Privacy Policy for Music City Ketamine

Effective Date: November 15, 2024

Contact Information

Music City Ketamine
480 Duke Dr #100
Franklin, TN 37067
Phone: (615) 988-4600

Introduction

Music City Ketamine (“we,” “us,” “our,” or “the Clinic”) is committed to protecting the privacy and security of our patients’ personal and medical information. This Privacy Policy describes how we collect, use, maintain, protect, and disclose information collected from patients, website visitors, and other individuals who interact with our practice. We understand the sensitive nature of medical information and take our responsibility to protect your privacy seriously.

Scope of This Policy

This Privacy Policy applies to all information collected through our:

• Medical facility and in-person services
• Website and online platforms
• Electronic health records system
• Patient communications
• Payment processing systems
• Mobile applications (if applicable)
• Marketing communications

Definitions

• Protected Health Information (PHI): Any information about health status, provision of healthcare, or payment for healthcare that we create or collect that can be linked to a specific individual.
• Personal Information: Information that can be used to identify, contact, or locate an individual.
• Treatment Information: Information related to the provision of healthcare or treatment.
• Payment Information: Information related to payment for healthcare services.

Information We Collect

Personal and Demographic Information

• Full name and title
• Date of birth
• Social Security number
• Gender and pronouns
• Home address and contact information
• Email address
• Emergency contact information
• Driver’s license or other identification
• Employment information
• Preferred language and communication preferences

Medical and Health Information

• Medical history and physical examination findings
• Mental health history and assessments
• Current medications and allergies
• Laboratory and test results
• Treatment plans and progress notes
• Previous healthcare records
• Family medical history
• Lifestyle and social history
• Treatment outcomes and follow-up care plans

Insurance and Payment Information

• Insurance carrier and policy details
• Insurance ID numbers
• Claims history
• Payment history
• Credit card or banking information
• Billing addresses
• Healthcare spending account information

Technical and Website Information

• IP addresses and device identifiers
• Browser type and version
• Operating system information
• Geographic location data
• Website navigation and interaction data
• Cookies and tracking technologies
• Mobile device information
• Login credentials and access times

How We Collect Information

We collect information through:

1. Direct patient interaction
2. Medical forms and documentation
3. Electronic health record systems
4. Website and online platforms
5. Communication with other healthcare providers
6. Insurance companies and healthcare clearinghouses
7. Third-party service providers
8. Automated technologies and cookies

How We Use Your Information

Primary Uses for Treatment, Payment, and Healthcare Operations

• Providing medical treatment and services
• Coordinating care with other healthcare providers
• Processing insurance claims and payments
• Scheduling and confirming appointments
• Sending appointment reminders
• Conducting internal quality assessment
• Managing our business operations
• Training medical staff and students
• Improving our services

Additional Uses

• Conducting research (with proper authorization)
• Marketing our services (with consent)
• Complying with legal obligations
• Responding to legal requests and proceedings
• Preventing fraud and abuse
• Ensuring patient safety
• Managing risk and liability
• Maintaining security

Legal Basis for Processing Information

We process your information based on:

1. Your explicit consent
2. Contractual obligations
3. Legal requirements
4. Legitimate business interests
5. Protection of vital interests
6. Public interest in healthcare

Information Sharing and Disclosure

Healthcare Partners and Providers

We may share your information with:

• Referring physicians
• Specialists and consultants
• Hospitals and surgical centers
• Laboratories and imaging centers
• Pharmacies
• Other healthcare providers involved in your care

Business Associates

We share information with business associates who:

• Provide billing services
• Maintain our electronic health records
• Offer technical support
• Conduct quality assessment
• Perform data analysis
• Process payments All business associates are required to maintain the privacy and security of your information through Business Associate Agreements.

Legal and Regulatory Requirements

We may disclose information:

• As required by federal, state, or local law
• In response to court orders or subpoenas
• To report adverse events to the FDA
• For public health activities
• To prevent serious threats to health or safety
• For workers’ compensation claims
• For law enforcement purposes
• For specialized government functions

HIPAA Compliance and Your Rights

Your HIPAA Rights

Under HIPAA, you have the right to:

1. Access Your Records
   • Inspect and obtain copies of your health records
   • Receive electronic copies of electronic health records
   • Request records be sent to a third party
2. Request Amendments
   • Ask us to correct inaccurate or incomplete information
   • Submit statements of disagreement
   • Have your requests documented
3. Receive an Accounting of Disclosures
   • Get a list of when and to whom your information was disclosed
   • Review non-routine disclosures for up to six years
   • Understand how your information is shared
4. Request Restrictions
   • Ask us to limit the information we share
   • Request confidential communications
   • Opt-out of certain disclosures
5. Be Notified of Privacy Breaches
   • Receive timely notification of privacy breaches
   • Understand the nature and extent of breaches
   • Learn about remediation efforts

How to Exercise Your Rights

To exercise your HIPAA rights:

1. Submit a written request to our Privacy Officer
2. Provide necessary documentation and identification
3. Allow up to 30 days for processing
4. Pay any applicable fees for copies
5. Receive written responses to your requests

Security Measures and Safeguards

Administrative Safeguards

• Regular staff training on privacy practices
• Written policies and procedures
• Security risk assessments
• Information access management
• Security incident procedures
• Contingency planning
• Regular policy reviews and updates

Physical Safeguards

• Secured facility access
• Workstation and device security
• Proper disposal of PHI
• Hardware and media controls
• Facility security plan
• Maintenance records
• Clean desk policy

Technical Safeguards

• Data encryption
• Access controls and authentication
• Audit controls
• Integrity controls
• Transmission security
• Network monitoring
• Malware protection
• Regular security updates

Data Retention and Destruction

We retain medical records according to state and federal requirements:

• Adult medical records: Minimum 7 years from last date of service
• Pediatric records: Until age 21 or 7 years from last service
• Financial records: 7 years from last transaction
• Employment records: Duration of employment plus 7 years

Destruction Methods

When destroying records, we use:

• Certified shredding services
• Secure electronic data wiping
• Hardware destruction
• Documented destruction procedures

Special Situations

Minors’ Privacy Rights

We protect minors’ information with additional safeguards:

• Parental/guardian authorization requirements
• Special confidentiality for certain services
• Age-specific access controls
• Compliance with state minor consent laws

Research and Clinical Trials

If we use information for research:

• Obtain specific authorization
• Follow IRB requirements
• De-identify data when possible
• Maintain research protocols
• Document all research activities

Marketing and Fundraising

We require specific authorization for:

• Marketing communications
• Sale of PHI
• Fundraising activities
• Third-party marketing

Online Privacy and Digital Communications

Website Privacy

Our website privacy practices include:

• Cookie management
• Analytics tracking
• Online forms security
• Third-party integrations
• Social media interactions

Electronic Communications

We protect electronic communications through:

• Encrypted email
• Secure patient portals
• Text message policies
• Mobile app security
• Video consultation privacy

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Changes will be:

• Posted on our website
• Available in our office
• Effective immediately upon posting
• Communicated to patients as required
• Documented with version control

State-Specific Privacy Rights

We comply with Tennessee state privacy laws and regulations, including:

• State medical record retention requirements
• Special protection for sensitive information
• State-specific disclosure requirements
• Additional patient rights

Complaints and Contact Information

Filing a Complaint

You may file a complaint if you believe your privacy rights have been violated:

1. Contact our Privacy Officer directly
2. Submit a complaint to the US Department of Health and Human Services
3. File a complaint with state regulatory authorities

No Retaliation

We will not retaliate against any person for filing a privacy complaint.

Contact Information

For privacy-related matters, please contact:

Privacy Officer
Music City Ketamine
480 Duke Dr #100
Franklin, TN 37067
Phone: (615) 988-4600

Acknowledgment

By receiving care at Music City Ketamine, you acknowledge receipt of this Privacy Policy and consent to the practices described herein.