Privacy Policy
RhodesMed PLLC (“RhodesMed,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information when you visit our website, communicate with us, sign up for updates, interact with our advertising, or access links to our patient intake and patient management tools. It applies to all RhodesMed brands, including Sippa by RhodesMed, RhodesMed MEN, and RhodesMed Hair Restoration.
RhodesMed is a physician-led medical practice serving eligible adult patients located in Utah. This Privacy Policy applies to information collected through rhodesmed.com, related landing pages, website forms, emails, texts, advertising, and other digital interactions that link to this Privacy Policy.
This Privacy Policy does not replace our HIPAA Notice of Privacy Practices. Medical information created, received, maintained, or transmitted by RhodesMed in connection with your care may be protected health information under HIPAA. If this Privacy Policy conflicts with our duties under HIPAA or our HIPAA Notice of Privacy Practices, our HIPAA obligations and that Notice will control.
1. Information We Collect
We may collect information directly from you, automatically through website technologies, and from third-party service providers.
Information you provide to us
You may provide information when you:
- Visit our website
- Click “Get Started”
- Contact us by email, phone, text, website form, or another communication channel
- Sign up for emails, newsletters, or marketing updates
- Interact with our advertisements
- Schedule or begin intake through Healthie
- Request information about RhodesMed services
- Submit feedback, questions, or requests
The information you provide may include your name, email address, phone number, state of residence, communication preferences, marketing preferences, general questions or comments, information you voluntarily include in messages to us, and appointment or intake-related information if you choose to begin the patient process.
Please avoid sending sensitive medical details through ordinary website contact forms or general email unless specifically directed to do so through a secure channel. Patient intake and medical communications should occur through Healthie or another secure system provided by RhodesMed.
Information collected through Healthie
RhodesMed uses Healthie as its electronic health record and patient management system. If you begin intake, schedule a visit, complete forms, sign consents, communicate with the care team, or access patient services through Healthie, the information you provide may be collected and processed through Healthie.
Information collected through Healthie may include health information, intake responses, demographic information, billing information, consent forms, clinical notes, prescriptions, lab information, and patient communications.
Information collected in connection with patient care is subject to HIPAA and our HIPAA Notice of Privacy Practices.
Information collected automatically
When you visit our website, we may automatically collect certain information, such as:
- IP address
- Browser type, device type, and operating system
- Pages viewed and links clicked
- Referring website
- Date and time of visit
- General location derived from IP address
- Website interactions and usage patterns
- Advertising and analytics identifiers
- Cookies and similar technologies
We do not use tracking technologies to collect protected health information, and we do not transmit protected health information to advertising or analytics vendors.
We do not place advertising or analytics tracking technologies on our patient intake pages or on the patient portal.
Information from third parties
We may receive information from third-party service providers, such as website hosting providers, analytics providers, advertising platforms, email marketing platforms, SMS or text messaging providers, our patient management system, payment processors, pharmacy, lab, or clinical service partners when applicable, and security, fraud prevention, and technical support providers.
2. How We Use Information
We may use information for the following purposes.
To provide and support our services
We may use information to respond to questions, help you begin intake, route you to Healthie or another secure patient system, schedule visits, manage patient communications, support care coordination, process payments, send administrative messages, provide patient support, and improve access to RhodesMed services.
To communicate with you
We may use your information, including through Healthie or other approved communication systems, to send or support:
- Appointment-related messages
- Intake reminders
- Account or patient portal reminders
- Payment reminders
- Service updates
- Patient care communications
- Refill or follow up reminders
- Text messages about your care and your account
- Email newsletters and educational content, if you sign up for them
- Marketing emails, if you sign up for them
You can unsubscribe from marketing emails using the unsubscribe link in the email. You may opt out of text messages by contacting us at [email protected]. RhodesMed does not send marketing text messages.
Even if you opt out of marketing communications, we may still send non-marketing messages related to appointments, intake, patient care, billing, account status, legal notices, safety-related matters, or other transactional or healthcare-related purposes.
To improve our website and services
We may use information to understand how visitors use our website, improve website performance, analyze marketing effectiveness, troubleshoot technical issues, develop new content and patient resources, improve user experience, and measure advertising campaigns.
For advertising and marketing
We may use limited website interaction data to measure advertising performance, understand which campaigns bring visitors to the website, improve landing pages, and show or measure relevant advertising.
We do not sell patient medical records. We do not use protected health information for targeted advertising.
For legal, safety, and compliance purposes
We may use information to comply with applicable laws and regulations, protect patient safety, detect or investigate fraud, misuse, or security issues, enforce our Terms of Use, protect the rights, safety, and property of RhodesMed, patients, users, clinicians, and others, maintain records as required by law, and respond to lawful requests, subpoenas, court orders, or government requests.
5. Health Information and HIPAA
Some information collected by RhodesMed is protected health information under HIPAA. Protected health information is handled in accordance with HIPAA and our HIPAA Notice of Privacy Practices.
Examples of information that may be protected health information include:
- Patient intake information submitted through Healthie
- Medical history and symptoms
- Treatment plans
- Prescriptions
- Lab results
- Clinical notes
- Patient portal communications
- Billing information related to healthcare services
Healthie is a business associate of RhodesMed. Protected health information you submit through intake forms and the patient portal is transmitted directly to Healthie under a Business Associate Agreement. It does not pass through our marketing website, and it is not stored in our website software.
Our website also collects information that is not protected health information under HIPAA, such as general website analytics, marketing preferences, or general contact requests. Health-related information can be sensitive even when it is not protected health information. We aim to treat health-related information with care and to limit collection, use, and disclosure to appropriate purposes.
6. Text Messages and Email Communications
Messages about your care and your account
RhodesMed uses Healthie, our electronic health record and patient portal, to communicate with patients by text message and email. Messages sent through Healthie support your care and your account, and may include intake, scheduling, appointment reminders, patient portal notifications, care coordination, billing, and refill or follow up reminders.
These messages are part of your treatment and the operation of your account. Message and data rates may apply. Message frequency may vary.
We do not send marketing text messages
RhodesMed does not send marketing or promotional text messages. The only text messages we send relate to your care and your account.
If this changes, we will update this Privacy Policy and obtain the consent required by law before sending any marketing text message.
If you sign up for emails or newsletters, we may send educational or promotional emails. You may unsubscribe from marketing emails at any time using the unsubscribe link in the email.
Unsubscribing from marketing emails does not stop messages about your appointments, intake, patient care, billing, account status, legal notices, or safety-related matters.
Opting out of text messages
You may opt out of text messages at any time by contacting [email protected].
If you opt out, you may stop receiving appointment reminders, refill reminders, and other information you need for your care. Please tell us how you would prefer to be reached.
Security of text messages
SMS and text messaging may not be fully secure. Please avoid sending sensitive medical information by ordinary text message. Use the patient portal for clinical communication.
7. Payment Information
If you make a payment, payment information is processed by a third-party payment processor. We do not store full payment card information on our website.
Payment processors may collect and process your payment information according to their own privacy and security practices.
8. Data Security
We use reasonable administrative, technical, and physical safeguards designed to protect information from unauthorized access, loss, misuse, disclosure, alteration, or destruction.
No website, internet transmission, email, text message, or electronic storage system is completely secure. We cannot guarantee absolute security.
If you believe your information may have been compromised, please contact us at [email protected].
9. Data Retention
We retain information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide services, maintain records, comply with legal obligations, resolve disputes, enforce agreements, support patient care, maintain business records, and improve website and service operations.
Medical records and patient information are retained according to applicable healthcare record retention laws and professional requirements.
10. Your Choices and Privacy Rights
Depending on where you live and applicable law, you may have rights to:
- Request access to certain personal information
- Request correction of inaccurate information
- Request deletion of certain information
- Opt out of certain marketing communications
- Opt out of certain targeted advertising or cookie-based tracking
- Request information about categories of information collected, used, or shared
- Withdraw consent where processing is based on consent
To make a privacy request, contact us at [email protected].
We may need to verify your identity before responding. Some information may be exempt from deletion or access requests, including information we must keep for legal, medical, compliance, billing, security, or recordkeeping reasons.
If your request relates to protected health information or medical records, it will be handled under HIPAA and our HIPAA Notice of Privacy Practices, which provide their own rights of access and amendment.
11. Utah and State Privacy Notices
RhodesMed currently serves eligible adult patients located in Utah.
Certain state privacy laws may provide additional rights if they apply to us or to your information. Where they apply, we will honor legally required privacy rights. Information governed by HIPAA is generally exempt from state consumer privacy laws and is handled under HIPAA instead.
We do not sell personal information. We may use advertising and analytics technologies on our public marketing pages that some privacy laws define as targeted advertising or sharing. You may contact us at [email protected] to ask about available opt-out choices.
12. Children's Privacy
RhodesMed services are intended for adults only.
Our website and services are not directed to children or minors. We do not knowingly collect personal information from individuals under 18. If we learn that we have collected personal information from a minor without appropriate authorization, we will take steps to delete it or otherwise address it as required by law.
13. Third-Party Websites and Services
Our website may link to third-party websites or services, including Healthie, payment processors, labs, pharmacies, email platforms, or other tools.
We are not responsible for the privacy practices of third-party websites or services that we do not control. Please review the privacy policies of those third parties.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we update it, we will revise the last updated date above.
If changes are material, we may provide additional notice, such as by posting a notice on our website or contacting you through available communication channels.
Your continued use of the website after changes are posted means you acknowledge the updated Privacy Policy.
15. Contact Us
If you have questions about this Privacy Policy, our privacy practices, or your privacy choices, please reach out.
RhodesMed [email protected]
Care is provided by RhodesMed PLLC. Administrative services may be supported by 146 Holdings LLC.
For medical emergencies, call 911 or go to the nearest emergency department.