Pay Bill/View Statement | Patient Portal Login | Doxy.Me Login

billing@vendettiwellnessgroup.com or +1 (508) 589 5333 #5

Hopkinton, Mansfield, & Framingham, MA

Call: (508) 589-5333

Hopkinton, Mansfield, & Framingham, MA

Fax: (774) 250-2693

Call: +1 (508) 589-5333

Call: +1 (508) 589-5333

Privacy Policy

Home>Privacy Policy

Effective Date: December 4, 2024

Vendetti Wellness Group (“we,” “our,” or “us”) values your privacy and is committed to protecting your personal information. This Privacy Policy outlines how we collect, use, disclose, and safeguard your data, including sensitive health and payment information. We comply with HIPAA, PCI DSS, TCR, and other applicable regulations to maintain the confidentiality and security of your information.

  1. Information We Collect
    We collect various types of information to provide and enhance our services:

      1. Personal Information
        1. Identifiers: Name, address, phone number, email, date of birth, and demographic details.
        2. Payment Information: Credit/debit card numbers and billing information, processed securely in compliance with PCI DSS.
      2. ePHI (Electronic Protected Health Information)
        Protected under HIPAA, this includes:

        • Medical history and treatment plans.
        • Provider notes and care details.
        • Appointment information.
      3. Communication Information

        • Information shared via text, email, and phone communications.
        • Preferences for appointment reminders and promotional messages.
      4. Technical and Non-Personal Information
        • Website Data: IP address, browser type, and usage patterns.
        • Cookies and Tracking: Used for performance and personalization.
      5. Information from Third Parties
        We may receive additional data from healthcare providers, insurers, or authorized representatives to facilitate care.
  2.  How We Use Your Information
      1. Healthcare and Operational Purposes
        • To provide and coordinate care.
        • To process payments securely.
        • To send appointment reminders or administrative updates via text, email, or phone.
      2. Legal and Regulatory Compliance
        • Compliance with HIPAA for ePHI and PCI DSS for secure payments.
        • Adherence to TCR (Telecommunications Consumer Protection Regulations) for text and email communications.
      3. Marketing and Research
        • With consent, we may send newsletters, surveys, or promotional content.
        • De-identified data may be used for research or quality assurance.
  3. Sharing Your Information
    We do not sell your personal information. However, data may be shared under specific circumstances:

      1. Service-Related Sharing
        • With third-party providers (e.g., payment processors, billing services) under strict data protection agreements.
        • With healthcare providers for care coordination.
      2. Legal Obligations
        • With government or regulatory bodies when legally required.
        • To comply with subpoenas, court orders, or law enforcement requests.
      3. Mergers and Acquisitions
        • In case of a business transition, your information may be transferred to the successor entity.
        • De-identified data may be used for research or quality assurance.
  4. Protecting Your Information
    We prioritize the security of your personal information through:

      1. ePHI Safeguards
        • Encryption of ePHI during storage and transmission.
        • Access limited to authorized personnel with a need to know.
        • Regular audits and monitoring of systems.
      2. Payment Information Security
        • Use of PCI DSS-compliant platforms.
        • No storage of full payment card details on our systems.
      3. General Data Protection
        • Firewalls and anti-virus protections.
        • Periodic security assessments and training.
      4. SSL Encryption
        • Our website uses SSL encryption to protect your personal and payment information during transmission. All communications between your browser and our website are securely encrypted, ensuring that sensitive data, such as payment details and health information, cannot be intercepted by third parties.
  5. Your Rights and Choices
    We prioritize the security of your personal information through:

      1. Access and Correction
        You may request access to your personal information and request corrections to inaccurate data.
      2. Deletion and Retention
        You may request deletion of data unless retention is required by law (e.g., HIPAA mandates a 6-year retention period for ePHI).
      3. Communication Preferences
        • Unsubscribe from marketing emails or texts by following the provided instructions.
        • Opt-out of text or email reminders by contacting us directly.
      4. Complaint Submission
        You can file complaints about your data privacy rights with us or the Office for Civil Rights (OCR).
  6.  Communications via Text and Email (TCR Compliance)
    Vendetti Wellness Group follows the Telecommunications Consumer Protection Regulations (TCR), ensuring that text message communications are compliant. This includes all start, stop, and help functionalities for text communication.

      1. Compliance with TCR Regulations
        • Opt-In/Consent: By providing your contact information and consenting to communication, you agree to receive text messages from us about your care. You may opt-in for appointment reminders, treatment updates, and other service-related notifications.
        • Stop/Opt-Out Functionality: You can opt-out of receiving further text messages at any time. Reply “STOP” to any text message you receive from us, and we will immediately cease sending you further text messages.
        • Help Functionality: To receive assistance, reply with “HELP” to any text message you receive. We will provide instructions or contact you for support.
        • Message Frequency and Charges: Message frequency may vary depending on your interaction with our services. We do not charge for text messages, but standard carrier message and data rates may apply.
        • Opt-Out Process for Marketing Communications: If you have opted in for marketing communications, you may opt-out at any time by following the instructions in the messages or by contacting us directly.
        • SMS Opt-In consent and phone numbers for the purpose of SMS are not being shared with any third parties under any circumstances.

    Vendetti Wellness Group will maintain a log of your opt-in consent for SMS communications, and ensure that all text messages are sent in compliance with the Telephone Consumer Protection Act (TCPA), TCR, and other applicable regulations.

  7.  Cookies and Tracking Technologies
      1. Types of Cookies
        1. Essential Cookies: Required for website functionality.
        2. Performance Cookies: Used to analyze website traffic and usage trends.
        3. Preference Cookies: Store user preferences for a personalized experience.
      2. Managing Cookies
        Adjust cookie settings via your browser or our website’s cookie management tool.
      3. Third-Party Cookies and Advertising
        We may use third-party services to display ads or track user behavior on our website. These services may use cookies to collect information and display targeted ads based on your browsing behavior. You can opt-out of personalized advertising by visiting the Digital Advertising Alliance website or adjusting your browser settings to block third-party cookies.
  8. Data Retention and Deletion Policies
    We retain your personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy and comply with applicable legal, regulatory, and business requirements. For instance, ePHI is retained for a minimum of six years as required by HIPAA, while payment information is retained for transaction processing and any disputes. Non-essential data, such as marketing preferences, may be retained until you request deletion.
  9. Disaster Recovery and Continuity
    We maintain disaster recovery protocols to ensure data security and service continuity during emergencies.
  10. Vendor and Third-Party Compliance
    We vet all third-party service providers for compliance and require Business Associate Agreements (BAAs) when handling ePHI.

      1. Vendor Privacy and Data Protection
        • We enter into Business Associate Agreements (BAAs) with vendors who process ePHI to ensure they meet HIPAA, PCI DSS, and other relevant standards for safeguarding data. These agreements require vendors to adopt appropriate security measures, restrict the use of your data, and promptly report any breaches.
        • We also ensure that these vendors are compliant with all applicable data protection regulations and conduct regular security reviews.
  11. Special Data Protections
      1. Behavioral Health and Substance Use Records
        • Records for behavioral health and substance use are protected under 42 CFR Part 2.
        • Disclosures require explicit consent or legal authorization.
      2. Telehealth Services
        • Telehealth sessions are conducted on HIPAA-compliant platforms with encryption.
        • Sessions are not recorded.
  12. International Data Transfers
    If you are accessing our services from outside the United States, please note that your personal information, including ePHI, may be transferred to, stored, and processed in the United States. By using our services, you consent to such transfers.
  13. Updates to the Privacy Policy
    We may update this Privacy Policy from time to time. When we do, we will post the updated version on our website and update the Effective Date at the top of this document. You are encouraged to review this policy periodically to stay informed about how we are protecting your data.
  14. Dispute Resolution
    Any disputes regarding this Privacy Policy will be resolved in accordance with the laws of the state of Massachusetts. In the event of a dispute, you agree to resolve the matter through binding arbitration, rather than through litigation, in a manner agreed upon by both parties.
  15. Minors’ Privacy
    Our services are not intended for children under the age of 18. We do not knowingly collect personal information from minors. If we learn that we have inadvertently collected data from a minor without appropriate consent, we will take steps to delete that information as required by law.
  16. Artificial Intelligence and Emerging Technologies
    If AI or emerging technologies are used, they will comply with HIPAA, ethical standards, and relevant privacy laws.
  17. Consent for Data Collection
    By using our services, you consent to the collection, use, and sharing of your information as outlined in this Privacy Policy. You can withdraw your consent at any time, except where retention of certain data is legally required.
  18. Data Minimization
    We strive to collect and retain only the information necessary to provide our services and comply with legal requirements. We will not collect unnecessary or excessive data beyond what is required for specific services.
  19. Accessibility and Language Availability
    This Privacy Policy is available in accessible formats and alternative languages upon request.
    Contact us at info@vendettiwellnessgroup.com for assistance.

Contact Us

If you have any questions or concerns about this Privacy Policy, or how we handle your personal
information, please contact us: