FULL SPECTRUM INTEGRATIVE MEDICINE

WEBSITE PRIVACY POLICY

 

 

Last Updated: January 17, 2026

 

1. INTRODUCTION

 

Full Spectrum Integrative Medicine ("Practice," "we," "our," or "us") is committed to protecting the privacy and security of the personal information we collect from our patients and website users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with all applicable federal laws, including the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH), the Genetic Information Nondiscrimination Act (GINA), and the 21st Century Cures Act.

 

By accessing or using our website at https://www.fsim.health or https://www.fullspectrumim.com/ (the "Website"), you acknowledge that you have read, understand, and agree to the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our Website.

 

We are deeply committed to maintaining the confidentiality, integrity, and security of your personal information and protected health information (PHI). We recognize the sensitive nature of health-related information and strive to implement best practices that exceed minimum legal requirements to safeguard your privacy.

 

1. INFORMATION WE COLLECT

 

We collect several types of information from and about users of our Website, including:

 

2.1 Personal Information. This includes information that can be used to identify you individually, such as your:

• Full name

• Postal address

• Email address

• Telephone number

• Date of birth

• Social security number

• Medical information and health history

• Health insurance information

• Payment information

• Emergency contact information

• Any other identifier by which you may be contacted online or offline

 

2.2 Protected Health Information (PHI). As a healthcare provider, we collect protected health information as defined under HIPAA, which includes:

 Medical records

• Test results

• Treatment plans

• Medication information

• Billing records

• Health insurance information

• Any other information related to your past, present, or future physical or mental health condition

 

2.3 Usage Information. We also collect information about your use of our Website, including:

• Details of your visits

• Traffic data

• Location data

• Logs and other communication data

• Information about your computer and internet connection, such as your IP address

• Operating system and browser type

• Referring website addresses

• Device information

• Time spent on pages

• Click-through patterns

 

This information is collected automatically as you navigate through and interact with our Website.

 

1. HOW WE COLLECT INFORMATION

 

We collect information in the following ways:

 

3.1 Direct Collection. We collect personal information directly from you when you:

• Fill out forms on our Website

• Register for an account

• Schedule appointments

• Complete intake questionnaires

• Subscribe to our services or newsletters

• Make payments

• Participate in surveys or feedback forms

• Contact us via email, phone, or other communication channels

 

3.2 Automatic Collection. We collect usage information automatically as you navigate through and interact with our Website, using technologies such as:

• Cookies: Small data files stored on your device that help us improve our Website and your experience

• Web beacons: Electronic images that help us deliver cookies and count visits

• Pixel tags: Small blocks of code on webpages that allow for the collection of information about your visit

• Server logs: Records of activities on our Website

• Analytics tools: Third-party services that help us understand how users engage with our Website

 

You can set your browser to refuse all or some browser cookies or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of the Website may be inaccessible or not function properly.

 

3.3 Third-Party Sources. We may collect information about you from third parties, such as:

• Healthcare providers who have referred you to our practice

• Insurance companies and other payers

• Business partners and service providers

• Third-party websites or applications that you use to access our services

• Public databases and publicly available sources

 

1. HOW WE USE YOUR INFORMATION

 

We use the information we collect about you for the following purposes:

 

4.1 Providing Healthcare Services.

• To provide, coordinate, and manage your healthcare and related services

• To perform medical consultations, examinations, and treatments

• To create and maintain your medical records

• To communicate with other healthcare providers involved in your care

• To schedule and confirm appointments

• To send appointment reminders and follow-up information

 

4.2 Payment and Insurance Operations.

• To verify your insurance coverage and benefits

• To process insurance claims and obtain payment for services

• To bill and collect payment from you, your insurance company, or other third-party payers

• To conduct utilization review and pre-certification activities

• To resolve billing inquiries and disputes

 

4.3 Healthcare Operations.

• To conduct quality assessment and improvement activities

• To review the competence or qualifications of healthcare professionals

• To train medical students and staff

• To conduct or arrange for medical review, legal services, and auditing functions

• To support business planning and development

• To manage our business operations and administrative activities

 

 

4.4 Website Functionality and Improvement.

• To operate, maintain, and improve our Website

• To personalize your experience on our Website

• To analyze usage patterns and trends

• To develop new products, services, features, and functionality

• To measure the effectiveness of our content and communications

• To diagnose technical problems and maintain security

 

4.5 Communication and Marketing.

• To respond to your inquiries and requests

• To provide you with information about our services, events, and resources

• To send you newsletters, health tips, and educational materials

• To conduct surveys and collect feedback

• To notify you about changes to our Website or services

• To send administrative messages regarding your account or transactions

 

4.6 Research and Analytics.

• To conduct de-identified or aggregated data analysis

• To participate in medical research studies (with your explicit consent)

• To evaluate treatment outcomes and effectiveness

• To identify health trends and opportunities for service improvement

• To develop new treatment protocols and approaches

 

4.7 Legal and Regulatory Compliance.

• To comply with applicable federal and state laws and regulations

• To respond to lawful requests from public and government authorities

• To enforce our terms and conditions and other agreements

• To protect our rights, privacy, safety, or property

• To detect, prevent, or investigate potential security incidents or fraud

 

1. CONSENT AND CHOICE

 

1. Consent for Treatment, Payment, and Healthcare Operations. By becoming a patient of our Practice, you provide implied consent for us to use and disclose your PHI for treatment, payment, and healthcare operations purposes as described in this Privacy Policy and our Notice of Privacy Practices.

 

1. Consent for Other Uses. We will obtain your explicit written authorization before using or disclosing your PHI for purposes other than those covered by this Privacy Policy or our Notice of Privacy Practices, unless an exception applies under HIPAA or other applicable laws.

 

1. Withdrawal of Consent. You may revoke any consent or authorization you have provided to us, except to the extent that we have already taken action in reliance on it. To revoke your consent or authorization, please contact our Privacy Officer at [INSERT CONTACT INFORMATION].

 

 

5.4 Marketing Communications. We will obtain your explicit consent before using your personal information for marketing purposes. You can opt out of receiving marketing communications from us at any time by:

• Following the unsubscribe instructions included in each marketing email

• Contacting us directly at [INSERT CONTACT INFORMATION]

• Updating your communication preferences in your account settings

 

1. Cookies and Tracking Technologies. You can manage your preferences for cookies and similar tracking technologies through your browser settings. Most web browsers allow you to control cookies through their settings preferences, and you can set your browser to refuse all or some browser cookies or to alert you when cookies are being sent.

 

1. HOW WE DISCLOSE YOUR INFORMATION.

 

We may disclose your information in the following circumstances:

 

1. For Treatment Purposes. We may disclose your PHI to doctors, nurses, technicians, medical students, or other personnel who are involved in your medical care. For example, we may share your PHI with specialists to whom you are referred for additional treatment.

 

6.2 For Payment Purposes. We may disclose your PHI to obtain payment for the healthcare services we provide to you. For example, we may share information with your health insurance plan to determine eligibility for coverage or to obtain pre-approval for a treatment.

 

6.3 For Healthcare Operations. We may disclose your PHI for our healthcare operations, including quality assessment, improvement activities, reviewing the competence of healthcare professionals, and conducting training programs.

 

6.4 To Business Associates. We may disclose your PHI to our business associates who perform functions on our behalf or provide us with services if the information is necessary for such functions or services. All of our business associates are obligated, under contract with us, to protect the privacy and security of your PHI.

 

6.5 To Family Members and Personal Representatives. We may disclose your PHI to a family member, relative, close friend, or any other person you identify, who is involved in your care or payment for your care, provided you have agreed to such disclosure or have been given an opportunity to object and have not objected.

 

6.6 As Required by Law. We will disclose your PHI when required to do so by federal, state, or local law, including in response to a court or administrative order, subpoena, discovery request, or other lawful process.

 

6.7 To Prevent a Serious Threat to Health or Safety. We may use and disclose your PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.

 

6.8 For Public Health Activities. We may disclose your PHI for public health activities, such as reporting diseases, injuries, births, and deaths, or reporting adverse reactions to medications or problems with products.

 

6.9 For Health Oversight Activities. We may disclose your PHI to a health oversight agency for activities authorized by law, such as audits, investigations, inspections, and licensure.

 

6.10 For Research Purposes. We may use or disclose your PHI for research purposes, but only if the research has been specially approved by an authorized institutional review board or privacy board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI.

 

6.11 With Your Consent. We may disclose your information to third parties for any other purpose, but only with your express written consent. 

 

1. DATA SECURITY

We have implemented appropriate technical, administrative, and physical safeguards to protect the confidentiality, integrity, and availability of your personal information and PHI. These measures include:

 

7.1 Technical Safeguards.

• Encryption of electronic PHI in transit and at rest

• Access controls and authentication mechanisms

• Firewalls and intrusion detection systems

• Secure, encrypted connections for all online transactions

• Regular security patches and updates

• Anti-malware and anti-virus protection

• Automatic logout features

• Audit controls and activity logging

 

7.2 Administrative Safeguards

• Regular risk assessments and security evaluations

• Comprehensive security policies and procedures

• Employee training on privacy and security practices

• Background checks for employees with access to PHI

• Confidentiality agreements with employees and contractors

• Sanctions for policy violations

• Incident response planning and testing

• Regular compliance monitoring and auditing

 

 

7.3 Physical Safeguards

• Secured facilities with controlled access

• Locked storage for physical records

• Proper disposal procedures for PHI (shredding, etc.)

• Workstation and device security measures

• Facility access controls and visitor management

• Environmental safeguards (fire protection, power backup, etc.)

 

Despite these measures, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. In the event of a security breach affecting your personal information or PHI, we will notify you in accordance with applicable law.

 

1. BREACH NOTIFICATION

In the event of a breach of unsecured PHI, we will:

8.1 Investigation and Risk Assessment

• Promptly investigate the incident to determine the nature and extent of the breach, identify affected individuals, and assess the risk of harm to affected individuals.

 

8.2 Notification to Affected Individuals

• Provide notification to affected individuals without unreasonable delay and in no case later than 60 calendar days after discovery of the breach. Such notification will include:

• A description of the breach

• The types of information involved

• Steps individuals should take to protect themselves

• What we are doing to investigate, mitigate, and prevent future breaches

• Contact procedures for individuals to ask questions or receive additional information

 

8.3 Notification to the Secretary of HHS

• Notify the Secretary of the Department of Health and Human Services (HHS) as required by HITECH Act regulations.

 

8.4 Notification to Media. For breaches affecting more than 500 individuals, provide notice to prominent media outlets serving the state or jurisdiction where affected individuals reside.

 

8.5 Business Associate Breaches. Require our business associates to notify us of any breaches of unsecured PHI so that we can coordinate the appropriate response.

 

1. DATA RETENTION AND DELETION

 

9.1 Retention Period. We retain your personal information and PHI for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

• Medical records are retained for at least 7 years from the date of last service, or longer if required by state law

• For minors, medical records are retained until the patient reaches the age of majority (18 years) plus the applicable statute of limitations

• Billing and payment records are retained for at least 7 years

• Website usage data is typically retained for 2 years

 

9.2 Determination of Retention Period. In determining the appropriate retention period for personal information, we consider:

• The amount, nature, and sensitivity of the personal information

• The potential risk of harm from unauthorized use or disclosure

• The purposes for which we process the personal information

• Whether we can achieve those purposes through other means

• Applicable legal, regulatory, tax, accounting, or other requirements

 

9.3 Secure Disposal. When personal information or PHI is no longer needed, we will securely delete or destroy it using industry-standard methods:

• Paper records are shredded using cross-cut shredders or incinerated

• Electronic media is cleared, purged, or destroyed consistent with NIST Special Publication 800-88

• Hard drives and other electronic storage devices are sanitized before disposal or reuse

 

9.4 Requests for Deletion. You may request deletion of certain personal information in accordance with applicable law. However, we may be required to retain certain information for legal, regulatory, or compliance purposes. To request deletion of your personal information, please contact our Privacy Officer at [INSERT CONTACT INFORMATION].

 

10. INDIVIDUAL RIGHTS

Under HIPAA and other applicable federal laws, you have the following rights with respect to your personal information and PHI:

 

10.1 Right to Access and Obtain Copies. You have the right to access and obtain copies of your PHI that may be used to make decisions about your care, including:

• Medical and billing records

• Insurance information

• Clinical laboratory test results

• Medical images

• Other information used to make decisions about your care

 

We will provide access to your PHI in the form or format you request, if readily producible in such form or format, or if not, in a readable hard copy form or other form agreed upon by you and the Practice. If you request an electronic copy of PHI that is maintained electronically, we will provide you with access to the electronic information in the electronic form and format you request, if it is readily producible, or if not, in a readable electronic form and format as agreed upon by you and the Practice.

 

 

 

10.2 Right to Amend. You have the right to request that we amend your PHI if you believe it is incorrect or incomplete. Your request must be in writing and must include a reason supporting your request. We may deny your request in certain circumstances, such as if:

• The information was not created by us

• The information is not part of the records used to make decisions about you

• The information is not part of the information you are permitted to access

• We believe the information is accurate and complete

• If we deny your request, we will provide you with a written explanation and allow you to submit a statement of disagreement.

 

10.3 Right to an Accounting of Disclosures. You have the right to request an accounting of certain disclosures of your PHI made by us during the six years prior to your request. This accounting will not include disclosures:

• For treatment, payment, or healthcare operations

• Made to you or your personal representative

• Made pursuant to your written authorization

• For national security or intelligence purposes

• To correctional institutions or law enforcement officials

• That occurred prior to the compliance date

 

10.4 Right to Request Restrictions. You have the right to request restrictions on certain uses and disclosures of your PHI, including:

• Restrictions on our use or disclosure of your PHI for treatment, payment, or healthcare operations

• Restrictions on disclosures to family members or others involved in your care

• Restrictions on disclosures to your health plan for services paid out-of-pocket in full

 

We are not required to agree to your request unless you are asking us to restrict the use and disclosure of your PHI to a health plan for payment or healthcare operations purposes and the information pertains solely to an item or service for which you (or someone other than the health plan) have paid us in full. If we agree to your requested restriction, we will comply with it unless the information is needed to provide emergency treatment.

 

10.5 Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you by mail or at work. We will accommodate reasonable requests. Your request must specify how or where you wish to be contacted.

 

10.6 Right to a Paper Copy of This Notice. You have the right to a paper copy of this Privacy Policy, even if you have agreed to receive it electronically. You may ask us to give you a copy at any time.

 

10.7 Right to Opt-Out of Fundraising Communications. If we contact you for fundraising efforts, you have the right to opt-out of such communications.

 

10.8 Right to Notification of a Breach. You have the right to be notified if there is a breach of your unsecured PHI.

 

To exercise any of these rights, please submit your request in writing to our Privacy Officer at [INSERT CONTACT INFORMATION]. We are committed to responding to your requests in a timely manner and will not discriminate against you for exercising any of these rights.

 

1. CHILDREN'S PRIVACY

 

Our Website is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18 without appropriate parental consent. If you are a parent or guardian and believe we have collected information from your child under age 18 without your consent, please contact us immediately at [INSERT CONTACT INFORMATION], and we will take steps to remove such information and terminate the child's account.

 

For patients under the age of 18, we comply with all applicable laws regarding the privacy and confidentiality of minors' health information, including any state laws that provide additional protections or rights for minors seeking certain types of healthcare services.

 

1. THIRD-PARTY WEBSITES AND SERVICES

 

Our Website may contain links to third-party websites, plug-ins, services, social networks, or applications. Clicking on those links or enabling those connections may allow the third party to collect or share data about you. We do not control these third-party websites, and we are not responsible for their privacy statements or practices. When you leave our Website, we encourage you to read the privacy policy of every website you visit.

 

Examples of third-party services that may be integrated with our Website include:

• Payment processors

• Appointment scheduling systems

• Patient portal providers

• Social media platforms

• Analytics providers

• Marketing automation tools

• These third parties may have their own privacy policies governing how they use and disclose your personal information. We recommend reviewing the privacy policies of these third parties before providing any personal information.

 

1. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, and other factors. When we make changes to this Privacy Policy, we will update the "Last Updated" date at the top of this Privacy Policy and post the revised policy on our Website.

 

For material changes, we will provide notice through our Website or by other means, such as email to the email address specified in your account (if applicable), prior to the changes becoming effective. We encourage you to periodically review this Privacy Policy to stay informed about our information practices.

 

Your continued use of our Website after the revised Privacy Policy has become effective indicates that you have read, understood, and agreed to the current version of this Privacy Policy.

 

1. STATE-SPECIFIC PRIVACY RIGHTS

 

In addition to the rights described elsewhere in this Privacy Policy, you may have additional rights under state law. For example:

 

14.1 California Residents. California residents may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to delete personal information, the right to opt-out of the sale of personal information, and the right to non-discrimination for exercising these rights.

 

14.2 Virginia Residents. Virginia residents may have rights under the Virginia Consumer Data Protection Act (VCDPA), including the right to confirm whether we are processing their personal data, the right to access their personal data, the right to correct inaccuracies, the right to delete personal data, the right to obtain a copy of their personal data, and the right to opt out of certain processing.

 

14.3 Colorado Residents. Colorado residents may have rights under the Colorado Privacy Act (CPA), including the right to opt out of targeted advertising, the right to access their personal data, the right to correct inaccuracies, the right to delete personal data, and the right to data portability.

 

14.4 Other States. Residents of other states may have similar rights under applicable state privacy laws. Please contact our Privacy Officer at [INSERT CONTACT INFORMATION] for more information about your rights under state law.

 

1. HIPAA COMPLIANCE

 

As a healthcare provider, we are subject to the requirements of HIPAA and HITECH, which establish standards for the privacy and security of protected health information (PHI). Our Notice of Privacy Practices, available at [INSERT LINK], provides detailed information about how we may use and disclose your PHI, as well as your rights regarding your PHI under HIPAA.

 

This Privacy Policy is intended to supplement, not replace, our Notice of Privacy Practices. In the event of any conflict between this Privacy Policy and our Notice of Privacy Practices with respect to PHI, our Notice of Privacy Practices will control.

 CONTACT INFORMATION

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact our Privacy Officer at:

 

As of 1/6/2026

Full Spectrum Integrative Medicine

Attn: Privacy Officer 

20 Highlands Lane

Malvern, PA 19355

Phone: 610-557-8500

Email: Hello@fsim.health

​

As of 3/1/2026

Full Spectrum Integrative Medicine

Attn: Privacy Officer 

223 W. Lancaster Ave, Suite A

Devon, PA 19333

Phone: 610-557-8500

Email: Hello@fsim.health

 

For matters related to your PHI or to exercise your HIPAA rights, please contact our HIPAA Privacy Officer at the address above.

 

If you believe your privacy rights have been violated, you may file a complaint with our Practice or with the Secretary of the U.S. Department of Health and Human Services. To file a complaint with our Practice, contact our Privacy Officer at the address above. We will not retaliate against you for filing a complaint.