Privacy Policy

Essen Health Care ("Essen," "we," "us," or "our") is committed to protecting the privacy of our patients, website visitors, and users of our services. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website (essenhealthcare.com), use our patient portal, or receive healthcare services from us.

By accessing or using our website and services, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the website or use our services.

We may collect the following types of information:

Personal Information: Name, date of birth, Social Security number, contact information (address, phone number, email), insurance information, and emergency contact details.

Health Information (PHI): Medical history, diagnoses, treatment records, prescription information, lab results, imaging reports, and other health-related information created or received in the course of providing healthcare services.

Website Usage Information: IP address, browser type, device information, pages visited, time spent on our website, referring URLs, and cookies or similar tracking technologies.

Communication Data: Information you provide when you contact us, fill out forms, schedule appointments, or communicate with our staff electronically.

We use the information we collect for the following purposes:

Healthcare Operations: To provide, coordinate, and manage your healthcare and related services; to communicate with you about appointments, test results, and treatment plans; and to process billing and insurance claims.

Website Improvement: To maintain, operate, and improve our website and digital services; to personalize your experience; and to analyze usage patterns.

Communication: To respond to your inquiries; to send appointment reminders, health information, and service updates; and to provide customer support.

Legal Compliance: To comply with applicable laws, regulations, and legal processes, including HIPAA and New York State health information privacy laws.

Quality & Safety: To conduct quality assessments, audits, clinical research (with appropriate approvals), and patient safety initiatives.

As a healthcare provider, Essen Health Care is required to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations. Our full Notice of Privacy Practices, which describes how your Protected Health Information (PHI) may be used and disclosed, is available at our offices and upon request.

Under HIPAA, we may use and disclose your PHI for: • Treatment: Sharing information with other healthcare providers involved in your care. • Payment: Submitting claims to your insurance company and processing co-payments. • Healthcare Operations: Quality improvement, training, accreditation, and administrative functions.

We will not use or disclose your PHI for marketing purposes or sell your PHI without your express written authorization, except as permitted by HIPAA.

We do not sell your personal information. We may share your information in the following circumstances:

With Your Consent: When you provide written authorization to share your information with specified parties.

Healthcare Providers: With other providers involved in your care, including specialists, labs, imaging centers, and hospitals.

Insurance & Billing: With your health insurance company for claims processing and payment purposes.

Business Associates: With vendors and service providers who perform services on our behalf (e.g., IT providers, billing companies) under written agreements that require them to protect your information.

Legal Requirements: When required by law, including responses to court orders, subpoenas, or government investigations.

Public Health & Safety: To public health authorities for disease prevention, reporting abuse, or preventing serious threats to health or safety.

We implement administrative, technical, and physical safeguards designed to protect your personal and health information from unauthorized access, use, or disclosure. These measures include:

• Encryption of electronic health records and data transmissions • Secure access controls with role-based permissions • Regular security assessments and vulnerability testing • Employee training on privacy and security practices • Physical security controls at our facilities • Business associate agreements with all vendors who handle protected information

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. If you believe your information has been compromised, please contact us immediately.

Under HIPAA and applicable state laws, you have the following rights regarding your health information:

Right to Access: You may request a copy of your medical records and health information we maintain about you.

Right to Amend: You may request that we amend your health information if you believe it is incorrect or incomplete.

Right to an Accounting of Disclosures: You may request a list of disclosures we have made of your health information.

Right to Request Restrictions: You may request restrictions on how we use or disclose your health information for treatment, payment, or healthcare operations.

Right to Confidential Communications: You may request that we communicate with you using alternative means or at alternative locations.

Right to a Paper Copy: You may request a paper copy of this Privacy Policy and our Notice of Privacy Practices at any time.

To exercise any of these rights, please contact our Privacy Officer using the contact information below.

Our website is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13 through our website. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

For patients under 18, health information is managed in accordance with HIPAA, New York State law regarding minor consent, and the preferences of the parent or legal guardian.

Our website uses cookies and similar technologies to enhance your browsing experience. Cookies are small data files stored on your device that help us remember your preferences and understand how you use our website.

Essential Cookies: Required for the website to function properly (e.g., session management, security).

Analytics Cookies: Help us understand how visitors interact with our website so we can improve it.

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality. Our website does not respond to "Do Not Track" signals.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, provide additional notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a concern, please contact:

Essen Health Care Privacy Officer Phone: (718) 732-0052 Email: privacy@essenhealthcare.com Mail: Essen Health Care, 354 E. 149th Street, Suite 400, Bronx, NY 10455

If you believe your privacy rights have been violated, you may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights at www.hhs.gov/hipaa/filing-a-complaint.