Privacy Policy

Privacy Policy & HIPAA Notice of Privacy Practices (NPP)

Effective date: 10/12/2025
Entity: Sunset Pediatric Academy PPEC (“Sunset PPEC,” “we,” “us,” or “our”)
Address: 9380 SW 72nd St Suite B120-130, Miami, FL 33173
Phone: 305-392-1740
Email: info@sunset-ppec.com

Important: This page contains two parts: (A) our Website & Online Services Privacy Policy and (B) our HIPAA Notice of Privacy Practices explaining how we handle Protected Health Information (PHI). If anything here conflicts with HIPAA, HIPAA controls. This document is informational and not legal advice; please consult your counsel for final review.

A) Website & Online Services Privacy Policy

1) Scope

This section explains how we collect, use, share, and protect information when you visit our website, use our online forms, interact with our social media, or communicate with us electronically. This policy does not govern PHI collected and used for treatment, payment, and healthcare operations; that is covered in the HIPAA Notice below.

2) Information We Collect (Non‑PHI)

We may collect the following types of information when you use our website or online services:

  • Identifiers & Contact Information: name, email address, phone number, and similar details you submit via contact/request forms.
  • Technical Data: IP address, device/browser type, pages viewed, time stamps, and referring URLs.
  • User Content: messages or files you choose to send us.

Children’s Privacy (COPPA): Our website is intended for parents/guardians and healthcare professionals. We do not knowingly collect personal information directly from children under 13 online without verifiable parental consent.

3) How We Use Non‑PHI

We use the information above to:

  • Operate, maintain, and improve our website and online services.
  • Respond to inquiries and provide requested information or services.
  • Support security, fraud prevention, and legal compliance.
  • Analyze usage (e.g., aggregated analytics) to improve content and accessibility.

4) Sharing of Non‑PHI

We may share non‑PHI with:

  • Service Providers/Vendors who help us host the site, send communications, provide analytics, or maintain security—under confidentiality obligations.
  • Legal/Compliance: when required by law, regulation, court order, or to protect rights, safety, or property.
  • Business Transfers: in connection with a reorganization, merger, or acquisition, subject to applicable law.

We do not sell your personal information. If applicable privacy laws (e.g., California) define “sale” or “sharing” to include certain analytics or advertising practices, we will honor those rights and disclosures accordingly (see State/Regional Privacy Rights below).

5) Data Security (Website)

We implement reasonable administrative, technical, and physical safeguards designed to protect information collected online. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

6) Data Retention (Website)

We retain information for as long as needed to fulfill the purposes described here unless a longer period is required or permitted by law. We then securely delete or de‑identify the data.

Our site may link to third‑party websites, apps, and social media platforms (e.g., Facebook, Instagram, YouTube, TikTok). We are not responsible for their privacy practices. Please review their policies before providing information on those platforms.

B) HIPAA Notice of Privacy Practices (NPP)

1) Our Responsibilities

We are required by law to:

  • Maintain the privacy and security of your Protected Health Information (PHI).
  • Provide you with this Notice describing our legal duties and privacy practices.
  • Follow the terms of this Notice and notify you following a breach of unsecured PHI as required by HIPAA.

2) Your Rights Regarding PHI

You have the right to:

  • Get an electronic or paper copy of your medical record. You can ask to see or get a copy of your PHI and other records we maintain. We will provide a copy or summary, usually within 30 days of your request. Reasonable, cost‑based fees may apply.
  • Ask us to correct your record. If you think your information is incorrect or incomplete, you may request an amendment. We may deny your request in certain cases, but we will tell you why in writing within 60 days.
  • Request confidential communications. You can ask us to contact you in a specific way (for example, at work or a different mailing address). We will accommodate reasonable requests.
  • Ask us to limit what we use or share. You may request restrictions on certain uses/disclosures of your PHI. We are not required to agree to all requests, but we will consider them. If you pay for a service or healthcare item out‑of‑pocket in full, you can ask us not to share that information with your health plan for payment or operations purposes; we will say “yes” unless a law requires us to share that information.
  • Get a list of those with whom we’ve shared information (accounting of disclosures). You can ask for an accounting of disclosures for up to six years prior to the date of your request, excluding disclosures for treatment, payment, and healthcare operations, and certain other exceptions.
  • Get a copy of this Notice. You can ask for a paper copy of this Notice at any time, even if you agreed to receive it electronically.
  • Choose someone to act for you. If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your PHI.
  • File a complaint if you feel your rights are violated. You can complain to us (see Contact below) or to the U.S. Department of Health and Human Services, Office for Civil Rights, without fear of retaliation.

3) Our Uses and Disclosures of PHI

We typically use or share your PHI in the following ways:

  • Treatment: We use and share PHI to provide, coordinate, or manage your healthcare and related services. Example: sharing relevant information with a specialist, therapist, or other provider involved in your care.
  • Payment: We use and share PHI to bill and obtain payment from health plans or other payors. Example: sharing information with your Medicaid plan to verify coverage.
  • Healthcare Operations: We use and share PHI for operations that support our practice, such as quality assessment, staff training, auditing, and compliance.

Other uses/disclosures permitted or required by law include:

  • Public Health & Safety: reporting to public health authorities, preventing disease, reporting suspected abuse/neglect/exploitation, responding to product safety alerts, and preventing or reducing a serious threat to anyone’s health or safety.
  • Research: under specific conditions with institutional review or your authorization as required.
  • Legal & Law Enforcement: responding to court or administrative orders, subpoenas, or law enforcement requests when legally permitted.
  • Organ & Tissue Donation, Coroners/Medical Examiners, Funeral Directors as applicable by law.
  • Workers’ Compensation, Disability, and Similar Programs as authorized to provide benefits for work‑related injuries or illness.
  • Compliance & Government Functions: including audits, investigations, and national security.

Other uses and disclosures require your authorization, including most uses and disclosures of psychotherapy notes, marketing communications, and sale of PHI. If you authorize a use or disclosure, you may revoke it at any time in writing, except where we have already acted in reliance on your authorization.

4) Your Choices

  • Family and friends involved in your care: With your permission (or when allowed by law), we may share relevant PHI with family, caregivers, or others involved in your care or payment for care.
  • Disaster relief efforts: We may share limited PHI with organizations assisting in disaster relief so your family can be notified of your condition, status, and location.
  • Fundraising: If we contact you for fundraising, you can opt out of future communications.

5) Our Duties to Safeguard PHI

We maintain reasonable physical, technical, and administrative safeguards to protect your PHI against unauthorized access, use, or disclosure, including secure electronic systems and workforce training. If a breach of unsecured PHI occurs, we will notify you as required by HIPAA.

6) Retention of PHI

We retain PHI for the time periods required by federal and state law and our internal record‑retention policies, after which we securely destroy or de‑identify it.

Quick Reference (Plain‑Language Summary)

  • Website privacy covers non‑PHI collected through our site and forms.
  • HIPAA Notice covers PHI used for treatment, payment, and operations.
  • You have rights to access, amend, restrict, confidential communications, accounting of disclosures, and to complain without retaliation.
  • We will obtain your authorization for uses/disclosures not otherwise permitted by law.