Privacy Policy

Privacy Policy

Geneva Primary Care & Med Spa

Effective Date: June, 2025
Last Updated: June, 2025

Overview

Geneva Primary Care & Med Spa (“Geneva,” “we,” “us,” or “our”) is committed to protecting the privacy and confidentiality of our patients and website visitors. This Privacy Policy explains how we collect, use, protect, and disclose personal information in connection with our medical services, aesthetic treatments, and digital platforms.

This policy applies to all individuals who interact with our practice, including patients, prospective patients, website visitors, and anyone who uses our online services or communicates with us electronically.

By using our services or visiting our website, you acknowledge that you have read and understood this Privacy Policy.

Types of Information We Collect

Patient Health Information

As a healthcare provider, we collect and maintain protected health information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA). This includes:

• Medical history and current health conditions
• Treatment records and clinical notes
• Diagnostic test results and imaging
• Prescription and medication information
• Insurance and billing details
• Before-and-after treatment photographs (with consent)
• Physical characteristics relevant to treatment planning

Personal Contact Information

We collect basic identifying information necessary for patient care and communication:

• Full name and preferred name
• Date of birth and age
• Home address and mailing address
• Phone numbers (mobile and landline)
• Email addresses
• Emergency contact information
• Preferred communication methods

Financial and Payment Data

For billing and payment processing, we may collect:

• Insurance information and policy details
• Credit card and payment method information
• Billing addresses
• Financial assistance or payment plan information
• Transaction history and payment records

Website and Digital Information

When you visit our website or use our digital services, we automatically collect:

• IP address and geographic location
• Browser type and operating system
• Device information and screen resolution
• Pages visited and time spent on site
• Referral sources and exit pages
• Cookie and tracking data

Communication Records

We maintain records of all communications, including:

• Phone call logs and voicemail messages
• Email correspondence
• Text messages and secure messaging
• Appointment scheduling communications
• Survey responses and feedback

How We Use Your Information

Primary Care and Medical Services

• Providing medical diagnosis, treatment, and ongoing care
• Coordinating care with specialists and other healthcare providers
• Maintaining accurate medical records
• Prescription management and medication monitoring
• Scheduling appointments and sending reminders

Aesthetic and Spa Services

• Conducting consultations and treatment planning
• Documenting treatment progress with photographs
• Recommending appropriate aesthetic procedures
• Following up on treatment outcomes
• Managing aesthetic treatment schedules

Administrative Operations

• Processing insurance claims and billing
• Verifying insurance coverage and benefits
• Managing patient accounts and payments
• Responding to patient inquiries and concerns
• Maintaining facility security and safety

Quality Improvement

• Analyzing treatment outcomes and patient satisfaction
• Improving our services and patient experience
• Training staff and maintaining clinical standards
• Conducting internal audits and assessments

Legal and Regulatory Compliance

• Meeting HIPAA and state privacy requirements
• Responding to legal requests and court orders
• Reporting required public health information
• Maintaining records as required by law

Information Sharing and Disclosure

Healthcare-Related Sharing

We may share your health information with:

• Treatment Partners: Other healthcare providers involved in your care
• Insurance Companies: For coverage verification and claims processing
• Business Associates: Third-party vendors who help us provide healthcare services
• Family Members: With your written authorization or in emergency situations
• Specialists: For referrals and coordinated care

Required Disclosures

We may disclose information when required by law:

• Public health authorities for disease reporting
• Government agencies during audits or investigations
• Law enforcement in specific circumstances
• Courts pursuant to valid legal orders
• Workers’ compensation programs when applicable

Marketing and Communications

With your consent, we may use your information for:

• Appointment reminders and follow-up care
• Health education and wellness tips
• Information about new services and treatments
• Special offers and promotions
• Patient satisfaction surveys

We do not sell your personal information to third parties.

Your Privacy Rights

Access and Review

You have the right to:

• Review and obtain copies of your medical records
• Request corrections to inaccurate information
• Receive an accounting of disclosures we have made
• Request restrictions on how we use your information

Communication Preferences

You may:

• Choose how we contact you (phone, email, mail, text)
• Opt out of marketing communications
• Request confidential communications
• Designate someone to receive information on your behalf

Georgia State Rights

As a Georgia resident, you have additional rights including:

• The right to request deletion of certain personal information
• The right to opt out of targeted advertising
• The right to non-discrimination for exercising privacy rights
• The right to appeal our decisions regarding your requests

How to Exercise Your Rights

To exercise any privacy rights:

• In Person: Visit our office during business hours (Mon-Fri 9:00am – 7:00pm)
• By Phone: Call us at (470) 704-9687
• By Email: Send a written request to careteam@geneva.wild-webdev.com
• By Mail: Write to us at 3275 North Point Pkwy #204, Alpharetta, GA 30005

We will respond to your request within 30 days and may require identity verification.

Data Security and Protection

Physical Safeguards

• Secured facility with restricted access
• Locked filing cabinets for paper records
• Private consultation and treatment rooms
• Controlled access to medical areas

Technical Safeguards

• Encrypted electronic health records systems
• Secure data transmission protocols
• Regular software updates and security patches
• Multi-factor authentication for staff access
• Automatic logoff and screen locks

Administrative Safeguards

• HIPAA-compliant policies and procedures
• Regular staff training on privacy practices
• Background checks for all employees
• Incident response and breach notification procedures
• Regular security risk assessments

Website Privacy and Cookies

Cookie Usage

Our website uses cookies to:

• Remember your preferences and settings
• Analyze website traffic and usage patterns
• Improve site functionality and user experience
• Provide relevant content and services

You can control cookie settings through your browser preferences.

Third-Party Services

Our website may include:

• Analytics Tools: To understand website usage
• Appointment Scheduling: For online booking
• Payment Processing: For secure transactions
• Communication Tools: For patient messaging

These services have their own privacy policies, which we encourage you to review.

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes.

Data Retention

We retain your information as long as necessary for:

• Providing ongoing medical care
• Meeting legal and regulatory requirements
• Defending against potential legal claims
• Billing and insurance purposes

Medical records are typically retained for a minimum of 10 years after your last visit, or longer as required by Georgia state law.

Children’s Privacy

We provide medical services to patients of all ages. For patients under 18:

• Parents or guardians must provide consent for treatment
• We follow Georgia laws regarding minor consent
• Certain sensitive health information may be kept confidential from parents when legally permitted
• We limit collection of personal information to what is necessary for medical care

Changes to This Policy

We may update this Privacy Policy to reflect:

• Changes in our practices or services
• New legal or regulatory requirements
• Improvements to our privacy protections
• Updates to technology we use

We will notify you of material changes by:

• Posting updates on our website
• Sending email notifications to current patients
• Providing written notice at your next appointment

Contact Information

For questions about this Privacy Policy or our privacy practices:

Geneva Primary Care & Med Spa
3275 North Point Pkwy #204
Alpharetta, Georgia 30005

Phone: (470) 704-9687
Email: careteam@geneva.wild-webdev.com
Website: geneva-med.com

Privacy Officer: Megha Jerath
Email: megha@geneva.wild-webdev.com

HIPAA Notice of Privacy Practices

This Privacy Policy supplements our HIPAA Notice of Privacy Practices, which provides additional details about how we protect your health information. You may request a copy of our complete HIPAA notice at any time.

Compliance and Complaints

If you believe your privacy rights have been violated, you may:

1. File a complaint with our Privacy Officer
2. Contact the Georgia Department of Public Health
3. File a complaint with the U.S. Department of Health and Human Services

We will not retaliate against you for filing a privacy complaint.

This Privacy Policy is designed to comply with HIPAA, Georgia state privacy laws, and applicable federal regulations. It should be reviewed by legal counsel before implementation.