PRIVACY POLICY

Last Updated: 11/26/2025

INTRODUCTION

Olympus Health (“we,” “us,” or “our”) is committed to protecting the privacy and security of your personal health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or communicate with us.

As a healthcare provider, we are required to comply with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable privacy laws. This policy describes our privacy practices and your rights regarding your protected health information.

INFORMATION WE COLLECT

Personal Information

Contact Information: Name, address, phone number, email address
Identification Information: Date of birth, Social Security number (when required)
Insurance Information: Insurance provider and policy details (for coordination of benefits)
Emergency Contact Information: Names and contact details of emergency contacts

Protected Health Information (PHI)

Medical History: Past and current medical conditions, treatments, and procedures
Medications: Current and past medications, dosages, and prescription history
Laboratory Results: Blood tests, imaging results, and other diagnostic information
Clinical Notes: Doctor observations, assessments, and treatment plans
Communication Records: Messages, calls, and emails related to your healthcare

Website and Technology Information

Website Usage: Pages visited, time spent, and browsing patterns
Device Information: IP address, browser type, and device characteristics
Cookies and Tracking: Information collected through cookies and similar technologies
Communication Logs: Records of emails, texts, and phone calls (for current patients)

HOW WE USE YOUR INFORMATION

Healthcare Services

Provide direct primary care and medical services
Diagnose, treat, and manage your health conditions
Coordinate care with specialists and other healthcare providers
Monitor your health progress and adjust treatment plans
Communicate with you about your health and treatment options

Practice Operations

Schedule and manage appointments
Process payments and billing
Maintain medical records and documentation
Quality assurance and practice improvement
Training and education of our healthcare team

Legal and Regulatory Compliance

Comply with HIPAA and other healthcare regulations
Respond to legal requests and court orders
Report required information to public health authorities
Maintain records as required by law

Communication and Support

Respond to your questions and requests
Provide customer service and technical support
Send appointment reminders and health information
Communicate practice updates and policy changes

HOW WE SHARE YOUR INFORMATION

Healthcare Operations

We may share your information with:

Laboratories and Diagnostic Centers for testing and results
Pharmacies for prescription filling and management
Specialist Physicians when referrals are necessary
Healthcare Facilities for emergency or hospital care

Legal Requirements

We may disclose information when:

Required by law or legal process
Necessary to prevent serious harm to health or safety
Required for public health reporting
Requested by law enforcement in specific circumstances
Needed for workers’ compensation claims

Business Associates

We may share information with third-party service providers who:

Provide technology services (scheduling, communications)
Process payments and billing
Offer data storage and security services
Assist with practice operations and support

All business associates are required to sign agreements protecting your information and complying with HIPAA requirements.

With Your Authorization

We may share your information with:

Family members or friends you designate
Other healthcare providers with your written consent
Insurance companies for coverage verification (with permission)
Research organizations (only with explicit consent)

YOUR HIPAA RIGHTS

As our patient, you have the right to:

Access Your Records

Request copies of your medical records and health information
Receive records within 30 days of your request
Request records in electronic format when possible

Request Amendments

Ask us to correct or amend information in your medical records
Submit written requests with supporting documentation
Receive written responses to amendment requests

Request Restrictions

Ask us to limit how we use or share your health information
Request restrictions on communications with family or others
Limit information shared with your insurance company

Request Confidential Communications

Ask for communications to be sent to alternative locations
Request specific methods of contact (phone, email, mail)
Designate authorized representatives to receive information

Receive Notice of Breaches

Be notified if there is a breach of your protected health information
Receive details about what information was involved
Learn what steps we are taking to address the breach

File Complaints

Submit complaints about our privacy practices
File complaints with the Department of Health and Human Services
File complaints without fear of retaliation

WEBSITE PRIVACY AND COOKIES

Website Information Collection

Our website may collect:

Information you voluntarily provide through forms
Automatically collected browsing and usage data
Information from cookies and similar tracking technologies

Cookies and Tracking Technologies

We use cookies to:

Remember your preferences and settings
Analyze website traffic and usage patterns
Improve website functionality and user experience
Provide personalized content and recommendations

Third-Party Services

Our website may use:

Google Analytics for website traffic analysis
Scheduling Software for appointment booking
Communication Platforms for patient messaging
Payment Processors for billing and payments

Your Choices

You can:

Disable cookies in your browser settings
Opt out of certain tracking and analytics
Request deletion of website account information
Update communication preferences

DATA SECURITY AND PROTECTION

Security Measures

We implement various security measures including:

Encryption of data in transit and at rest
Access Controls limiting who can view patient information
Authentication requiring secure login for system access
Monitoring for unauthorized access or security breaches
Staff Training on privacy and security practices

Physical Safeguards

Secure storage of physical records and documents
Limited access to areas containing patient information
Secure disposal of paper records and electronic media
Workstation and device security measures

Technical Safeguards

Firewalls and intrusion detection systems
Regular software updates and security patches
Secure backup and disaster recovery procedures
Audit logs tracking access to patient information

RETENTION AND DISPOSAL

Medical Records

We retain medical records according to:

Texas state law requirements (minimum 7 years for adults)
Federal regulations and HIPAA requirements
Professional standards and practice guidelines
Specific patient needs and ongoing care requirements

Other Information

Communication records retained for practice operations
Website data retained according to our data retention policy
Billing information retained per financial and legal requirements
Marketing data retained until you opt out or request deletion

Secure Disposal

When information is no longer needed:

Paper records are securely shredded or destroyed
Electronic data is permanently deleted or overwritten
Storage devices are securely wiped or physically destroyed
Disposal is documented and verified

CHILDREN’S PRIVACY

We do not knowingly collect personal information from children under 13 years of age through our website. Our medical services are provided to adults (18 years and older). If we become aware that we have collected information from a child under 13, we will take steps to delete that information promptly.

For patients between 13-17 years of age, we follow applicable state laws regarding parental consent and access to medical information.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect:

Changes in our practices or services
Updates to applicable laws and regulations
New technology implementations
Feedback from patients and stakeholders

When we make changes:

We will post the updated policy on our website
We will notify current patients of significant changes
We will provide the effective date of any updates
Previous versions will be available upon request

CALIFORNIA PRIVACY RIGHTS

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including:

Right to know what personal information we collect
Right to delete personal information we have collected
Right to opt out of the sale of personal information
Right to non-discrimination for exercising privacy rights

Note: Medical information regulated by HIPAA may be exempt from certain CCPA requirements.

CONTACT INFORMATION

For Privacy Questions or Requests:

Privacy Officer: Dr. Dante Paredes, DO Olympus Health

Phone: (214) 326-0801 Email: dr.dante.paredes.do@olympushealth.co

For HIPAA Complaints:

U.S. Department of Health and Human Services Office for Civil Rights 1301 Young Street, Suite 1169 Dallas, TX 75202

Phone: (214) 767-4056 Website: www.hhs.gov/ocr/privacy/hipaa/complaints

EFFECTIVE DATE

This Privacy Policy is effective as of 11/26/2025 and applies to all information collected by Olympus Health from that date forward.

ACKNOWLEDGMENT

By using our services or website, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.

For current patients: You will receive a separate Notice of Privacy Practices that provides additional details about how your protected health information is used and disclosed in accordance with HIPAA requirements.