Privacy

Privacy policy

Last updated: September 2025

This Privacy Policy explains how Dermatology House Calls LLC (“Dermatology House Calls,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards information through our website, telehealth platforms, scheduling and messaging tools, and related online services (collectively, the “Website” or “Services”). We provide clinical services solely in South Carolina where our clinicians are licensed and available.

Where we act as a HIPAA covered entity, your protected health information (“PHI”) is governed by the HIPAA Privacy, Security, and Breach Notification Rules and our Notice of Privacy Practices (“NPP”). This Privacy Policy governs non‑PHI collected through the Website and also describes how we treat PHI online where applicable. If there is a conflict between this Policy and the NPP for PHI, the NPP controls.

By using the Website, you agree to this Privacy Policy. If you do not agree, please do not use the Website.

Definitions

• Company: Dermatology House Calls LLC.

• PHI: Protected health information under HIPAA, including information that identifies you and relates to your past, present, or future physical or mental health, health care, or payment for care.

• Personal information (non‑PHI): Information that identifies, relates to, describes, or could reasonably be linked with you but is not PHI (for example, device data and general contact info collected outside a patient context).

• Business associate: A vendor that creates, receives, maintains, or transmits PHI on our behalf under a Business Associate Agreement (“BAA”).

• Minimum necessary: Our practice of limiting PHI use and disclosure to the minimum necessary to accomplish permitted purposes, except for treatment or where HIPAA otherwise permits.

• Website: www.DermCalls.com and related pages, forms, and features that we operate or control.

• De‑identified data: Information that has been de‑identified under HIPAA (Safe Harbor or expert determination), which we may use and disclose without restriction.

Information we collect

PHI and sources of PHI

• Clinical intake and care:

  • Examples: Medical history, medications, allergies, dermatologic concerns, photographs of skin, imaging or lab results, referral notes, care plans, claims and billing details.

  • Sources: Information you provide; information created by our clinicians; information from referring providers, pharmacies, labs, and payers as permitted by HIPAA.

• Telehealth:

  • Examples: Audio/video session metadata, secure chat content, images you upload for clinical review.

  • Note: We do not record telehealth sessions without your express consent.

• Care coordination and reminders:

  • Examples: Appointment reminders, after‑visit summaries, instructions, and other clinical communications.

Personal information (non‑PHI) and sources

• Contact and account details:

  • Examples: Name, email, phone, general inquiry form content submitted outside a patient context.

• Usage and device data:

  • Examples: IP address, device identifiers, browser type/version, pages viewed, timestamps, referring URLs, and general location derived from IP.

• Cookies and similar technologies:

  • Examples: Cookies, tags, SDKs, and beacons used for functionality and performance (see “Cookies and tracking technologies”).

• Payment information (website payments):

  • Examples: Payment card data processed by our PCI‑compliant payment processor. We do not store full card numbers on our servers.

Children and minors

• Children under 13 (online):

  • We do not knowingly collect personal information online from children under 13.

• Minors receiving care:

  • PHI for minors is handled per HIPAA and South Carolina law. Parents or legal guardians generally act as personal representatives subject to applicable exceptions.

How we use information

Uses of PHI (HIPAA‑permitted)

• Treatment, payment, and health care operations (TPO):

  • Treatment: Coordinating and delivering dermatology care, teledermatology, referrals, and consultations.

  • Payment: Eligibility checks, claims submission, billing, collections, and related activities.

  • Operations: Quality assessment, credentialing, auditing, compliance, training, population health, patient satisfaction, and internal analytics consistent with HIPAA.

• Required or permitted by law:

  • Examples: Public health reporting; health oversight; abuse/neglect reporting; preventing or reducing serious threats to health or safety; law enforcement with valid process; workers’ compensation; coroners/medical examiners.

• Authorizations:

  • We obtain your written authorization for uses and disclosures requiring it (including most marketing involving PHI and any sale of PHI). You may revoke an authorization in writing at any time, except to the extent we have already relied on it.

• De‑identification:

  • We may de‑identify PHI and use or disclose de‑identified information for analytics, quality improvement, research, or product and service development. We do not re‑identify de‑identified data.

Uses of personal information (non‑PHI)

• Site operation and improvement:

  • Operating, maintaining, and securing the Website; troubleshooting; measuring performance and enhancing user experience.

• Communications:

  • Responding to inquiries; sending administrative messages; policy updates and service notices.

• Marketing (non‑PHI):

  • We may send non‑PHI promotional communications about services that may interest you. You can opt out at any time. We do not use or disclose PHI for marketing without your written authorization.

• No sale:

  • We do not sell PHI or personal information and do not engage in cross‑context behavioral advertising using PHI.

How we share information

Disclosures of PHI

• Business associates:

  • Scope: EHR/telehealth platforms, secure messaging, e‑fax, billing and payment processors, cloud hosting, IT/security, and similar vendors.

  • Safeguards: We require BAAs that impose HIPAA‑level safeguards and restrict use/disclosure.

• Care delivery and operations:

  • Examples: Providers, pharmacies, labs, payers, and others for TPO; family/caregivers involved in your care as permitted by HIPAA; persons identified in an emergency or when you are incapacitated if consistent with your prior preferences and HIPAA.

• Legal and public interest:

  • Disclosures required or permitted by law as noted above.

• No sale of PHI:

  • We do not sell PHI. Marketing disclosures involving PHI occur only with your written authorization.

Disclosures of personal information (non‑PHI)

• Service providers (processors):

  • Vendors processing data under our instructions to operate the Website, analytics, scheduling, communications, and customer support.

• Business transfers:

  • In a merger, reorganization, or asset sale, personal information may transfer as part of the transaction subject to this Policy or a successor policy with materially similar protections.

• Legal and safety:

  • To comply with legal obligations or valid requests; to protect rights, property, safety, and security; to prevent fraud or abuse.

Cookies and tracking technologies

We use strictly necessary and functional cookies to operate the Website and remember preferences. You can manage cookies through your browser; disabling certain cookies may impact functionality.

To address healthcare‑specific privacy risks:

• Prohibited tracking with PHI:

  • We do not deploy analytics, advertising pixels, retargeting tools, social media plugins, or similar tracking technologies on pages or forms that collect or display PHI, unless we have HIPAA‑compliant agreements and technical controls to prevent transmission of PHI to third parties.

• Email and clinical messaging:

  • We avoid embedding beacons or trackers in clinical communications that could disclose PHI.

• Analytics on non‑PHI pages:

  • We may use privacy‑conscious analytics on public pages to understand aggregate usage and improve the Website.

• Do‑Not‑Track:

  • We currently do not respond to browser Do‑Not‑Track signals due to a lack of industry consensus. You may use browser settings and third‑party tools to limit certain tracking.

Your rights and choices

HIPAA rights for PHI

• Access and copies:

  • What: Request access to or copies of your PHI, including electronic copies where maintained electronically.

  • Costs: We may charge reasonable, cost‑based fees where permitted.

• Amendments:

  • What: Request that we amend PHI you believe is incorrect or incomplete.

  • Timing: We respond per HIPAA timelines and will explain any denial and your rights to submit a statement of disagreement.

• Restrictions and confidential communications:

  • What: Request restrictions on certain uses/disclosures and ask us to communicate by alternative means or at alternative locations. We will accommodate reasonable requests.

• Accounting of disclosures:

  • What: Request an accounting of certain disclosures of PHI as defined by HIPAA.

• Paper copy of our NPP:

  • What: Request a paper copy of the NPP at any time, even if you agreed to receive it electronically.

To exercise HIPAA rights, contact us using “Contact us” below. We will verify your identity and respond within applicable timelines.

Choices for personal information (non‑PHI)

• Marketing preferences:

  • How: Use the unsubscribe link in emails or follow the SMS opt‑out instructions below.

• Cookies:

  • How: Manage cookies in your browser settings.

• Access/correction/deletion (non‑PHI):

  • How: Email Hello@DermCalls.com. We will verify your request and respond as required, subject to legal exceptions and our retention obligations. PHI is generally not subject to deletion upon request due to medical and legal recordkeeping requirements.

State privacy disclosures (non‑PHI)

• Limited applicability:

  • Certain consumer privacy laws may grant additional rights for non‑PHI. To the extent such laws apply to you, we will honor those rights for non‑PHI. PHI subject to HIPAA is exempt from those state laws.

Security, retention, and breach notification

• Security program:

  • Administrative safeguards: Workforce training, role‑based access, policies and procedures, vendor due diligence, risk analysis, and incident response.

  • Technical safeguards: Encryption in transit and at rest where feasible, multi‑factor authentication where appropriate, network and endpoint security, logging/monitoring, secure configuration, and data loss prevention.

  • Physical safeguards: Controlled access, device management, and secure storage for systems handling PHI.

• Retention:

  • PHI: Retained consistent with HIPAA and other applicable laws, payer requirements, and our internal schedule. We retain required HIPAA documentation for at least six years from the date of creation or last effective date. Medical and billing records are retained for no less than the longest period required by applicable law and our policies.

  • Non‑PHI: Retained only as long as necessary for the purposes described in this Policy or as required by law, then securely disposed of or de‑identified.

• Breach notification:

  • PHI: If a breach of unsecured PHI occurs, we will conduct a risk assessment and notify affected individuals without unreasonable delay and within applicable legal timeframes. We will also notify regulators and, if required, the media. Law enforcement delays may apply.

  • Non‑PHI incidents: We will assess and notify where required by applicable law.

No method of transmission or storage is 100% secure. We continuously refine safeguards to align with risk and industry standards.

Communications and special topics

SMS, email, and electronic communications

• Consent and frequency:

  • By providing your mobile number, you consent to receive recurring automated and non‑automated texts for appointments, updates, and service messages. Consent is not a condition of purchase. Message frequency varies. Standard message/data rates may apply.

• Opt‑out:

  • Reply STOP, END, CANCEL, UNSUBSCRIBE, or QUIT to any message, or email Hello@DermCalls.com. You may receive a final confirmation message.

• PHI caution:

  • We discourage sending PHI via SMS or unencrypted email. If you request or consent to receive PHI via less secure methods after being offered secure alternatives, you accept the associated risks.

Telehealth

• Security:

  • We use secure platforms. We do not record sessions without your express consent. If recording is proposed, we will explain the purpose, access, and retention period.

• Environment:

  • Ensure your environment is private to protect your information during visits.

Dermatology images and photography

• Clinical images:

  • Use: Photos you provide or we capture may be used for treatment, documentation, and operations (e.g., quality, training) as permitted by HIPAA.

  • External uses: Any external use (e.g., marketing, education identifiable to you) requires your written authorization.

  • Storage: Images are stored with your record in systems subject to HIPAA safeguards.

Payments and insurance

• Payment processing:

  • Website payments are processed by PCI‑compliant processors. We do not store full card numbers.

• E‑billing:

  • Billing communications may include limited information necessary for payment and compliance.

Emergencies and urgent issues

• No emergency use:

  • The Website and messaging channels are not for emergencies. Call 911 or go to the nearest emergency department if you are experiencing an emergency.

Vendors, international transfers, and third parties

• Vendors and processors:

  • Selection: We engage vendors with appropriate privacy and security commitments.

  • Contracts: PHI vendors sign BAAs. Non‑PHI vendors are bound by contractual limits to process data solely for our purposes.

• International transfers:

  • We store and process information in the United States. We do not transfer PHI outside the U.S. unless permitted by HIPAA with appropriate safeguards.

• Third‑party links and tools:

  • Our Website may link to or integrate third‑party sites and tools. We are not responsible for their privacy practices or content. Review their policies before providing information.

• Social media:

  • Interactions on our social media pages are public. Do not post PHI. Direct messages are not a substitute for clinical communications.

Other terms, changes, and contact

• Service area:

  • We provide clinical services only within South Carolina and solely where our clinicians are licensed and available. Accessing the Website from other jurisdictions does not constitute an offer to provide services outside South Carolina.

• Nondiscrimination and language assistance:

  • We comply with applicable federal civil rights laws and provide auxiliary aids and language assistance where required. See our Notice of Nondiscrimination and Language Assistance.

• Dispute resolution and class action waiver:

  • Disputes related to this Policy and the Website are subject to the binding arbitration and class action waiver provisions in our Terms & Conditions and must be brought on an individual basis.

• Updates to this Policy:

  • We may update this Policy periodically. Material changes will be posted here with an updated “Last updated” date and, where required, we will provide additional notice. Your continued use of the Website after changes indicates acceptance.

• Contact us:

  • Email: Hello@DermCalls.com

  • Phone: 864‑365‑6405

  • Mailing address: Available upon request

  • Privacy complaints: You may contact us or file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights. We will not retaliate for filing a complaint.