responsible for maintaining password confidentiality

  • We use secure, encrypted connections

  • You control who has access to your account

  • We may send appointment reminders and health information through the portal

10. CHILDREN'S PRIVACY

We treat pediatric patients and collect health information about minors with parental/guardian consent. Parents/guardians have rights to access and control their child's health information, subject to state law limitations for mature minors.

We do not knowingly collect personal information from children through our website without parental consent.

11. RETENTION OF INFORMATION

We retain your health records according to:

  • California state law requirements (minimum 7 years from last visit for adults; until age 25 for minors)

  • Federal regulations

  • Professional standards

  • Business and legal needs

12. BREACH NOTIFICATION

In the event of a breach of unsecured protected health information, we will notify affected individuals as required by HIPAA and California law, typically within 60 days of discovery.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically. Material changes will be posted on our website with the "Last Updated" date. Your continued use of our services after changes constitutes acceptance.

14. NOTICE OF PRIVACY PRACTICES

For more detailed information about how we use and disclose your protected health information, please request our HIPAA Notice of Privacy Practices, available at our office or upon request.

15. CONTACT US

For questions, concerns, or to exercise your privacy rights:

Taproot Chiropractic 28936 Old Town Front St. Suite 106 Temecula, CA 92590 Phone: (951)525-6566 Email: hello@thetaprootchiro.com Website: thetaprootchiro.com

Privacy Officer: Dr. Jennifer Gordon

To file a complaint about our privacy practices:

  • Contact our Privacy Officer at the above information

  • File a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights

You will not be retaliated against for filing a complaint.