Enter your employer name:
Sign In
Terms and conditions

Please read these Terms of Use carefully before using this website.

These Terms of Use (the “Terms of Use”) apply to the Crossover Health website located at crossoverhealth.com, and all associated sites linked to crossoverhealth.com by Crossover Health, its subsidiaries, and affiliates (collectively, the “Website”). The Website is the property of Crossover Health. BY USING THE SITE, YOU AGREE TO THESE TERMS OF USE; IF YOU DO NOT AGREE, DO NOT USE THE SITE.

Crossover Health reserves the right, at its sole discretion, to change, modify, add /or remove portions of these Terms of Use, at any time. It is your responsibility to check these Terms of Use periodically for changes. Your continued use of the Website following the posting of changes will mean that you accept and agree to the changes. So long as you comply with these Terms of Use, Crossover Health grants you a personal, non-exclusive, non-transferable, limited privilege to enter and use the Website.

Content; Copyright

The contents of the Website, including but not limited to scores, statistics, text, graphics, video and audio recordings, images, information, user interfaces, visual interfaces, photographs, trademarks, logos, sounds, music, artwork and computer code, and other material contained or that may be contained on the Website (the “Content”), and the design, structure, selection, coordination, expression, “look and feel” and arrangement of such Content, is owned, controlled or licensed by or to Crossover Health, and is protected by trade dress, copyright, patent and trademark laws, and various other intellectual property rights and unfair competition laws.

You may use the materials on this Website for your personal, non-commercial purposes. Except as expressly provided in these Terms of Use, you may not reproduce, duplicate, distribute (including by way of email, facsimile or other electronic means), re-publish, upload, modify, publicly display, encode, translate, transmit or distribute in any way (including “mirroring”) to any other computer, server, web site or another medium for publication or distribution or for any commercial enterprise,  or transmit material from the Website without Crossover Health’s express prior written consent.

You may use the Content and information on Crossover Health’s services that is purposely made available by Crossover Health for downloading from the Website, provided that you (1) not remove any proprietary notice language in all copies of such materials, (2) use such information only for your personal, non-commercial informational purposes, (3) do not copy or post such information on any networked computer or broadcast it in any media without Crossover Health’s express prior written consent, (4) make no modifications to any such materials, and (5) not make any additional representations or warranties relating to such materials.

Website Does Not Provide Medical Advice or Establish a Provider-Patient Relationship

The Content is for informational purposes only, and is not intended nor implied to be a substitute for professional medical or mental health advice, diagnosis, or treatment. Watching, listening, reading, emailing or interacting on social media with Crossover Health personnel or our Content through the Website does not establish a provider-patient relationship. By accessing the Website and Content, you expressly agree not to rely upon any of the Content as professional advice.  Always seek the advice of your physician or another qualified health provider with any questions you may have regarding a medical condition. Nothing in the Content should be understood as a recommendation that you should not do so. Never disregard professional medical advice from your health provider or delay in seeking it because of something you have seen on the Website. If you think you may have a medical emergency, immediately call 911. Crossover Health does not recommend or endorse any specific tests, physicians, products, procedures, opinions, or other information. Reliance on any information provided on the Website is solely at your own risk.

While we make an effort to ensure that the Content is accurate, no guarantee is given regarding the accuracy of any statements or opinions expressed in the Content. The Content should not be used in any legal capacity whatsoever, including but not limited to establishing “standard of care” in a legal sense or as a basis for expert witness testimony.  

Services; Other Terms of Use

Additional Terms of Use may apply to purchases or use of Crossover Health’s services and to specific portions or features of the Site, all of which terms are made a part of these Terms of Use by this reference. You agree to abide by such other Terms of Use, including where applicable representing that you are of sufficient legal age to use or participate in such service or feature. If there is a conflict between these Terms of Use and the terms posted for or applicable to a specific portion of the Website or for any service offered on or through the Website, the latter terms shall control with respect to your use of that portion of the Website or the specific service.

Crossover Health’s obligations, if any, with regard to its products and services are governed solely by the agreements pursuant to which they are provided, and nothing on this Website should be construed to alter such agreements.


Crossover Health is committed to protecting your personal information. The Website contains many of the same types of security features as other secure websites such as banking websites including: encryption, registration requirements, authorization, and password protection. The Website has several features or services that allow for the recording and storage of your information, which may require you to open an account (including setting up a Crossover Health sign-in name and password). You are responsible for maintaining the confidentiality of the information you hold for your account so that no unauthorized person shall have access to your devices or passwords or accounts, and for any and all activity that occurs under your account as a result of your failing to keep this information secure and confidential. You are entirely responsible to: (1) control the dissemination and use of your sign-in name, screen name and passwords; (2) authorize, monitor, and control access to and use of your account and password; (3) promptly notify Crossover Health if you believe your account or password has been compromised or if there is any other reason you need to deactivate a password. To send us an email, use the “Contact Us” links located at the bottom of every page of our Website. You grant Crossover Health and all other persons or entities involved in the operation of the Website the right to transmit, monitor, retrieve, store, and use your information in connection with the operation of the Website. Crossover Health cannot and does not assume any responsibility or liability for your or third parties’ use or misuse of information transmitted or received using the Website’s tools and services.

You may not use anyone else’s Crossover Health sign-in name, password or account at any time without the express permission and consent of the holder of that Crossover Health sign-in name, password or account. Crossover Health cannot and will not be liable for any loss or damage arising from your failure to comply with these obligations.


Crossover Health’s Privacy Policy applies to the use of this Website, and its terms are made a part of these Terms of Use by this reference.

View Crossover Health’s Privacy Policy

View California Residents’ Privacy Policy

Additionally, by using the Website, you acknowledge and agree that Internet transmissions are never completely private or secure. You understand that any message or information you send to the Website may be read or intercepted by others, even if there is a special notice that a particular transmission (for example, credit card information) is encrypted.

Links to Other Sites and to this Website

This Website may contain links to other independent third-party web sites (“Linked Sites”). These Linked Sites are provided solely as a convenience to our visitors. Such Linked Sites are not under Crossover Health’s control, and Crossover Health is not responsible for and does not endorse the content of such Linked Sites, including any information or materials contained on such Linked Sites. You will need to make your own independent judgment regarding your interaction with these Linked Sites.

Online Content

You agree not to use the Website or any of its features for any purpose that is unlawful or prohibited by the Terms. You are personally responsible for the material that you send and for adhering to rules of conduct on any page of the Website. Crossover Health reserves the right to deny access to any part of the Website at our sole discretion.


Crossover Health does not promise that the Website or any Content, service or feature of the Website will be error-free or uninterrupted, or that any defects will be corrected, or that your use of the Website will provide specific results. The Website and the Content are provided on an “as is” and “as-available” basis, without warranty of any kind. All information provided on the website is subject to change without notice. Crossover Health disclaims all warranties, either express or implied, statutory or otherwise, with regard to the Content, including but not limited to warranties of accuracy, non-infringement, merchantability and fitness for a particular purpose. Crossover Health disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the Website, the Content and/or Crossover Health’s services. you assume total responsibility for your use of the Website and any Linked Sites. Your sole and exclusive remedy against Crossover Health if you are dissatisfied with any portion of the Website, any Content, or with any of these Terms of Use, is to discontinue accessing the Website or any such Content. 

The above disclaimer applies to any damages, liability or injuries caused by any failure of performance, error, omission, interruption, deletion, defect, delay in operation or transmission, computer virus, communication line failure, theft or destruction of or unauthorized access to, alteration of, or use, whether for breach of contract, tort, negligence or any other cause of action.

Without limiting the foregoing, Crossover Health, its licensors, affiliates and its suppliers make no representations or warranties about the accuracy, reliability, completeness, currentness, or timeliness of the Content, software, text, graphics, links, or communications provided on or through the use of the Website.

Crossover Health reserves the right, at any time and without notice, to do any of the following: (1) modify, suspend or terminate operation of or access to the Website or Content, or any portion thereof; (2) modify or change the Website or Content, or any portion thereof, and any applicable policies or terms; and (3) interrupt the operation of the Website or Content, or any portion thereof, as necessary to perform routine or non-routine maintenance, error correction, or other changes.

Limitation of Liability

The use of the Website and the Content is at your own risk. When using the Website, while advanced technological safeguards are in place, information will be transmitted over a medium that may be beyond the control and jurisdiction of Crossover Health and its affiliates. Accordingly, Crossover Health assumes no liability for or relating to the delay, failure, interruption, or corruption of any data or other information transmitted in connection with use of the Website.

Except where prohibited by law, in no event will Crossover Health, its officers, directors, employees, consultants, owners, licensors, affiliates, suppliers, or any third parties mentioned on the Website be liable to you for any indirect, consequential, exemplary, incidental or punitive damages (including, without limitation, incidental and consequential damages, personal injury/wrongful death, lost profits, or damages resulting from lost data or business interruption), whether based on warranty, contract, tort, or any other legal theory, and whether or not Crossover Health, its licensors, its suppliers, or any third parties mentioned on the Website have been advised of the possibility of such damages.  

If, notwithstanding the other provisions of these Terms of Use, Crossover Health is found to be liable to you for any damage or loss which arises out of or is in any way connected with your use of the Website or any Content, Crossover Health’s liability shall in no event exceed US$100.00. Some jurisdictions do not allow the exclusion or limitations of liability, so the foregoing limitations may not apply to you.


You agree to defend, indemnify and hold Crossover Health, its officers, directors, owners, predecessors, successors in interest, employees, agents, licensors, suppliers, subsidiaries and affiliates, harmless from any actions, demands, loss, liability, claims, settlements or expenses (including without limitation, reasonable legal and accounting fees), made against Crossover Health by any third party resulting from, or alleged to result from, your violation of these Terms of Use.

Governing Law; Dispute Resolution

You agree that all matters relating to your access to or use of the Website,  including all disputes, and all claims involving Crossover Health or its affiliates, subsidiaries, employees, contractors, officers, directors, telecommunication providers, and content providers including all disputes, will be governed by the laws of the United States and by the laws of the State of California without regard to its conflicts of laws provisions. You agree to the personal jurisdiction by and venue in the state and federal courts in Orange County, California, and waive any objection to such jurisdiction or venue. These Terms of Use are governed by the internal substantive laws of the State of California, without respect to its conflict of laws principles. If any provision of these Terms of Use is found to be invalid by any court having competent jurisdiction, the invalidity of such provision shall not affect the validity of the remaining provisions of these Terms of Use, which shall remain in full force and effect. Crossover Health’s failure to insist on or enforce strict performance of these Terms of Use shall not be construed as a waiver by Crossover Health of any provision or any right it has to enforce these Terms of Use, nor shall it be deemed a further or continuing waiver of such term or condition or any other term or condition, nor shall any course of conduct between Crossover Health and you or any other party be deemed to modify any provision of these Terms of Use. 

Any claims arising in connection with your use of the Website or Content must be brought within one (1) year of the date of the event giving rise to such action occurred, or such claim is barred. Remedies under these Terms of Use are exclusive and are limited to those expressly provided for in these Terms of Use. No recovery may be sought or received for damages other than out-of-pocket expenses, except that the prevailing party will be entitled to costs and attorneys’ fees. In the event of any controversy or dispute between Crossover Health and you arising out of or in connection with your use of the Website or Content, you and Crossover Health agree to attempt, promptly and in good faith, to resolve any such dispute. If we are unable to resolve any such dispute within a reasonable time (not to exceed thirty (30) days), then either party may submit such controversy or dispute to mediation. If the dispute cannot be resolved through mediation, then the parties shall be free to pursue any right or remedy available to them under applicable law.

Complete Agreement

These Terms of Use constitute the entire agreement between you and Crossover Health with respect to the use of the Website and Content.

Privacy Policy

Crossover Health works to protect the integrity of its website and applications. Although Crossover Health uses the most up-to-date encryption technology, please be aware that unauthorized third parties could obtain illegal access to this site.


Collection and Use of Personal Information

Crossover Health will not collect your name, email address or other personal information unless you voluntarily provide it. Crossover Health will not sell, trade, rent or share personal information about you or other Website or Application visitors to any unaffiliated third party.

If you use http://go.crossoverhealth.com, also known as the Crossover Health member website (the “Website”) or the Crossover Health Portal (the “Application”), Crossover Health may collect, use and store the following personal information:

  • First and Last Name
  • Company email address
  • Date of Birth
  • Password and log-in information
  • Collection and Use of Anonymous Information

If you use the Website or the Application, you consent to the collection and use of information as discussed below. Changes in this policy will be posted on this page so you will always know what information is being collected, how it is being used and under what circumstances it is being disclosed.

Crossover Health collects the following non-personal information about its Website and Application visitors on an aggregated basis:

  • Date and time of visit IP address (numbers that identify your Internet service provider or network)
  • Name of the Internet browser you used to visit the Website or Application
  • Pages visited and files downloaded on this Website or Application
  • Referring website (the last website you visited before coming to this Website or Application)
  • Search keywords used to find this Website or Application
  • Type of computer (PC or Mac) you used to visit this Website or Application

This information is used to improve your experience on the Website or Application. Crossover Health may make changes and updates to the Website or Application based on the collection of this information. Website administrators will gather this information and may report on broad user trends, site usage and popular web pages to Crossover Health.


Our website(s) uses cookies to distinguish you from other users of our website. This helps us to provide you with an exceptional experience when you browse our website(s) and also allows us to improve our site. By continuing to use the site, you are agreeing to our use of cookies.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.

We use the following cookies:

  • Essential cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart, or make use of e-billing services.
  • Analytical/performance cookies. They allow us to recognize and count the number of visitors and to see how visitors move around our website(s). This helps us to improve the way our website(s) works, for example, by ensuring that users are finding what they are looking for easily
  • Functionality cookies. These are used to recognize you when you return to our website. This enables us to personalize our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).
  • Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website(s) and the content displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
  • Remarketing cookies. We have contracted with Google Ads to manage our advertising on other sites. Google Ads uses cookies to collect information about your activities on this and other websites and to then provide you with Crossover advertising on other websites. If you wish to not have this information used for the purpose of serving you targeted ads, you may opt-out by visiting your Google Ads settings page. Please note, this does not opt you out of being served advertisements. You may continue to receive generic non-targeted ads.
  • Social cookies.  Social cookies allow us to use buttons and widgets provided by social network services and other third parties. They commonly set cookies which enable visitors to post links to, ‘Like’ or comment on a site through their social networks. They often also allow tracking of visitors across other sites that have the same sorts of functionality embedded in them. Please refer to the third-party processors’ and partner’ privacy policy for more details.

You can find more information about the individual cookies we use and the purposes for which we use them in the table




Sessionrack.sessionThe Session cookie is used to maintain your login and other personalization while using the site. This cookie is considered essential for the proper use of the site.
NOTE: Only set and used by the Crossover Health corporate website and clinic micro-sites. The Patient Portal does not read/use this cookie. Analytical cookies are used to track your clicks as you browse the corporate website. This provides the Crossover teams with insight into how you use the site, which allows us to improve the site’s usefulness and performance.
identity Providercrossover-portal-#{$client}-identity-providerSome Crossover clients have elected to enable Identity Providers for their employees. This means those client’s employees may use their employer login/credentials to authenticate on Crossover’s Patient Portal. This cookie is used by our software to remember which Identity Provider you authenticate with. It will only be set for patients that choose to use their employer’s identity provider for authentication.
Stripe__stripe_mid, __stripe_sidStripe is a 3rd-party partner that provides highly secure, PCI-DSS compliant payment functions. These cookies are essential for payments within the Patient Portal to succeed. These cookies are used to maintain a link between your account and payment methods, as well as part of the communication between your browser and Stripe’s website during payment processing and “card-on-file” actions.
Notifications (Corp)wpfront-notification-bar-landingpageOn the corporate website only, we use this cookie to keep track of notifications displayed to visitors, as well as notifications that have been dismissed by the visitor.
Microsoft Clarity_clck
We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.
On the corporate website only, the sales and marketing teams uses ZoomInfo to optimize our lead generation efforts by capturing basic user data and checking that data against a vast business contact database and several sales intelligence and prospecting tools provided by Zoominfo to better market our products and services.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. Please note, if you use your browser settings to block all cookies (including essential cookies) you will not be able to access all or parts of our website(s).

Safe Harbor

Crossover adheres to the principles set forth in the US-EU and US-Swiss Safe Harbor Frameworks with respect to its services. Information on both Safe Harbors may be found at www.export.gov/safeharbor. In compliance with the US-EU and US-Swiss Safe Harbor Principles, Crossover commits to resolve complaints about privacy and our collection or use of personal information. Citizens of the European Union or Switzerland with inquiries or complaints about privacy should contact Crossover at  privacy@crossoverhealth.com. In the event of a dispute relating to data protection which cannot be resolved directly with Crossover, Crossover is committed to cooperating with the EU Data Protection Authorities and has registered with the U.S. Council for International Business to act as an independent recourse mechanism.

Contact Us

Crossover Health welcomes your questions and comments about privacy. Please feel free to send us an email at: privacy@crossoverhealth.com.

Notice of Privacy Practices

Notice Of Privacy Practices

(Effective Date: April 2023)


As required by the privacy regulations created as a result of the Health Insurance Portability and Accountability Act of 1996 (HIPAA):

A. Our commitment to your privacy:

Our practice is dedicated to maintaining the privacy of your individually identifiable health information (also called protected health information, or PHI). In conducting our business, we will receive information and create records regarding you and the treatment and services we provide to you. We are required by law to maintain the confidentiality of health information that identifies you, whether that information is obtained from you in person, on the phone, via a telehealth appointment, via Crossover-maintained web pages, or via any other mechanism of communication . We also are required by law to provide you with this notice of our legal duties and the privacy practices that we maintain in our practice concerning your PHI. By federal and state law, we must follow the terms of the Notice of Privacy Practices that we have in effect at the time.

We realize that these laws are complicated, but we must provide you with the following important information:

  • How we may use and disclose your PHI
  • Your privacy rights in your PHI
  • Our obligations concerning the use and disclosure of your PHI

The terms of this notice apply to all records containing your PHI that are created or retained by our practice. We reserve the right to revise or amend this Notice of Privacy Practices (the “Notice”). Any revision or amendment to the Notice will be effective for all of your records that our practice has created or maintained in the past, and for any of your records that we may create or maintain in the future. Our practice will post a copy of our current Notice in our clinics in a visible location at all times and on our website, and you may request a copy of our most current Notice at any time. We are required to abide by the terms of the notice currently in effect. A revised Notice may be obtained by forwarding a written request to Crossover Health, 101 W. Avenida Vista Hermosa Suite 120, San Clemente, CA 92672.

B. Your personal information:

We keep records of the medical care we provide you, and we may receive similar records from others. We use this information so that we, or other health care providers, can render quality medical care, obtain payment for services and enable us to meet our professional and legal responsibilities to operate our medical practice. We may store this information in a chart and in our computers. This information makes up your medical record. The medical record is our property; however, this notice explains how we use information about you and when we are allowed to share that information with others.

C. Our privacy practices:

We have a HIPAA and Health Information Technology for Economic and Clinical Health (“HITECH”) Act Policy in place to help ensure your PHI is protected. Crossover Health not only uses traditional methods to deliver care but also cutting edge technology to help deliver quality care to our patients. It is our policy to maintain reasonable and feasible physical, electronic and process safeguards to restrict unauthorized access to and protect the availability and integrity of your health information. Our protective measures may include secured office facilities, locked file cabinets, managed computer network systems and password protected accounts. Access to health information is only granted on a “need-to-know” basis. Once the need is established the access is limited to the minimum necessary information to accomplish the intended purpose. Our staff are required to comply with the policies and procedures designed to protect the confidentiality of your health information. Any staff member who violates our privacy policy is subject to disciplinary action.

D. If you have questions about this Notice, please contact:

Crossover Health
101 W. Avenida Vista Hermosa Suite 120
San Clemente, CA 92672

E. We may use and disclose your PHI in the following ways:

The following categories describe the different ways in which we may use and disclose your PHI.

  1. Treatment. Our practice may use your PHI to treat you. For example, we may ask you to have laboratory tests (such as blood or urine tests), and we may use the results to help us reach a diagnosis. We might use your PHI in order to write a prescription for you, or we might disclose your PHI to a pharmacy when we order a prescription for you. Many of the people who work for our practice – including, but not limited to, our doctors and nurses (collectively, “Providers”) – may use or disclose your PHI in order to treat you or to assist others in your treatment. We also may receive from and disclose to other health care providers your PHI for purposes related to your treatment.
  2. Payment. Our practice may use and disclose your PHI in order to bill and collect payment for the services and items you may receive from us. In addition, and by way of example of disclosures for payment purposes, we may disclose your PHI to other health care providers and entities to assist in their billing and collection efforts.
  3. Health care operations. Our practice may use and disclose your PHI to operate our business. As examples of the ways in which we may use and disclose your information for our operations, our practice may use your PHI to evaluate the quality of care you received from us, or to conduct cost-management and business planning activities for our practice. We may disclose your PHI to other health care providers and entities to assist in their health care operations.
  4. Appointment reminders. Our practice may use and disclose your PHI to contact you and remind you of an appointment.
  5. Treatment options. Our practice may use and disclose your PHI to inform you of potential treatment alternatives or other health-related benefits and services that may be of interest to you.
  6. Health-related benefits and services. Our practice may use and disclose your PHI to inform you of health-related benefits or services that may be of interest to you.
  7. Release of information to family/friends. Our practice may release your PHI to a friend or family member that is involved in your care, or who assists in taking care of you. However, any such disclosure will be subject to legal requirements and our HIPAA and HITECH Policy.
  8. Disclosures required by law. Our practice will use and disclose your PHI when we are required to do so by federal, state or local law.
  9. Organized Health Care Arrangements. Crossover Health participates in Organized Health Care Arrangements (“OHCA”s) at certain healthcare clinics it operates. An OHCA is: (i) a clinically integrated healthcare setting where patients may receive care from multiple healthcare providers or (ii) an organized system of healthcare where more than one healthcare provider participates. Under an OHCA, providers from different healthcare companies share medical and billing information with one another as necessary to carry out treatment, payment, and healthcare operations. Each member of the OHCA is responsible for their own activities, including compliance with all HIPAA privacy-related laws. View a list of the clinics, and participants where Crossover participates in an OHCA here: https://crossoverhealth.com/legal/crossover-health-clinics-with-ohcas/.

    The participating providers are not employees of Crossover Health and are independent contractors who each exercise their own independent professional judgment in the provision of your healthcare.

    Crossover Health Medical Group, APC, a California professional corporation, and its affiliates Crossover Health Medical Group, P.A., a Kansas professional association; Crossover Health Medical Group, P.C., a New Jersey professional corporation; Crossover Health Medical Group Ezeji-Okoye, P.C., a Nevada professional corporation; and Crossover Health Medical Group, S.C., a Wisconsin service corporation also participate in an OHCA.

F. Use and disclosure of your PHI in certain special circumstances:

The following categories describe unique scenarios in which we may use or disclose your identifiable health information:

  1. Public health risks. Our practice may disclose your PHI to public health authorities that are authorized by law to collect information for the purpose of:
    • Maintaining vital records, such as births and deaths;
    • Reporting child abuse or neglect;
    • Preventing or controlling disease, injury or disability;
    • Notifying a person regarding potential exposure to a communicable disease;
    • Notifying a person regarding a potential risk for spreading or contracting a disease or condition
    • Reporting reactions to drugs or problems with products or devices;
    • Notifying individuals if a product or device they may be using has been recalled;
    • Notifying appropriate government agency(ies) and authority(ies) regarding the potential abuse or neglect of an adult patient (including domestic violence); however, we will only disclose this information if the patient agrees or we are required or authorized by law to disclose this information; or
    • Notifying your employer under limited circumstances related primarily to workplace injury or illness or medical surveillance.
  2. Health oversight activities. Our practice may disclose your PHI to a health oversight agency for activities authorized by law. Oversight activities can include, for example, investigations, inspections, audits, surveys, licensure and disciplinary actions; civil, administrative and criminal procedures or actions; or other activities necessary for the government to monitor government programs, compliance with civil rights laws and the health care system in general.
  3. Lawsuits and similar proceedings. Our practice may use and disclose your PHI in response to a court or administrative order, if you are involved in a lawsuit or similar proceeding. We also may disclose your PHI in response to a discovery request, subpoena or other lawful process by another party involved in the dispute, but only if we have made an effort to inform you of the request or to obtain an order protecting the information the party has requested.
  4. Law enforcement. We may release PHI if asked to do so by a law enforcement official:
    • Regarding a crime victim in certain situations, if we are unable to obtain the person’s agreement;
    • Concerning a death we believe has resulted from criminal conduct;
    • Regarding criminal conduct at our offices;
    • In response to a warrant, summons, court order, subpoena or similar legal process;
    • To identify/locate a suspect, material witness, fugitive or missing person; or
    • In an emergency, to report a crime (including the location or victim(s) of the crime, or the description, identity or location of the perpetrator).
  5. Preemption by state laws. We will follow applicable state law when it is more stringent than the Federal law. This generally includes, but is not limited to, laws that:
    give individuals greater rights regarding their PHI;
    prevent fraud and abuse in health care and payment for health care;
    regulate controlled substances; required reporting by law; and/or
    require health plans to report or give access to PHI.
  6. Deceased patients. Our practice may release PHI to a medical examiner or coroner to identify a deceased individual or to identify the cause of death. If necessary, we also may release information in order for funeral directors to perform their jobs.
  7. Organ and tissue donation. Our practice may release your PHI to organizations that handle organ, eye or tissue procurement or transplantation, including organ donation banks, as necessary to facilitate organ or tissue donation and transplantation if you are an organ donor.
  8. Research. Our practice may use and disclose your PHI for research purposes in certain limited circumstances. We will obtain your written authorization to use your PHI for research purposes except when an Internal Review Board or Privacy Board has determined that the waiver of your authorization satisfies all of the following conditions:

    The use or disclosure involves no more than a minimal risk to your privacy based on the following:

    • (a) an adequate plan to protect the identifiers from improper use and disclosure; (b) an adequate plan to destroy the identifiers at the earliest opportunity consistent with the research (unless there is a health or research justification for retaining the identifiers or such retention is otherwise required by law); and (c) adequate written assurances that the PHI will not be re-used or disclosed to any other person or entity (except as required by law) for authorized oversight of the research study, or for other research for which the use or disclosure would otherwise be permitted;
    • The research could not practicably be conducted without the waiver; and
    • The research could not practicably be conducted without access to and use of the PHI.
  9. Serious threats to health or safety. Our practice may use and disclose your PHI when necessary to reduce or prevent a serious threat to your health and safety or the health and safety of another individual or the public. Under these circumstances, we will only make disclosures to a person or organization able to help prevent the threat.
  10. Military. Our practice may disclose your PHI if you are a member of U.S. or foreign military forces (including veterans) and if required by the appropriate authorities.
  11. National security. Our practice may disclose your PHI to federal officials for intelligence and national security activities authorized by law. We also may disclose your PHI to federal and national security activities authorized by law. We also may disclose your PHI to federal officials in order to protect the president, other officials or foreign heads of state, or to conduct investigations.
  12. Inmates. Our practice may disclose your PHI to correctional institutions or law enforcement officials if you are an inmate or under the custody of a law enforcement official. Disclosure for these purposes would be necessary: (a) for the institution to provide health care services to you, (b) for the safety and security of the institution, and/or (c) to protect your health and safety or the health and safety of other individuals.
  13. Workers’ compensation. Our practice may release your PHI for workers’ compensation and similar programs.
  14. Change of ownership. In the event that our practice is sold or merged with another organization, your medical record will become the property of the new owner, although you will maintain the right to request that copies of your health information be transferred to another physician or medical group.
  15. De-Identified data. We may use or share your PHI once it has been “de-identified.” PHI is considered de-identified when it has been processed in such a way that it can no longer personally identify you.
  16. Limited Data Sets. We may also use a “limited data set” that does not contain any information that can directly identify you. This limited data set may only be used for the purposes of research, public health matters or health care operations. For example, a limited data set may include your city, county and zip code, but not your name or street address.

G. Receiving PHI from providers, insurance entities and their business associates:

We want to make you aware that, just as Crossover Health uses and discloses certain PHI in your treatment, our operations and management and certain payment practices, Crossover Health receives PHI from other healthcare entities and their business associates including but not limited to: medical files, charts, laboratory testing results, imagining results, and insurance claims data. PHI that is received and maintained by Crossover Health from outside entities is subject to the protections of relevant law and our HIPAA and HITECH policy.

H. Your written permission:

Except as described in this Notice, or as otherwise permitted by law, we must obtain your written permission – called an authorization – prior to using or sharing health information that identifies you as an individual. If you provide an authorization and then change your mind, you may revoke your authorization in writing at any time. Once an authorization has been revoked, we will no longer use or share your health information as outlined in the authorization form; however you should be aware that we won’t be able to retract a use or disclosure that was previously made in good faith based on what was then a valid authorization from you.
Except as specified above under the applicable state law of the practice location, we may not share your health information with your employer or benefit plan unless you provide us an authorization to do so.

I. Other Restrictions:

Under the applicable state law of the practice location, there may be additional laws regarding the use and disclosure of health information related to HIV status, communicable diseases, reproductive health, genetic test results, substance abuse, mental health and intellectual disability. Generally, we will be bound by whatever law is more stringent and provides more protection for your privacy.

J. Your rights regarding your PHI:

You have the following rights regarding the PHI that we maintain about you:

  1. Confidential communications. You have the right to request that our practice communicate with you about your health and related issues in a particular manner or at a certain location. For instance, you may ask that we contact you at home, rather than work. In order to request a type of confidential communication, you must make a written request to Crossover Health, 101 W. Avenida Vista Hermosa Suite 120, San Clemente, CA 92672 and inform us of the requested method of contact, or the location where you wish to be contacted. Our practice will accommodate reasonable requests. You do not need to give a reason for your request.
  2. Requesting restrictions. You have the right to request a restriction in our use or disclosure of your PHI for treatment, payment or health care operations. Additionally, you have the right to request that we restrict our disclosure of your PHI to only certain individuals involved in your care or the payment for your care, such as family members and friends. We are not required to agree to your request; however, if we do agree, we are bound by our agreement except when otherwise required by law, in emergencies or when the information is necessary to treat you.

    In order to request a restriction in our use or disclosure of your PHI, you must make your request in writing to Crossover Health, 101 W. Avenida Vista Hermosa Suite 120, San Clemente, CA 92672.

    Your request must describe in a clear and concise fashion:

    • The information you wish restricted;
    • Whether you are requesting to limit our practice’s use, disclosure or both; and/or
    • To whom you want the limits to apply.
  3. Inspection and copies. You have the right to inspect and obtain a copy of the PHI that may be used to make decisions about you, including patient medical records and billing records, but not including psychotherapy notes. You must submit your request in writing to Crossover Health, 101 W. Avenida Vista Hermosa Suite 120, San Clemente, CA 92672 in order to inspect and/or obtain a copy of your PHI. Our practice may charge a fee for the costs of copying, mailing, labor and supplies associated with your request. Our practice may deny your request to inspect and/or copy in certain limited circumstances; however, you may request a review of our denial. Another licensed health care professional chosen by us will conduct reviews.
  4. Amendment. You may ask us to amend your health information if you believe it is incorrect or incomplete, and you may request an amendment for as long as the information is kept by or for our practice. To request an amendment, your request must be made in writing and submitted to Crossover Health, 101 W. Avenida Vista Hermosa Suite 120, San Clemente, CA 92672.

    You must provide us with a reason that supports your request for amendment. Our practice will deny your request if you fail to submit your request (and the reason supporting your request) in writing. Also, we may deny your request if you ask us to amend information that is in our opinion: (a) accurate and complete; (b) not part of the PHI kept by or for the practice; (c) not part of the PHI which you would be permitted to inspect and copy; or (d) not created by our practice, unless the individual or entity that created the information is not available to amend the information.

  5. Accounting of disclosures. All of our patients have the right to request an “accounting of disclosures.” An “accounting of disclosures” is a list of certain non-routine disclosures our practice has made of your PHI for purposes not related to treatment, payment or operations. Use of your PHI as part of the routine patient care in our practice is not required to be documented – for example, the doctor sharing information with the nurse; or the billing department using your information to file your insurance claim. In order to obtain an accounting of disclosures, you must submit your request in writing to Crossover Health, 101 W. Avenida Vista Hermosa Suite 120, San Clemente, CA 92672.

    All requests for an “accounting of disclosures” must state a time period, which may not be longer than six (6) years from the date of disclosure. The first list you request within a 12-month period is free of charge, but our practice may charge you for additional lists within the same 12-month period. Our practice will notify you of the costs involved with additional requests, and you may withdraw your request before you incur any costs.

  6. Right to a paper copy of this notice. You are entitled to receive a paper copy of our Notice. You may ask us to give you a copy of this Notice at any time. To obtain a paper copy of this Notice, contact Crossover Health at (949) 891-0328.
  7. Right to file a complaint. If you believe your privacy rights have been violated, you may file a complaint with our practice or with the Secretary of the Department of Health and Human Services. To file a complaint with our practice, contact Crossover Health, 101 W. Avenida Vista Hermosa Suite 120, San Clemente, CA 92672. All complaints must be submitted in writing. You will not be penalized for filing a complaint.
  8. Right to provide an authorization for other uses and disclosures. Our practice will obtain your written authorization for uses and disclosures that are not identified by this Notice or permitted by applicable law. Any authorization you provide to us regarding the use and disclosure of your PHI may be revoked at any time in writing. After you revoke your authorization, we will no longer use or disclose your PHI for the reasons described in the authorization. Please note: we are required to retain records of your care.

    Again, if you have any questions regarding this Notice or our health information privacy policies, please contact Crossover Health at (949) 891-0328.

Notice Regarding Minors Privacy and Confidentiality

While state laws generally allow a minor’s parents and legal guardians to obtain the minor’s medical information, certain state and federal laws protect minor confidentiality in certain circumstances. These laws also allow a minor to consent to certain types of care without a parent or guardian’s consent. In those circumstances, information concerning a minor’s medical care will not be available without permission from the minor.

Subject to state and federal law, our general policy is:

For minors under 12, parents and legal guardians can access their child’s medical information without restriction.

Beginning at age 12, parents and legal guardians will have reduced access to their child’s health information. Crossover is unable to partition patients’ electronic medical records to separate confidential information from the information a parent or legal guardian may obtain. Therefore parents and legal guardians will not have electronic access to their child’s clinical information, but may access scheduling requests and bill pay. Parents and guardians will still be able to receive their child’s medical information, other than the minor’s confidential information, by contacting Crossover Health.

Where a minor requests a Crossover provider’s assistance in communicating with a parent or guardian regarding a medical issue, or when a provider determines that sharing information would be in the best interest of the minor, our providers will work with the minor on a communication plan and obtain their consent to share information, or explain to the minor what information the provider needs to share for their safety.

Beginning at age 18, parents and guardians will no longer have access to their child’s medical information held by Crossover Health.

Non-custodial parent and incapacitated patient record access. Except where limited by law or court order, and consistent with the guidelines above, a noncustodial parent has the same right to access a minor’s medical information as the custodial parent. In the case of mentally incapacitated patients, parents/legal guardians may access the patient’s information pursuant to state law.

Notice to California Consumers

Effective Date: January 1, 2020

Last Updated on: January 27, 2021

This Privacy Policy for California Residents (“Policy”) supplements the information contained in Crossover Health’s Notice of Privacy Practices, and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”). Any terms defined in the CCPA have the same meaning when used in this Policy.

This Policy does not apply to workforce-related personal information collected from California-based employees, job applicants, contractors, or similar individuals.

Information We Collect

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:

  • Publicly available information from government records;
  • Deidentified or aggregated consumer information;
  • Information excluded from the CCPA’s scope, such as:
    • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data, or other qualifying research data;
    • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

We have collected the following categories of personal information from consumers within the last twelve (12) months:




A. Identifiers.Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.Yes
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.Yes
C. Protected classification characteristics under California or federal law.Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). No
D. Commercial information.Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.No
E. Biometric information.Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.No
F. Internet or other similar network activity.Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.Yes
G. Geolocation data.Physical location or movements.Yes
H. Sensory data.Audio, electronic, visual, thermal, olfactory, or similar information.No
I. Professional or employment-related information.Current or past job history or performance evaluations.No
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.No
K. Inferences drawn from other personal information.Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.Yes

We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from you. For example, from forms you complete or services you use.
  • Indirectly from you. For example, from observing your actions on our Website.

Use of Personal Information

We use or disclose the personal information we collect for one or more of the following purposes:

  • To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to ask a question about our products or services, we will use that personal information to respond to your inquiry. We may also save your information to facilitate services.
  • To provide, support, personalize, and develop our Website, products, and services.
  • To create, maintain, customize, and secure your account with us.
  • To process your requests and transactions and prevent transactional fraud.
  • To provide you with support and to respond to your inquiries, including investigating and addressing your concerns and monitoring and improving our responses.
  • To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, through our Website, and via email (with your consent, where required by law)
  • To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business.
  • For testing, research, analysis, and product development, including to develop and improve our Website, products, and services.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Sharing Personal Information

We may share your personal information by disclosing it to a third party for a business purpose. We only make these business purpose disclosures under written contracts that describe the purposes for disclosure, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, we have disclosed personal information for a business purpose to the following categories of third parties:

  • Service providers
  • Marketing/advertising partners

Disclosures of Personal Information for a Business Purpose

In the preceding twelve (12) months, Crossover Health has disclosed the following categories of personal information for a business purpose:



XPersonal Information described in Cal. Civ. C. 1798.80(e)
Characteristics of Protected Classifications under California or federal law
Commercial Information
Biometric Information
XInternet or other Electronic Network Activity
Geolocation Data
Sensory Data
Professional or Employment-Related Information
Education Information
XInference Drawn from Personal Information

Sharing Personal Information

We disclose your personal information for business purposes to the following categories of third parties:

  • Service providers
  • Marketing/advertising partners

Sale of Personal Information

In the preceding twelve (12) months, Crossover Health has not sold personal information.

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the “right to know”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
    • sales, identifying the personal information categories that each category of recipient purchased; and
    • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
  • The specific pieces of personal information we collected about you (also called a data portability request).

Right to Delete

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

We will delete or de-identify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.

Exercising Your Rights to Know or Delete

To exercise your rights to know or delete described above on behalf of yourself or a dependent child, please submit a request by either:

  • Emailing us at privacy@crossoverhealth.com.
  • Writing us at Crossover Health, 101 W. Ave. Vista Hermosa, San Clemente, CA 92672, Attention: Privacy.

Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information.

You may only submit a request to know twice within a 12-month period. Your request to know or delete must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include address, date of birth, and other identifying information as well as information establishing your authority to act on behalf of a minor or other individual;

  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

You do not need to create an account with us to submit a request to know or delete. However, we do consider requests made through your password-protected account sufficiently verified when the request relates to personal information associated with that specific account.

We will only use personal information provided in the request to verify the requestor’s identity or authority to make it.

Response Timing and Format

We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact us at privacy@crossoverhealth.com.

We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.

We will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.


We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Changes to Our Privacy Policy

We reserve the right to amend this privacy policy at our discretion and at any time. When we make changes to this privacy policy, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.

Contact Information

If you have any questions or comments about this notice, the ways in which Crossover collects and uses your information described here and in our Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Email: privacy@crossoverhealth.com

Postal Address:

101 W. Avenida Vista Hermosa, Suite 120,

San Clemente, CA 92672

Attn: Privacy

If you need to access this Policy in an alternative format due to having a disability, please contact us at privacy@crossoverhealth.com or the above address.

Open Payments Database

For informational purposes only, a link to the federal Centers for Medicare and Medicaid Services (CMS) Open Payments web page is provided here. The federal Physician Payments Sunshine Act requires that detailed information about payment and other payments of value worth over ten dollars ($10) from manufacturers of drugs, medical devices, and biologics to physicians and teaching hospitals be made available to the public. 

You may search this federal database for payments made to physicians and teaching hospitals by visiting this website: 


Transparency in Employee Health Coverage

The links lead to machine-readable files that are made available in response to the federal Transparency in Coverage Rule and include negotiated service rates and out-of-network allowed amounts between health plans and healthcare providers. The machine readable files are formatted to allow researchers, regulators, and application developers to more easily access and analyze data.

The machine-readable file (MRF) URLs:

Crossover Health Management Service, Inc.

Crossover Health Medical Group, APC