Privacy Policy

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please Review It Carefully.

At Doctronic Physicians Group, we protect your privacy. This Privacy and Security Notice explains how we collect, use, share, and protect your information when you receive medical care from our physicians.

We do not sell your health information. Your health information belongs to you - you control it. You can access it anytime, request copies, share it with other providers, or request amendments as appropriate.

Our Legal Status

Doctronic Physicians Group is a "Covered Entity" under HIPAA. We comply with all federal and state privacy laws, including the Health Insurance Portability and Accountability Act (HIPAA), to protect your medical information.

How We Use Your Information

For Healthcare Services

• Diagnose and treat your medical conditions
• Coordinate your care with specialists and other providers
• Manage prescriptions and referrals
• Provide follow-up care and health monitoring
• Access and share medical records when necessary for your care

Example: We use your medical history to make informed treatment decisions and coordinate with pharmacies for your prescriptions.

For Payment

• Bill your insurance company for services
• Process claims and payments
• Verify insurance coverage
• Collect payment for services rendered

For Healthcare Operations

• Improve quality of care
• Train medical staff
• Conduct quality assurance reviews
• Comply with regulatory requirements
• Manage our medical practice

Example: We review medical records to ensure we're providing high-quality care and meeting professional standards.

We Do Not:

• Sell your information
• Use your data for third-party marketing without your consent
• Share your information for purposes unrelated to your healthcare, payment, or our operations without your permission

When We Share Information

For Your Care (Without Your Permission)

We may share your health information for treatment, payment, and healthcare operations as described above. This includes:

• Other doctors, nurses, and healthcare providers involved in your care
• Hospitals, labs, and imaging centers
• Your health insurance company for payment
• Pharmacies for prescriptions

With Your Written Permission

We will obtain your written authorization before sharing your information for purposes not covered by this notice, including:

• Family members or friends you designate
• Employers or schools (except as required by law)
• Marketing purposes
• Sale of your information

As Required by Law

We may disclose your information when required by federal, state, or local law, including:

• Court orders, subpoenas, or search warrants
• Public health reporting (communicable diseases, injuries, births, deaths)
• Preventing imminent serious harm to you or others
• Law enforcement purposes in specific circumstances
• Government compliance audits and investigations
• Workers' compensation claims

When disclosing under subpoena or court order, you will be notified within 3 business days (unless legally prohibited) and given an opportunity to object or seek protective orders.

Sensitive Health Information

Certain sensitive information (reproductive health, mental health, substance use disorder treatment, HIV/AIDS, genetic information, and gender-affirming care) receives extra protection under federal and state laws. We only disclose such information when specifically authorized by you or as required by law, and we will notify you within 3 business days unless prohibited.

Emergency Situations

In emergency situations where there is a serious and imminent threat to health or safety, we may share your information when necessary to prevent harm to you or others. This may include sharing with emergency services, law enforcement, or other healthcare providers without your prior consent.

TEFCA Health Information Exchange

Doctronic Physicians Group participates in the Trusted Exchange Framework and Common Agreement (TEFCA) network for secure health information exchange. This allows us to electronically query and retrieve your medical records from other healthcare providers and hospitals to ensure we have complete information for your care.

You have the right to opt out of TEFCA data sharing. If you prefer that we not query your records from other providers through the TEFCA network, please notify us in writing.

Your Rights

Access and Control Your Information

You have the right to:

• Inspect and copy: View and obtain copies of your medical records
• Request amendments: Ask us to correct inaccurate or incomplete information
• Request restrictions: Ask us to limit how we use or share your information
• Request confidential communications: Ask that we contact you in a specific way or at a specific location
• Request an accounting: Get a list of certain disclosures we've made of your information
• Receive electronic copies: Obtain your health information in electronic format when technically feasible
• Opt out of TEFCA: Decline participation in health information exchange networks

Response time: We will respond to most requests within 30 days.

How to Exercise Your Rights

To exercise any of these rights, please contact our Privacy Officer using the information below. We may require a written request and may charge reasonable fees for copying and mailing records.

Security Practices

We implement comprehensive safeguards to protect your health information:

• Physical security: Locked facilities, restricted access areas, secure storage
• Technical security: Encryption, firewalls, access controls, secure authentication
• Administrative security: Staff training, policies and procedures, business associate agreements
• Monitoring: Regular security assessments and incident response procedures

Breach Notification

If a breach of your unsecured health information occurs, we will notify you promptly as required by law. The notification will include:

• A description of what happened and when
• What types of information were involved
• Steps you can take to protect yourself
• Actions we are taking to address the breach
• How you can contact us for more information

Data Retention

• Medical records: Maintained for at least 7 years as required by law and professional standards
• Billing records: Maintained as required by law and for payment resolution
• Legal requirements: Some records may be retained longer if required by law

Digital Contact Information

To support nationwide interoperability and care coordination, we have listed our secure digital contact information in the National Plan & Provider Enumeration System (NPPES). This allows other healthcare providers, hospitals, and health information networks to securely send referrals, event notifications, and protected health information using HIPAA-compliant, encrypted methods.

Changes to This Notice

We reserve the right to change this notice. Any changes will apply to health information we already have as well as information we receive in the future. We will:

• Post the updated notice in our office and on our website
• Make copies available upon request
• Note the effective date of the current notice

Fees

We may charge reasonable, cost-based fees for:

• Copying medical records
• Postage for mailing records
• Preparing summaries (if you agree)

We will inform you of any fees before processing your request.

Contact Us

Privacy Officer
Doctronic Physicians Group
2948 16th ST, STE 200-6
San Francisco, CA 94103

Privacy Questions: privacy@doctronicpg.com
General Support: support@doctronicpg.com

File a Complaint

If you believe your privacy rights have been violated, you may file a complaint:

• With us: Contact our Privacy Officer at privacy@doctronicpg.com
• With the government: U.S. Department of Health and Human Services Office for Civil Rights at 1-877-696-6775 or www.hhs.gov/ocr/privacy/hipaa/complaints/

We will never retaliate against you for filing a complaint. We document all privacy complaints and their resolution.

Effective Date: October 21, 2025