Privacy Policy

Heather Pisano NP in Family Health and Psychiatry, PLLC ("hp | np Health," "we," "our," or "I") is committed to protecting the privacy and confidentiality of your personal and health information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit our website (hpnp.health) or use our services. Please read this policy carefully. If you do not agree with its terms, please discontinue use of the site.

This Privacy Policy applies to website visitors and prospective patients. If you are an established patient, your protected health information (PHI) is governed by our separately issued HIPAA Notice of Privacy Practices, which you received or will receive at the time of your first appointment. You may request a copy of the Notice at any time by emailing [email protected].

1. Information We Collect

When you visit our website or engage with our services, we may collect the following categories of information:

• —Name and contact information (email address, phone number, mailing address)
• —Demographic information
• —Health and medical history you voluntarily provide through inquiry or intake forms
• —Information related to your psychiatric, hormonal, or weight-loss care
• —Technical data such as IP address, browser type, device type, pages visited, and referring URLs (collected automatically via cookies and analytics tools)
• —Communications you send us via email, contact forms, or scheduling platforms

Health-related information submitted through our website forms is transmitted via secure, encrypted connections. Intake paperwork is collected through IntakeQ, a HIPAA-compliant intake and scheduling platform.

2. How We Use Your Information

We may use the information we collect for the following purposes:

• —Providing psychiatric, hormone therapy, and medical weight-loss services
• —Responding to inquiries and scheduling appointments
• —Sending appointment reminders, administrative communications, and follow-up care instructions
• —Processing payments and maintaining billing records
• —Improving the content, functionality, and user experience of our website
• —Complying with applicable federal and state legal and regulatory requirements, including HIPAA
• —Protecting the safety, rights, and interests of patients and the practice

3. Disclosure of Information

We do not sell, rent, or trade your personal information. We may disclose your information only in the following circumstances:

• —With your express written consent
• —To third-party service providers who assist in operating our practice (e.g., HIPAA-compliant scheduling, telehealth, and billing platforms), subject to appropriate Business Associate Agreements (BAAs) where required by HIPAA
• —To comply with applicable laws, regulations, court orders, or legal processes
• —To protect the rights, property, or safety of hp | np Health, our patients, or others
• —In connection with a merger, acquisition, or transfer of assets, subject to confidentiality obligations

All third-party vendors who handle protected health information are required to enter into a Business Associate Agreement and maintain safeguards consistent with HIPAA requirements.

4. Telehealth Services

hp | np Health may provide services via telehealth platforms. Telehealth sessions are conducted through HIPAA-compliant video conferencing technology. By participating in telehealth services, you acknowledge and consent to the electronic transmission of your health information for the purpose of providing care. You have the right to withdraw consent for telehealth at any time and request in-person services where available.

5. Cookies and Website Analytics

Our website may use cookies and similar tracking technologies to enhance your browsing experience and collect aggregate usage data. Cookies are small text files stored on your device. We may use:

• —Essential cookies necessary for the website to function
• —Analytics cookies (e.g., anonymized page-view data) to understand how visitors interact with our site

You may disable cookies through your browser settings. Doing so may affect the functionality of certain features on the site. We do not use cookies to collect protected health information.

6. Data Security

We implement appropriate administrative, technical, and physical safeguards to protect your personal and health information against unauthorized access, disclosure, alteration, or destruction. These measures include encrypted data transmission (SSL/TLS), access controls, and use of HIPAA-compliant third-party platforms. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security. In the event of a breach affecting your protected health information, we will notify you as required by applicable law, including the HIPAA Breach Notification Rule (45 C.F.R. §§ 164.400–414).

7. Data Retention

We retain patient medical records for a minimum of six (6) years from the date of creation or the date last in effect, as required under HIPAA (45 C.F.R. § 164.530(j)) and applicable New York State law. Website inquiry and contact data is retained only as long as necessary for the purpose for which it was collected, or as required by law.

8. Your Rights

You have the following rights with respect to your information:

• —Access and review your personal and health information held by this practice
• —Request corrections or amendments to inaccurate or incomplete information
• —Request restrictions on certain uses or disclosures of your information
• —Request an accounting of disclosures of your protected health information
• —Receive a copy of this Privacy Policy and our HIPAA Notice of Privacy Practices
• —Withdraw consent for the collection or processing of your information, where applicable
• —File a complaint with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights if you believe your privacy rights have been violated, without retaliation

To exercise any of these rights, please contact us at [email protected]. We will respond to all requests within the timeframe required by applicable law.

9. Third-Party Links

Our website may contain links to third-party websites (e.g., scheduling platforms, pharmacy portals). We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party sites you visit.

10. Children's Privacy

Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us immediately and we will take steps to remove that information.

11. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. Changes will be effective immediately upon posting the revised policy on our website, with an updated "Last Updated" date. We encourage you to review this policy periodically. Continued use of our website following the posting of changes constitutes your acceptance of those changes.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

This Privacy Policy is provided for informational purposes and does not constitute legal advice. hp | np Health recommends consulting with a qualified healthcare attorney to ensure full compliance with all applicable federal and state laws, including HIPAA, New York Public Health Law, and any other regulations governing your specific practice.