Privacy Policy

DermaCare Dermatology Clinic ("we," "our," or "us") is committed to protecting your privacy and maintaining the confidentiality of your personal health information (PHI). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with our AI-powered symptom checker.

As a healthcare provider, we are required to comply with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable privacy laws. This policy describes our practices regarding both protected health information (PHI) and general website information.

DermaCare is a covered entity under HIPAA and is committed to protecting your protected health information (PHI). We have implemented physical, technical, and administrative safeguards to ensure the confidentiality, integrity, and availability of your PHI.

Your HIPAA Rights Include:

• Right to Access: You have the right to inspect and copy your PHI
• Right to Amend: You may request corrections to your PHI
• Right to Restrict: You may request restrictions on how we use or disclose your PHI
• Right to Confidential Communications: You may request that we communicate with you in a specific way or at a specific location
• Right to Accounting: You may request an accounting of disclosures of your PHI
• Right to File Complaints: You may file complaints about our privacy practices

Personal Health Information (PHI):

• Contact information (name, address, phone, email)
• Demographic information (age, gender, date of birth)
• Medical history and current symptoms
• Treatment records and clinical notes
• Insurance and billing information
• Appointment and scheduling information

Website Information:

• IP address and browser information
• Pages visited and time spent on site
• Referring website information
• Search terms used to find our site
• Cookie and session data

AI Symptom Checker Data:

• Symptom descriptions and responses
• Body part and condition information
• Duration and severity indicators
• Interaction timestamps and session data

We use your information for the following purposes:

Treatment, Payment, and Healthcare Operations (TPO):

• Providing medical care and treatment
• Coordinating care with other healthcare providers
• Processing insurance claims and billing
• Quality improvement and safety monitoring
• Staff training and competency assessment

Website and Service Improvement:

• Improving our website functionality and user experience
• Enhancing our AI symptom checker accuracy
• Analyzing usage patterns to optimize services
• Providing customer support and technical assistance

Communication:

• Appointment reminders and confirmations
• Test results and follow-up care instructions
• Health education and preventive care information
• Emergency notifications when necessary

Our AI-powered symptom checker, built with Watson Assistant technology, follows strict privacy protocols:

Data Processing:

• Conversations are processed using secure, encrypted connections
• Data is anonymized and aggregated for AI training purposes
• No personally identifiable information is stored permanently
• Session data is automatically deleted after 30 days

Watson Assistant Privacy:

• IBM Watson Assistant complies with GDPR and privacy regulations
• Data is processed in secure, compliant data centers
• No data is used for IBM's general AI training without consent
• Conversations are encrypted both in transit and at rest

We may share your information only in the following circumstances:

Required by Law:

• Public health reporting requirements
• Court orders and legal proceedings
• Law enforcement investigations
• Reporting of abuse or neglect

Healthcare Operations:

• Referrals to specialists or other healthcare providers
• Insurance verification and claims processing
• Quality assurance and accreditation activities
• Business associates who provide services to us

Emergency Situations:

• Serious threats to health or safety
• Emergency medical situations
• Public health emergencies

We implement comprehensive security measures to protect your information:

Technical Safeguards:

• 256-bit SSL encryption for all data transmission
• Multi-factor authentication for system access
• Regular security audits and vulnerability assessments
• Automated backup and disaster recovery systems
• Firewalls and intrusion detection systems

Physical Safeguards:

• Secure, locked facilities with restricted access
• Security cameras and alarm systems
• Secure disposal of physical records
• Workstation security and automatic screen locks

Administrative Safeguards:

• HIPAA compliance training for all staff
• Background checks for employees with PHI access
• Role-based access controls and permissions
• Regular privacy and security policy updates

You have several rights regarding your personal information:

Access and Correction:

• Request copies of your medical records
• Request corrections to inaccurate information
• Request restrictions on use or disclosure of your PHI

Communication Preferences:

• Choose how and where we contact you
• Opt out of non-essential communications
• Request alternative communication methods

Website Data:

• Disable cookies in your browser settings
• Request deletion of non-medical website data
• Opt out of analytics tracking

Our website uses cookies and similar technologies to improve your experience:

Types of Cookies We Use:

• Essential Cookies: Required for basic website functionality
• Performance Cookies: Help us understand how visitors use our site
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Provide insights into website usage patterns

Third-Party Analytics:

We may use Google Analytics or similar services to understand website usage. These services may collect information about your visits to our site and other websites. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

We work with trusted third-party services to provide our healthcare services:

IBM Watson Assistant:

• Powers our AI symptom checker
• Complies with healthcare privacy regulations
• Data processing occurs in secure, compliant environments

Other Third-Party Services:

• Payment processors for appointment booking
• Email services for appointment reminders
• Cloud storage providers for secure data backup
• Analytics services for website improvement

All third-party services that handle PHI are required to sign Business Associate Agreements (BAAs) ensuring HIPAA compliance.

We provide pediatric dermatology services and are committed to protecting children's privacy:

• Parental consent is required for treatment of minors
• Our website is not directed to children under 13
• We do not knowingly collect personal information from children under 13 without parental consent
• Parents have the right to review and request deletion of their child's information

If you believe we have collected information from a child under 13 without proper consent, please contact us immediately.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make significant changes:

• We will post the updated policy on our website
• We will notify patients of material changes via email or mail
• The "Last Updated" date at the top of the policy will be revised
• We may provide additional notice for significant changes affecting PHI

Your continued use of our services after policy changes indicates your acceptance of the updated terms.

If you have questions about this Privacy Policy, want to exercise your rights, or need to file a complaint, please contact us:

Filing Complaints:

You also have the right to file a complaint with the U.S. Department of Health and Human Services if you believe your privacy rights have been violated: