Welcome to Mid Island Audiology. Your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your personal and health-related information in compliance with the Health Insurance Portability and Accountability Act (HIPAA), A2P messaging requirements, and any applicable guidelines from GoHighLevel.

By using our website, services, or communicating with us via text, email, or phone, you agree to the practices outlined in this policy.

2. Information We Collect

We collect the following types of information:

a. Personal Information

- Name

- Contact information (phone number, email address, mailing address)

- Date of birth

- Insurance details

b. Health Information (Protected Health Information

– PHI) Medical history related to hearing health

- Audiology test results

-Treatment plans and recommendations

c. Automatically Collected Data

- IP address

- Browser type

- Website usage analytics

3. How We Use Your Information

We use your information for the following purposes:

To provide hearing healthcare services

To schedule and confirm appointments

To communicate with you about your care

To process payments and insurance claims

To send marketing and promotional communications (with your consent)

To comply with legal and regulatory requirements

All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties, excluding aggregators and providers of the Text Message services.

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. Information sharing to subcontractors in support services, such as customer service is permitted. All other use case categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

4. HIPAA Compliance & Protection of PHI

We adhere to HIPAA regulations to ensure the security and confidentiality of your health information:

We implement administrative, technical, and physical safeguards.

We only share PHI with authorized individuals and entities.

You have the right to access, amend, and request restrictions on your PHI.

5. A2P Messaging Compliance

If you opt-in to receive SMS/text communications, we comply with A2P 10DLC (Application-to-Person 10-digit Long Code) requirements:

You consent to receive appointment reminders, updates, and marketing messages.

You can opt-out at any time by replying “STOP” to our messages.

Message and data rates may apply.

Your phone number will not be shared or sold.

6. How We Share Your Information

We do not sell or rent your personal information. We may share your information with:

Healthcare providers involved in your care

Insurance providers for billing purposes

Third-party service providers that assist with our operations (under confidentiality agreements)

Law enforcement or government agencies when required by law

All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties, excluding aggregators and providers of the Text Message services.

7. GoHighLevel Platform & Data Security

We use GoHighLevel for appointment scheduling, customer relationship management, and messaging. GoHighLevel is HIPAA-compliant, and we ensure that your data remains secure:

All communications via GoHighLevel are encrypted.

Data is stored in secure, access-controlled systems.

Access is restricted to authorized personnel only.

8. Your Rights & Choices

You have the following rights regarding your personal and health data:

Access & Correction: You can request access to your records and correct any inaccuracies.

Opt-Out: You can opt out of marketing communications at any time.

Request Restrictions: You can request limits on how your PHI is used or shared.

File a Complaint: If you believe your privacy rights have been violated, you can contact us or file a complaint with the U.S. Department of Health and Human Services (HHS).

9. Data Retention

We retain your personal and health data as required by law and professional guidelines. If you request deletion of your data, we will comply unless retention is legally required.

10. Updates to This Privacy Policy

We may update this policy periodically. The most recent version will always be available on our website.