Website Privacy Policy

Lowcountry Orthopaedics and Sports Medicine (“Company” or “We”) respects your privacy and is committed to protecting it through our compliance with this policy. This policy describes the types of information we may collect from you or that you may provide when you visit or use the website https://www.lowcountryortho.com/ (collectively, the “Website”) and our practices for collecting, using, maintaining, protecting, and disclosing that information.

This policy applies to information we collect:

Through the Website.
In email and other electronic messages between you and the Website.
When you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this policy.

It does not apply to information collected by:

Any other website operated by the Company or any third party (including our affiliates and subsidiaries); or
Any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Website.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website. By accessing or using the Website, you agree to this privacy policy. This policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of the Website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

Patient Privacy & Security Policy

Lowcountry Orthopaedics is committed to protecting the privacy and security of your Protected Health Information (PHI) in accordance with HIPAA, HITECH, and applicable South Carolina laws.

Purpose

This policy establishes the administrative, physical, and technical standards that govern how Lowcountry Orthopaedics collects, uses, discloses, and safeguards Protected Health Information (PHI) and other personal information. Compliance with this policy is required of all workforce members.

Access to Information

Access to PHI is limited to authorized workforce members based on their job responsibilities and the minimum necessary standard. We maintain role-based access controls, require unique user credentials for all systems containing PHI, and promptly terminate access when roles change or employment ends.

Uses and Disclosures of PHI

We may use or disclose your PHI for treatment, payment, and healthcare operations, including care coordination, billing, and quality improvement activities. We may also disclose information when required or permitted by law, such as for public health reporting, law enforcement, or to prevent serious threats to health or safety. Any other use or disclosure requires your written authorization.

Your Rights

You have the right to access and obtain copies of your PHI, request amendments, request restrictions on certain uses or disclosures, and request confidential communications. You may also:

Receive an accounting of disclosures of your PHI.
Obtain a Notice of Privacy Practices.
File complaints without fear of retaliation.

All requests are handled within the timeframes required by applicable law.

Security Safeguards

We implement administrative, physical, and technical safeguards to protect your information. These include:

Ongoing risk assessments to identify and address vulnerabilities.
Workforce training on privacy and security requirements.
Controlled facility access to limit physical entry to areas where PHI is stored or processed.
Secure workstations and device management practices.
User-specific access controls and authentication measures.
Encryption of PHI where appropriate.
Continuous system monitoring and audit logging.

Breach Notification

In the event of a breach involving your PHI, we will conduct a thorough risk assessment and notify affected individuals without unreasonable delay, and no later than 60 days when required by law. We also complete all necessary regulatory reporting and documentation. Business associates are contractually required to report breaches to us promptly so that we may fulfill our notification obligations.

Business Associates

We require executed Business Associate Agreements (BAAs) with all vendors and third parties who handle PHI on our behalf. We monitor business associate compliance with applicable privacy and security requirements. Non-compliant vendors may be subject to corrective action plans or termination of the business relationship.

Incident Reporting and Response

All workforce members are required to report suspected privacy or security incidents immediately to the Privacy Officer or Security Officer. All incidents are investigated, documented, and addressed with appropriate corrective actions to prevent recurrence.

Workforce Training

All employees receive HIPAA privacy and security training upon hire and annually thereafter. Confidentiality agreements are required as a condition of employment, and training records are maintained for a minimum of six years.

Sanctions

Violations of this policy may result in disciplinary action, up to and including termination of employment. Sanctions are applied consistently and proportionate to the nature and severity of the violation.

Mobile and Electronic Communication

All mobile devices used to access PHI must be secured with passwords, encryption, and remote-wipe capability where applicable. Lost or stolen devices must be reported to the Security Officer immediately. Electronic communications containing PHI must meet applicable security standards. Patients may request to receive communications via unencrypted channels with written acknowledgment of the associated risks.

Oversight

Our Privacy Officer oversees the implementation of this policy, handles complaints related to privacy, and monitors ongoing compliance. Our Security Officer is responsible for implementing technical and physical safeguards, conducting risk analyses, and managing the organization’s overall security posture.

Compliance

Failure to comply with this policy may result in disciplinary action and may also carry legal consequences under applicable federal and state law, including HIPAA, HITECH, and South Carolina statutes.

Children

Our Website is not intended for children, as defined under applicable law. Children may not provide any information to or on the Website. We do not knowingly collect personal information from children. If we learn we have collected or received personal information from a child, we will delete that information. If you believe we might have any information from or about a child, please contact us using the information provided in the Contact Information section.

Information We Collect About You and How We Collect It

We collect several types of information from and about users of our Website, including information:

By which you may be personally identified, such as name, e-mail address, telephone number, and other identifiers by which you may be contacted online or offline (“personal information”); and/or
About your internet connection, the equipment you use to access our Website, and usage details.

We collect this information:

Directly from you when you provide it to us.
Automatically as you navigate through the Website. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.
From third parties, for example, applicant tracking systems, insurance companies, and job websites.

Health Information Submitted Through the Website

Certain areas of the Website may allow you to submit information to request appointments, contact our office, or inquire about services. While we strive to protect your information, these forms may not be intended for the transmission of sensitive medical information. You should not submit detailed medical, diagnostic, or treatment information through Website forms unless explicitly directed to do so through a secure system.

If you choose to submit information through the Website, you acknowledge and accept the potential risks associated with transmitting information electronically. For sensitive health-related communications, we encourage you to use our secure patient portal or contact our office directly by phone.

Protected Health Information (PHI)

To the extent that we collect or receive information that may be considered protected health information (“PHI”) under the Health Insurance Portability and Accountability Act (HIPAA), we will use and disclose such information in accordance with applicable laws and regulations. This Website and its associated services are not intended to replace secure communication channels required for the transmission of PHI. Any PHI you provide through the Website will be handled in accordance with our Notice of Privacy Practices, where applicable.

Substance Use Disorder (SUD) Information

We may create, receive, maintain, or transmit records related to the diagnosis, treatment, or referral for treatment of substance use disorders. These records are protected under federal law, including the Confidentiality of Substance Use Disorder Patient Records regulations (42 CFR Part 2), in addition to HIPAA.

Information related to substance use disorder treatment is subject to stricter confidentiality protections than other medical information. We will not use or disclose substance use disorder information without your written consent, except as permitted or required by law. Your consent may be revoked at any time, except to the extent that action has already been taken in reliance on it. Information disclosed pursuant to your consent may be subject to redisclosure by the recipient and may no longer be protected by federal confidentiality regulations.

Information We Collect Through Automatic Data Collection Technologies

As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

Details of your visits to our Website, including traffic data, location data, logs, and other communication data, and the resources that you access and use on the Website.
Information about your computer and internet connection, including your IP address, operating system, and browser type.

We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). The technologies we use for this automatic data collection may include:

Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts of our Website. Unless you have adjusted your browser settings so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.
Web Beacons. Pages of our Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related statistics (for example, recording the popularity of certain content on the Website and verifying system and server integrity).

Third-Party Use of Cookies and Other Tracking Technologies

Some content or applications, including advertisements, on the Website are served by third parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Website. The information they collect may be associated with your personal information, or they may collect information, including personal information, about your online activities over time and across devices and different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. We may use third-party tools such as analytics providers, advertising networks, and embedded services that collect information about your interaction with the Website. We do not knowingly permit third-party tracking technologies to collect protected health information. However, data collected through cookies, analytics tools, or similar technologies may be associated with your use of the Website. Where required, we maintain appropriate agreements with service providers that may have access to personal information, and we limit data sharing to what is reasonably necessary.

Google Analytics collects personal data through the Website, including through the use of cookies. For information about how Google Analytics collects and processes data, please visit: https://policies.google.com/technologies/partner-sites. To opt out of having your information used by Google Analytics, please visit: https://tools.google.com/dlpage/gaoptout/. For more information, please visit Google’s privacy policy at: https://policies.google.com/privacy.

How We Use Your Information

We use information that we collect about you or that you provide to us, including any personal information:

To present our Website and its contents to you.
To provide you with information, products, or services that you request from us.
To collect and process applications for employment and refer employment opportunities to friends you identify.
To fulfill any other purpose for which you provide it.
To perform advertising and marketing.
To understand how our visitors use the Website and to improve and optimize their content, function, services, and presentation.
To maintain the Website and troubleshoot problems.
To notify you about changes to our Website or any products or services we offer or provide through it.
In any other way, we may describe when you provide the information.
For any other purpose with your consent.

Disclosure of Your Information

We may disclose aggregated information about our users and information that does not identify any individual without restriction. We may disclose personal information that we collect, or you provide, as described in this privacy policy:

To our subsidiaries and affiliates.
To individuals to whom you have authorized us to disclose your private health information.
To contractors, service providers, and other third parties we use to support our business, including advertising networks, applicant tracking systems, customer engagement platforms, data analytics providers, insurance companies, marketing automation and text and email communication platforms, payment processors or collections agencies, social networks, tag management systems, technology providers, and video sharing platforms.
To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the Company’s assets.
For any other purpose disclosed by us when you provide the information.
With your consent.

We may also disclose your personal information:

To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our customers, or others.

All disclosures of PHI and SUD information will comply with HIPAA, 42 CFR Part 2, and our Notice of Privacy Practices.

Data Security

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. We implement administrative, technical, and physical safeguards designed to protect personal information, including:

Access controls and role-based permissions limit PHI access to authorized workforce members.
Encryption technologies where appropriate.
Authentication measures to reduce the risk of unauthorized access.
Ongoing risk assessments and security monitoring.
Controlled physical access to facilities where PHI is stored or processed.
Secure workstations and device management practices.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

Data Retention and Disposal

We retain your information for as long as needed: (i) to conduct business with you; (ii) as needed for the purposes outlined in this Privacy Policy; and (iii) as necessary to comply with our legal obligations, resolve disputes, and enforce any agreements.

Consistent with applicable law, we maintain documentation containing personal information, including health-related records and associated communications, for a minimum of six (6) years. This retention period reflects our obligations under applicable federal and state laws governing the retention of healthcare and business records. Certain records may be retained for longer periods where required by law, professional standards, or legitimate business need.

When information is no longer required to be retained, it is securely deleted, destroyed, or de-identified in accordance with our data disposal procedures. Paper records are securely shredded, and electronic media is properly destroyed or wiped prior to disposal.

Accessing and Correcting Your Information / Additional Privacy Rights

You may send us an email at contact@lowcountryortho.com to request access to, correct, or delete any personal information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. You may also have the right to:

Request restrictions on certain uses and disclosures of your information.
Request confidential communications by alternative means or locations.
Receive an accounting of certain disclosures of your information.
File a complaint if you believe your privacy rights have been violated.

To exercise these rights, please contact us using the information provided below.

Security and Privacy Concerns

If you have questions about the security of your information or believe your information may have been compromised, please contact us immediately using the contact information provided below.

Changes to Our Privacy Policy

It is our policy to post any changes we make to our privacy policy on this page with a notice that the privacy policy has been updated on the home page of the Website. If we make material changes to how we treat our users’ personal information, we will notify you in accordance with applicable law. The date the privacy policy was last revised is identified at the end of this policy. You are responsible for ensuring we have an up-to-date, active, and deliverable email address for you, and for periodically visiting our Website and this privacy policy to check for any changes.

Questions or Complaints

If you have questions or wish to comment about this privacy policy, our privacy practices, or to file a complaint, please contact our Privacy Officer:

Bachi Evangelist

Privacy Officer
Lowcountry Orthopaedics
2880 Tricom Street
North Charleston, SC 29406
contact@lowcountryortho.com
Phone: (843) 797-5050

You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your privacy rights have been violated.