The contents of the Website, including but not limited to scores, statistics, text, graphics, video and audio recordings, images, information, user interfaces, visual interfaces, photographs, trademarks, logos, sounds, music, artwork and computer code, and other material contained or that may be contained on the Website (the “Content”), and the design, structure, selection, coordination, expression, “look and feel” and arrangement of such Content, is owned, controlled or licensed by or to Crossover Health, and is protected by trade dress, copyright, patent and trademark laws, and various other intellectual property rights and unfair competition laws.
You may use the Content and information on Crossover Health’s services that is purposely made available by Crossover Health for downloading from the Website, provided that you (1) not remove any proprietary notice language in all copies of such materials, (2) use such information only for your personal, non-commercial informational purposes, (3) do not copy or post such information on any networked computer or broadcast it in any media without Crossover Health’s express prior written consent, (4) make no modifications to any such materials, and (5) not make any additional representations or warranties relating to such materials.
Website Does Not Provide Medical Advice or Establish a Provider-Patient Relationship
The Content is for informational purposes only, and is not intended nor implied to be a substitute for professional medical or mental health advice, diagnosis, or treatment. Watching, listening, reading, emailing or interacting on social media with Crossover Health personnel or our Content through the Website does not establish a provider-patient relationship. By accessing the Website and Content, you expressly agree not to rely upon any of the Content as professional advice. Always seek the advice of your physician or another qualified health provider with any questions you may have regarding a medical condition. Nothing in the Content should be understood as a recommendation that you should not do so. Never disregard professional medical advice from your health provider or delay in seeking it because of something you have seen on the Website. If you think you may have a medical emergency, immediately call 911. Crossover Health does not recommend or endorse any specific tests, physicians, products, procedures, opinions, or other information. Reliance on any information provided on the Website is solely at your own risk.
While we make an effort to ensure that the Content is accurate, no guarantee is given regarding the accuracy of any statements or opinions expressed in the Content. The Content should not be used in any legal capacity whatsoever, including but not limited to establishing “standard of care” in a legal sense or as a basis for expert witness testimony.
Crossover Health’s obligations, if any, with regard to its products and services are governed solely by the agreements pursuant to which they are provided, and nothing on this Website should be construed to alter such agreements.
Crossover Health is committed to protecting your personal information. The Website contains many of the same types of security features as other secure websites such as banking websites including: encryption, registration requirements, authorization, and password protection. The Website has several features or services that allow for the recording and storage of your information, which may require you to open an account (including setting up a Crossover Health sign-in name and password). You are responsible for maintaining the confidentiality of the information you hold for your account so that no unauthorized person shall have access to your devices or passwords or accounts, and for any and all activity that occurs under your account as a result of your failing to keep this information secure and confidential. You are entirely responsible to: (1) control the dissemination and use of your sign-in name, screen name and passwords; (2) authorize, monitor, and control access to and use of your account and password; (3) promptly notify Crossover Health if you believe your account or password has been compromised or if there is any other reason you need to deactivate a password. To send us an email, use the “Contact Us” links located at the bottom of every page of our Website. You grant Crossover Health and all other persons or entities involved in the operation of the Website the right to transmit, monitor, retrieve, store, and use your information in connection with the operation of the Website. Crossover Health cannot and does not assume any responsibility or liability for your or third parties’ use or misuse of information transmitted or received using the Website’s tools and services.
You may not use anyone else’s Crossover Health sign-in name, password or account at any time without the express permission and consent of the holder of that Crossover Health sign-in name, password or account. Crossover Health cannot and will not be liable for any loss or damage arising from your failure to comply with these obligations.
Additionally, by using the Website, you acknowledge and agree that Internet transmissions are never completely private or secure. You understand that any message or information you send to the Website may be read or intercepted by others, even if there is a special notice that a particular transmission (for example, credit card information) is encrypted.
Links to Other Sites and to this Website
This Website may contain links to other independent third-party web sites (“Linked Sites”). These Linked Sites are provided solely as a convenience to our visitors. Such Linked Sites are not under Crossover Health’s control, and Crossover Health is not responsible for and does not endorse the content of such Linked Sites, including any information or materials contained on such Linked Sites. You will need to make your own independent judgment regarding your interaction with these Linked Sites.
You agree not to use the Website or any of its features for any purpose that is unlawful or prohibited by the Terms. You are personally responsible for the material that you send and for adhering to rules of conduct on any page of the Website. Crossover Health reserves the right to deny access to any part of the Website at our sole discretion.
The above disclaimer applies to any damages, liability or injuries caused by any failure of performance, error, omission, interruption, deletion, defect, delay in operation or transmission, computer virus, communication line failure, theft or destruction of or unauthorized access to, alteration of, or use, whether for breach of contract, tort, negligence or any other cause of action.
Without limiting the foregoing, Crossover Health, its licensors, affiliates and its suppliers make no representations or warranties about the accuracy, reliability, completeness, currentness, or timeliness of the Content, software, text, graphics, links, or communications provided on or through the use of the Website.
Crossover Health reserves the right, at any time and without notice, to do any of the following: (1) modify, suspend or terminate operation of or access to the Website or Content, or any portion thereof; (2) modify or change the Website or Content, or any portion thereof, and any applicable policies or terms; and (3) interrupt the operation of the Website or Content, or any portion thereof, as necessary to perform routine or non-routine maintenance, error correction, or other changes.
Limitation of Liability
The use of the Website and the Content is at your own risk. When using the Website, while advanced technological safeguards are in place, information will be transmitted over a medium that may be beyond the control and jurisdiction of Crossover Health and its affiliates. Accordingly, Crossover Health assumes no liability for or relating to the delay, failure, interruption, or corruption of any data or other information transmitted in connection with use of the Website.
Except where prohibited by law, in no event will Crossover Health, its officers, directors, employees, consultants, owners, licensors, affiliates, suppliers, or any third parties mentioned on the Website be liable to you for any indirect, consequential, exemplary, incidental or punitive damages (including, without limitation, incidental and consequential damages, personal injury/wrongful death, lost profits, or damages resulting from lost data or business interruption), whether based on warranty, contract, tort, or any other legal theory, and whether or not Crossover Health, its licensors, its suppliers, or any third parties mentioned on the Website have been advised of the possibility of such damages.
Governing Law; Dispute Resolution
Crossover Health works to protect the integrity of its website and applications. Although Crossover Health uses the most up-to-date encryption technology, please be aware that unauthorized third parties could obtain illegal access to this site.
EFFECTIVE DATE: MAY 15, 2018
Collection and Use of Personal Information
Crossover Health will not collect your name, email address or other personal information unless you voluntarily provide it. Crossover Health will not sell, trade, rent or share personal information about you or other Website or Application visitors to any unaffiliated third party.
If you use http://go.crossoverhealth.com, also known as the Crossover Health member website (the “Website”) or the Crossover Health Portal (the “Application”), Crossover Health may collect, use and store the following personal information:
- First and Last Name
- Company email address
- Date of Birth
- Password and log-in information
- Collection and Use of Anonymous Information
If you use the Website or the Application, you consent to the collection and use of information as discussed below. Changes in this policy will be posted on this page so you will always know what information is being collected, how it is being used and under what circumstances it is being disclosed.
Crossover Health collects the following non-personal information about its Website and Application visitors on an aggregated basis:
- Date and time of visit IP address (numbers that identify your Internet service provider or network)
- Name of the Internet browser you used to visit the Website or Application
- Pages visited and files downloaded on this Website or Application
- Referring website (the last website you visited before coming to this Website or Application)
- Search keywords used to find this Website or Application
- Type of computer (PC or Mac) you used to visit this Website or Application
This information is used to improve your experience on the Website or Application. Crossover Health may make changes and updates to the Website or Application based on the collection of this information. Website administrators will gather this information and may report on broad user trends, site usage and popular web pages to Crossover Health.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
We use the following cookies:
- Essential cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart, or make use of e-billing services.
- Analytical/performance cookies. They allow us to recognize and count the number of visitors and to see how visitors move around our website(s). This helps us to improve the way our website(s) works, for example, by ensuring that users are finding what they are looking for easily
- Functionality cookies. These are used to recognize you when you return to our website. This enables us to personalize our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).
- Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website(s) and the content displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
You can find more information about the individual cookies we use and the purposes for which we use them in the table
|The Session cookie is used to maintain your login and other personalization while using the site. This cookie is considered essential for the proper use of the site.
|NOTE: Only set and used by the Crossover Health corporate website and clinic micro-sites. The Patient Portal does not read/use this cookie. Analytical cookies are used to track your clicks as you browse the corporate website. This provides the Crossover teams with insight into how you use the site, which allows us to improve the site’s usefulness and performance.
|Some Crossover clients have elected to enable Identity Providers for their employees. This means those client’s employees may use their employer login/credentials to authenticate on Crossover’s Patient Portal. This cookie is used by our software to remember which Identity Provider you authenticate with. It will only be set for patients that choose to use their employer’s identity provider for authentication.
|Stripe is a 3rd-party partner that provides highly secure, PCI-DSS compliant payment functions. These cookies are essential for payments within the Patient Portal to succeed. These cookies are used to maintain a link between your account and payment methods, as well as part of the communication between your browser and Stripe’s website during payment processing and “card-on-file” actions.
|On the corporate website only, we use this cookie to keep track of notifications displayed to visitors, as well as notifications that have been dismissed by the visitor.
|On the corporate website only, the sales and marketing teams uses ZoomInfo to optimize our lead generation efforts by capturing basic user data and checking that data against a vast business contact database and several sales intelligence and prospecting tools provided by Zoominfo to better market our products and services.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. Please note, if you use your browser settings to block all cookies (including essential cookies) you will not be able to access all or parts of our website(s).
Crossover adheres to the principles set forth in the US-EU and US-Swiss Safe Harbor Frameworks with respect to its services. Information on both Safe Harbors may be found at www.export.gov/safeharbor. In compliance with the US-EU and US-Swiss Safe Harbor Principles, Crossover commits to resolve complaints about privacy and our collection or use of personal information. Citizens of the European Union or Switzerland with inquiries or complaints about privacy should contact Crossover at firstname.lastname@example.org. In the event of a dispute relating to data protection which cannot be resolved directly with Crossover, Crossover is committed to cooperating with the EU Data Protection Authorities and has registered with the U.S. Council for International Business to act as an independent recourse mechanism.
Crossover Health welcomes your questions and comments about privacy. Please feel free to send us an email at: email@example.com.
Crossover Health Medical Group
Notice Of Privacy Practices (Effective Date: November 2018)
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
As required by the privacy regulations created as a result of the Health Insurance Portability and Accountability Act of 1996 (HIPAA):
A. Our commitment to your privacy:
Our practice is dedicated to maintaining the privacy of your individually identifiable health information (also called protected health information, or PHI). In conducting our business, we will receive information and create records regarding you and the treatment and services we provide to you. We are required by law to maintain the confidentiality of health information that identifies you. We also are required by law to provide you with this notice of our legal duties and the privacy practices that we maintain in our practice concerning your PHI. By federal and state law, we must follow the terms of the Notice of Privacy Practices that we have in effect at the time. We realize that these laws are complicated, but we must provide you with the following important information:
- How we may use and disclose your PHI
- Your privacy rights in your PHI
- Our obligations concerning the use and disclosure of your PHI
The terms of this notice apply to all records containing your PHI that are created or retained by our practice. We reserve the right to revise or amend this Notice of Privacy Practices (the “Notice”). Any revision or amendment to the Notice will be effective for all of your records that our practice has created or maintained in the past, and for any of your records that we may create or maintain in the future. Our practice will post a copy of our current Notice in our clinics in a visible location at all times and on our website, and you may request a copy of our most current Notice at any time. We are required to abide by the terms of the notice currently in effect A revised Notice may be obtained by forwarding a written request to Crossover Health Medical Group, 101 W. Avenida Vista Hermosa Ste. 120, San Clemente, CA 92672.
B. Your personal information:
We keep records of the medical care we provide you, and we may receive similar records from others. We use this information so that we, or other health care providers, can render quality medical care, obtain payment for services and enable us to meet our professional and legal responsibilities to operate our medical practice. We may store this information in a chart and in our computers. This information makes up your medical record. The medical record is our property; however, this notice explains how we use information about you and when we are allowed to share that information with others.
C. Our privacy practices:
D. If you have questions about this Notice, please contact:
101 W. Avenida Vista Hermosa Ste. 120
San Clemente, CA 92672
E. We may use and disclose your PHI in the following ways:
The following categories describe the different ways in which we may use and disclose your PHI.
1. Treatment. Our practice may use your PHI to treat you. For example, we may ask you to have laboratory tests (such as blood or urine tests), and we may use the results to help us reach a diagnosis. We might use your PHI in order to write a prescription for you, or we might disclose your PHI to a pharmacy when we order a prescription for you. Many of the people who work for our practice – including, but not limited to, our doctors and nurses – may use or disclose your PHI in order to treat you or to assist others in your treatment. Additionally, we may also receive and disclose your PHI to other health care providers for purposes related to your treatment.
2. Payment. Our practice may use and disclose your PHI in order to bill and collect payment for the services and items you may receive from us. In addition, and by way of example of disclosures for payment purposes, we may disclose your PHI to other health care providers and entities to assist in their billing and collection efforts.
3. Health care operations. Our practice may use and disclose your PHI to operate our business. As examples of the ways in which we may use and disclose your information for our operations, our practice may use your PHI to evaluate the quality of care you received from us, or to conduct cost-management and business planning activities for our practice. We may disclose your PHI to other health care providers and entities to assist in their health care operations.
4. Appointment reminders. Our practice may use and disclose your PHI to contact you and remind you of an appointment.
5. Treatment options. Our practice may use and disclose your PHI to inform you of potential treatment alternatives or other health-related benefits and services that may be of interest to you.
6. Health-related beneﬁts and services. Our practice may use and disclose your PHI to inform you of health-related benefits or services that may be of interest to you.
7. Release of information to family/friends. Our practice may release your PHI to a friend or family member that is involved in your care, or who assists in taking care of you. However, any such disclosure will be subject to legal requirements and our HIPAA and HITECH Policy.
8. Disclosures required by law. Our practice will use and disclose your PHI when we are required to do so by federal, state or local law.
9. Organized Health Care Arrangements
Crossover Health Medical Group participates in Organized Health Care Arrangements (“OHCA”s) at certain healthcare clinics it operates. An OHCA is: (i) a clinically integrated healthcare setting where patients may receive care from multiple healthcare providers or (ii) an organized system of healthcare where more than one healthcare provider participates. Under an OHCA, providers from different healthcare companies share medical and billing information with one another as necessary to carry out treatment, payment, and healthcare operations. Each member of the OHCA is responsible for their own activities, including compliance with all HIPAA privacy-related laws. View a list of the clinics, and participants where Crossover participates in an OHCA.
The participating providers are not employees of Crossover Health and are independent contractors who each exercise their own independent professional judgment in the provision of your healthcare.
F. Use and disclosure of your PHI in certain special circumstances:
The following categories describe unique scenarios in which we may use or disclose your identifiable health information:
1. Public health risks. Our practice may disclose your PHI to public health authorities that are authorized by law to collect information for the purpose of:
- Maintaining vital records, such as births and deaths;
- Reporting child abuse or neglect;
- Preventing or controlling disease, injury or disability;
- Notifying a person regarding potential exposure to a communicable disease;
- Notifying a person regarding a potential risk for spreading or contracting a disease or condition
- Reporting reactions to drugs or problems with products or devices;
- Notifying individuals if a product or device they may be using has been recalled;
- Notifying appropriate government agency(ies) and authority(ies) regarding the potential abuse or neglect of an adult patient (including domestic violence); however, we will only disclose this information if the patient agrees or we are required or authorized by law to disclose this information; or
- Notifying your employer under limited circumstances related primarily to workplace injury or illness or medical surveillance.
2. Health oversight activities. Our practice may disclose your PHI to a health oversight agency for activities authorized by law. Oversight activities can include, for example, investigations, inspections, audits, surveys, licensure and disciplinary actions; civil, administrative and criminal procedures or actions; or other activities necessary for the government to monitor government programs, compliance with civil rights laws and the health care system in general.
3. Lawsuits and similar proceedings. Our practice may use and disclose your PHI in response to a court or administrative order, if you are involved in a lawsuit or similar proceeding. We also may disclose your PHI in response to a discovery request, subpoena or other lawful process by another party involved in the dispute, but only if we have made an effort to inform you of the request or to obtain an order protecting the information the party has requested.
4. Law enforcement. We may release PHI if asked to do so by a law enforcement official:
- Regarding a crime victim in certain situations, if we are unable to obtain the person’s agreement;
- Concerning a death we believe has resulted from criminal conduct;
- Regarding criminal conduct at our offices;
- In response to a warrant, summons, court order, subpoena or similar legal process;
- To identify/locate a suspect, material witness, fugitive or missing person; or
- In an emergency, to report a crime (including the location or victim(s) of the crime, or the description, identity or location of the perpetrator).
5. Deceased patients. Our practice may release PHI to a medical examiner or coroner to identify a deceased individual or to identify the cause of death. If necessary, we also may release information in order for funeral directors to perform their jobs.
6. Organ and tissue donation. Our practice may release your PHI to organizations that handle organ, eye or tissue procurement or transplantation, including organ donation banks, as necessary to facilitate organ or tissue donation and transplantation if you are an organ donor.
7. Research. Our practice may use and disclose your PHI for research purposes in certain limited circumstances. We will obtain your written authorization to use your PHI for research purposes except when an Internal Review Board or Privacy Board has determined that the waiver of your authorization satisfies all of the following conditions: The use or disclosure involves no more than a minimal risk to your privacy based on the following:
- (a) an adequate plan to protect the identifiers from improper use and disclosure; (b) an adequate plan to destroy the identifiers at the earliest opportunity consistent with the research (unless there is a health or research justification for retaining the identifiers or such retention is otherwise required by law); and (c) adequate written assurances that the PHI will not be re-used or disclosed to any other person or entity (except as required by law) for authorized oversight of the research study, or for other research for which the use or disclosure would otherwise be permitted;
- The research could not practicably be conducted without the waiver; and
- The research could not practicably be conducted without access to and use of the PHI.
8. Serious threats to health or safety. Our practice may use and disclose your PHI when necessary to reduce or prevent a serious threat to your health and safety or the health and safety of another individual or the public. Under these circumstances, we will only make disclosures to a person or organization able to help prevent the threat.
9. Military. Our practice may disclose your PHI if you are a member of U.S. or foreign military forces (including veterans) and if required by the appropriate authorities.
10. National security. Our practice may disclose your PHI to federal officials for intelligence and national security activities authorized by law. We also may disclose your PHI to federal and national security activities authorized by law. We also may disclose your PHI to federal officials in order to protect the president, other officials or foreign heads of state, or to conduct investigations.
11. Inmates. Our practice may disclose your PHI to correctional institutions or law enforcement officials if you are an inmate or under the custody of a law enforcement official. Disclosure for these purposes would be necessary: (a) for the institution to provide health care services to you, (b) for the safety and security of the institution, and/or (c) to protect your health and safety or the health and safety of other individuals.
12. Workers’ compensation. Our practice may release your PHI for workers’ compensation and similar programs.
13. Change of Ownership. In the event that our practice is sold or merged with another organization, your medical record will become the property of the new owner, although you will maintain the right to request that copies of your health information be transferred to another physician or medical group.
14. De-Identiﬁed Data. We may use or share your PHI once it has been “de-identified.” PHI is considered de-identified when it has been processed in such a way that it can no longer personally identify you.
15. Limited Data Sets. We may also use a “limited data set” that does not contain any information that can directly identify you. This limited data set may only be used for the purposes of research, public health matters or health care operations. For example, a limited data set may include your city, county and zip code, but not your name or street address.
G. Receiving PHI from providers, insurance entities, and their business associates:
We want to make you aware that, just as Crossover Health Medical Group uses and discloses certain PHI in your treatment, our operations and management and certain payment practices, Crossover Health Medical Group receives PHI from other healthcare entities and their business associates including but not limited to: medical files, charts, laboratory testing results, imagining results, and insurance claims data. PHI that is received and maintained by Crossover Health Medical Group from outside entities is subject to the protections of relevant law and our HIPAA and HITECH policy.
H. Your written permission:
Except as described in this Notice, or as otherwise permitted by law, we must obtain your written permission – called an authorization – prior to using or sharing health information that identifies you as an individual. If you provide an authorization and then change your mind, you may revoke your authorization in writing at any time. Once an authorization has been revoked, we will no longer use or share your health information as outlined in the authorization form; however you should be aware that we won’t be able to retract a use or disclosure that was previously made in good faith based on what was then a valid authorization from you. Except as specified above under the applicable state law of the practice location, we may not share your health information with your employer or benefit plan unless you provide us an authorization to do so.
I. Other Restrictions:
Under the applicable state law of the practice location, there may be additional laws regarding the use and disclosure of health information related to HIV status, communicable diseases, reproductive health, genetic test results, substance abuse, mental health and mental retardation. Generally, we will be bound by whatever law is more stringent and provides more protection for your privacy.
J. Your rights regarding your PHI:
You have the following rights regarding the PHI that we maintain about you:
1. Conﬁdential communications. You have the right to request that our practice communicate with you about your health and related issues in a particular manner or at a certain location. For instance, you may ask that we contact you at home, rather than work. In order to request a type of confidential communication, you must make a written request to Crossover Health Medical Group, 101 W. Avenida Vista Hermosa Ste. 120, San Clemente, CA 92672 and inform us of the requested method of contact, or the location where you wish to be contacted. Our practice will accommodate reasonable requests. You do not need to give a reason for your request.
2. Requesting restrictions. You have the right to request a restriction in our use or disclosure of your PHI for treatment, payment or health care operations. Additionally, you have the right to request that we restrict our disclosure of your PHI to only certain individuals involved in your care or the payment for your care, such as family members and friends. We are not required to agree to your request; however, if we do agree, we are bound by our agreement except when otherwise required by law, in emergencies or when the information is necessary to treat you. In order to request a restriction in our use or disclosure of your PHI, you must make your request in writing to Crossover Health Medical Group, 101 W. Avenida Vista Hermosa Ste. 120, San Clemente, CA 92672. Your request must describe in a clear and concise fashion:
- The information you wish restricted;
- Whether you are requesting to limit our practice’s use, disclosure or both; and/or
- To whom you want the limits to apply.
3. Inspection and copies. You have the right to inspect and obtain a copy of the PHI that may be used to make decisions about you, including patient medical records and billing records, but not including psychotherapy notes. You must submit your request in writing to Crossover Health Medical Group, 101 W. Avenida Vista Hermosa Ste. 120, San Clemente, CA 92672 in order to inspect and/or obtain a copy of your PHI. Our practice may charge a fee for the costs of copying, mailing, labor and supplies associated with your request. Our practice may deny your request to inspect and/or copy in certain limited circumstances; however, you may request a review of our denial. Another licensed health care professional chosen by us will conduct reviews.
4. Amendment. You may ask us to amend your health information if you believe it is incorrect or incomplete, and you may request an amendment for as long as the information is kept by or for our practice. To request an amendment, your request must be made in writing and submitted to Crossover Health Medical Group, 101 W. Avenida Vista Hermosa Ste. 120, San Clemente, CA 92672. You must provide us with a reason that supports your request for amendment. Our practice will deny your request if you fail to submit your request (and the reason supporting your request) in writing. Also, we may deny your request if you ask us to amend information that is in our opinion: (a) accurate and complete; (b) not part of the PHI kept by or for the practice; (c) not part of the PHI which you would be permitted to inspect and copy; or (d) not created by our practice, unless the individual or entity that created the information is not available to amend the information.
5. Accounting of disclosures. All of our patients have the right to request an “accounting of disclosures.” An “accounting of disclosures” is a list of certain non-routine disclosures our practice has made of your PHI for purposes not related to treatment, payment or operations. Use of your PHI as part of the routine patient care in our practice is not required to be documented – for example, the doctor sharing information with the nurse; or the billing department using your information to file your insurance claim. In order to obtain an accounting of disclosures, you must submit your request in writing to Crossover Health Medical Group, 101 W. Avenida Vista Hermosa Ste. 120, San Clemente, CA 92672. All requests for an “accounting of disclosures” must state a time period, which may not be longer than six (6) years from the date of disclosure. The first list you request within a 12-month period is free of charge, but our practice may charge you for additional lists within the same 12-month period. Our practice will notify you of the costs involved with additional requests, and you may withdraw your request before you incur any costs.
6. Right to a paper copy of this notice. You are entitled to receive a paper copy of our Notice. You may ask us to give you a copy of this Notice at any time. To obtain a paper copy of this Notice, contact Crossover Health Medical Group at (949) 891-0328.
7. Right to ﬁle a complaint. If you believe your privacy rights have been violated, you may file a complaint with our practice or with the Secretary of the Department of Health and Human Services. To file a complaint with our practice, contact Crossover Health Medical Group, 101 W. Avenida Vista Hermosa Ste. 120, San Clemente, CA 92672. All complaints must be submitted in writing. You will not be penalized for filing a complaint.
8. Right to provide an authorization for other uses and disclosures. Our practice will obtain your written authorization for uses and disclosures that are not identified by this Notice or permitted by applicable law. Any authorization you provide to us regarding the use and disclosure of your PHI may be revoked at any time in writing. After you revoke your authorization, we will no longer use or disclose your PHI for the reasons described in the authorization. Please note: we are required to retain records of your care.
If you have any questions regarding this Notice or our health information privacy policies, please contact Crossover Health Medical Group at (949) 891-0328. If you would like a hard copy of this Notice, please ask for one at the front desk or contact Crossover Health Medical Group at (949) 891-0328.
Effective Date: January 1, 2020
Last Updated on: January 27, 2021
This Policy does not apply to workforce-related personal information collected from California-based employees, job applicants, contractors, or similar individuals.
Information We Collect
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:
- Publicly available information from government records;
- Deidentified or aggregated consumer information;
- Information excluded from the CCPA’s scope, such as:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data, or other qualifying research data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
We have collected the following categories of personal information from consumers within the last twelve (12) months:
|Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
|A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
|C. Protected classification characteristics under California or federal law.
|Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
|D. Commercial information.
|Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
|E. Biometric information.
|Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
|F. Internet or other similar network activity.
|Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
|G. Geolocation data.
|Physical location or movements.
|H. Sensory data.
|Audio, electronic, visual, thermal, olfactory, or similar information.
|I. Professional or employment-related information.
|Current or past job history or performance evaluations.
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
|Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
|K. Inferences drawn from other personal information.
|Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from you. For example, from forms you complete or services you use.
- Indirectly from you. For example, from observing your actions on our Website.
Use of Personal Information
We use or disclose the personal information we collect for one or more of the following purposes:
- To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to ask a question about our products or services, we will use that personal information to respond to your inquiry. We may also save your information to facilitate services.
- To provide, support, personalize, and develop our Website, products, and services.
- To create, maintain, customize, and secure your account with us.
- To process your requests and transactions and prevent transactional fraud.
- To provide you with support and to respond to your inquiries, including investigating and addressing your concerns and monitoring and improving our responses.
- To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, through our Website, and via email (with your consent, where required by law)
- To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve our Website, products, and services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
We may share your personal information by disclosing it to a third party for a business purpose. We only make these business purpose disclosures under written contracts that describe the purposes for disclosure, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, we have disclosed personal information for a business purpose to the following categories of third parties:
- Service providers
- Marketing/advertising partners
Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, Crossover Health has disclosed the following categories of personal information for a business purpose:
|Personal Information described in Cal. Civ. C. 1798.80(e)
|Characteristics of Protected Classifications under California or federal law
|Internet or other Electronic Network Activity
|Professional or Employment-Related Information
|Inference Drawn from Personal Information
Sharing Personal Information
We disclose your personal information for business purposes to the following categories of third parties:
- Service providers
- Marketing/advertising partners
Sale of Personal Information
In the preceding twelve (12) months, Crossover Health has not sold personal information.
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the “right to know”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
- The specific pieces of personal information we collected about you (also called a data portability request).
Right to Delete
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We will delete or de-identify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
Exercising Your Rights to Know or Delete
To exercise your rights to know or delete described above on behalf of yourself or a dependent child, please submit a request by either:
- Emailing us at firstname.lastname@example.org.
- Writing us at Crossover Health, 101 W. Ave. Vista Hermosa, San Clemente, CA 92672, Attention: Privacy.
Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information.
You may only submit a request to know twice within a 12-month period. Your request to know or delete must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include address, date of birth, and other identifying information as well as information establishing your authority to act on behalf of a minor or other individual;
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
You do not need to create an account with us to submit a request to know or delete. However, we do consider requests made through your password-protected account sufficiently verified when the request relates to personal information associated with that specific account.
We will only use personal information provided in the request to verify the requestor’s identity or authority to make it.
Response Timing and Format
We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact us at email@example.com.
We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.
We will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
101 W. Avenida Vista Hermosa, Suite 120,
San Clemente, CA 92672
If you need to access this Policy in an alternative format due to having a disability, please contact us at firstname.lastname@example.org or the above address.
For informational purposes only, a link to the federal Centers for Medicare and Medicaid Services (CMS) Open Payments web page is provided here. The federal Physician Payments Sunshine Act requires that detailed information about payment and other payments of value worth over ten dollars ($10) from manufacturers of drugs, medical devices, and biologics to physicians and teaching hospitals be made available to the public.
You may search this federal database for payments made to physicians and teaching hospitals by visiting this website:
By providing your phone number to us, you grant permission for Crossover Health Medical Group, APC and Crossover Health Management Services, Inc. (collectively, “Crossover Health”) to send you SMS text messages regarding sign up, appointments, follow up questions, billing questions, attempts to collect payment (should the need arise), and other service-related messages, and you certify that you are the owner or authorized user of the mobile phone number provided for the SMS messaging service.
You grant permission for staff at Crossover Health to communicate with you by standard SMS messaging regarding various aspects of your medical care, which may include, but shall not be limited to, test results, prescriptions, appointments, patient satisfaction surveys and billing. You understand that standard SMS messaging is not a confidential method of communication and may be insecure. You further understand that, because of this, there is a risk that standard SMS messaging regarding your health care might be intercepted and read by an unauthorized third party. You must notify us immediately if you are no longer the owner or authorized user of the phone number you provided for SMS messaging.
When you opt-in to the SMS messaging service, we will send you an SMS message to confirm your signup. You can cancel the SMS service at any time by texting “STOP” to us, after which we will send you an SMS message to confirm that text messaging will end. After this, you will no longer receive SMS messages from us.
If at any time you forget what keywords are supported, text “HELP” to us. After you send the SMS message “HELP” to us, we will respond with instructions on how to use our service as well as how to end text messaging.
The links lead to machine-readable files that are made available in response to the federal Transparency in Coverage Rule and include negotiated service rates and out-of-network allowed amounts between health plans and healthcare providers. The machine readable files are formatted to allow researchers, regulators, and application developers to more easily access and analyze data.
The machine-readable file (MRF) URLs: