This Privacy Policy describes how Mendrix Medical Associates PC ("MMA," "we," "our," or "us") and its affiliated programs and entities collect, use, and protect your information when you access our website, patient portal, or any services we provide. By using our website or services, you agree to the practices described in this policy.
Information We Collect
We may collect the following categories of information:
Name, date of birth, address, phone number, and email address.
Medical history, diagnoses, treatment records, medication lists, clinical notes, and insurance information. This information constitutes Protected Health Information (PHI) and is governed under HIPAA as described in Section 3.
Health insurance plan details, member ID, and payment information processed through secure, PCI-DSS compliant processors.
IP address, browser type, device identifiers, and website usage activity collected automatically through our website.
Messages, appointment requests, and inquiries you submit through our website or patient portal.
How We Use Your Information
Providing and coordinating medical care, including primary care, transitional care management, and specialty services.
Processing insurance claims, verifying benefits, and managing billing.
Communicating with you about appointments, treatment, and health-related matters.
Operating and improving our website and patient-facing technology.
Complying with HIPAA, CMS regulations, state medical licensing requirements, and applicable federal and state law.
Sending administrative and, where you have consented, health-related communications.
Supporting care coordination with affiliated programs and partner entities involved in your care.
HIPAA & Protected Health Information
Mendrix Medical Associates PC is a Covered Entity under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations, including the HIPAA Privacy Rule (45 CFR Part 164) and Security Rule. Your Protected Health Information (PHI) is protected in accordance with these laws.
As a patient, you have the following rights with respect to your PHI:
You may request a copy of your medical records and health information.
You may request that we correct inaccurate or incomplete information in your records.
You may request a list of certain disclosures we have made of your PHI.
You may request restrictions on how we use or disclose your PHI for treatment, payment, or healthcare operations.
You may request that we communicate with you through a specific method or at a specific location.
You have the right to receive a copy of our full HIPAA Notice of Privacy Practices (NPP), which provides a complete description of how we may use and disclose your PHI.
We will not use or disclose your PHI for purposes other than treatment, payment, or healthcare operations without your written authorization, except as permitted or required by law. PHI is never sold. To request a copy of our Notice of Privacy Practices or to exercise any of the rights above, contact our Privacy Officer at privacy@mendrixmedical.com.
Disclosure of Information
We do not sell your personal information. We may share information in the following circumstances:
With physicians, specialists, hospitals, skilled nursing facilities, and affiliated programs involved in your care, under appropriate agreements.
With insurance carriers, clearinghouses, and billing processors to process claims and collect payment.
With affiliated entities and service providers supporting the administration and improvement of our practice, under Business Associate Agreements where required.
With courts, government agencies, or law enforcement as required by law or to protect patient safety.
With attorneys, auditors, and insurers bound by confidentiality obligations.
SMS consent is not shared with third parties or affiliates. Any mobile telephone number or SMS opt-in consent you provide will never be sold, transferred, or disclosed to outside parties for marketing or any other purpose.
Data Security
We maintain administrative, technical, and physical safeguards designed to protect your information in compliance with HIPAA Security Rule requirements. These measures include:
Encryption of data at rest and in transit
Access controls and role-based permissions
Secure network infrastructure
Regular security reviews and audits
All vendors and partners who access PHI on our behalf are required to execute Business Associate Agreements.
Data Retention
Medical records are retained in accordance with applicable California and Tennessee state law and CMS requirements. Other personal information is retained only as long as necessary for the purposes described in this policy or as required by law.
Cookies
Our website may use cookies to support basic functionality and analyze site usage. You may manage cookie preferences through your browser settings. We do not use cookies to collect health information.
Your Rights
In addition to your HIPAA rights described in Section 3, you may have the right under applicable state law to access, correct, or request deletion of non-clinical personal information we hold about you. California residents have additional rights under the CCPA/CPRA.
To submit a request, contact us at privacy@mendrixmedical.com.
Children's Privacy
Our website is not directed to children under 13. Healthcare services provided to minor patients are governed by applicable state law and our HIPAA Notice of Privacy Practices.
Changes to This Policy
We may update this policy from time to time. Material changes will be posted on our website with an updated effective date. Continued use of our website or services after any update constitutes acceptance of the revised policy.
Contact Us
Mendrix Medical Associates PC
SMS Terms of Service
By opting into SMS from a web form or other medium, you are agreeing to receive SMS messages from Mendrix Care Solutions. This includes SMS messages for conversations (external).
Message frequency varies depending on your interactions and the nature of your care or inquiries.
Message and data rates may apply. Please check with your mobile carrier for details.
See our full privacy policy at https://mendrixmed.com/privacy-policy.html.
Message HELP to any SMS message to receive support information.
Reply STOP to any message at any time to opt out of future SMS communications from Mendrix Care Solutions.
SMS consent is not shared with third parties. Your mobile number and opt-in consent are used exclusively for communications from Mendrix Care Solutions and will never be sold or disclosed to outside parties.