1. Overview

Iris Health Medical Group (“Iris Health,” “we,” “our,” or “us”) is committed to protecting the privacy and security of your personal and health information. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you engage with our medical services, website, patient portals, or affiliated digital platforms.

Our practices comply with applicable federal and state privacy laws, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

2. Information We Collect

We may collect the following categories of information:

Personal Identification Information

• Full name

• Date of birth

• Mailing address

• Email address

• Phone number

• Emergency contact information

• Insurance information (if applicable)

• Government-issued identification

Protected Health Information (PHI)

• Medical history

• Diagnoses and treatment plans

• Laboratory and diagnostic results

• Medication records

• Physician notes and care plans

• Appointment and visit history

Payment and Billing Information

• Credit or debit card details

• Billing address

• Transaction history

Technical and Usage Information

When interacting with our website or digital platforms:

• IP address

• Browser type

• Device identifiers

• Access times

• Pages viewed

3. How We Use Your Information

Your information may be used for the following purposes:

• To provide medical evaluation, diagnosis, and treatment

• To develop individualized care plans

• To coordinate care among healthcare providers

• To communicate with you regarding appointments, services, or treatment

• To process payments and manage billing

• To comply with legal and regulatory requirements

• To improve service delivery and patient experience

• To conduct internal quality assurance and administrative functions

We will only use or disclose your PHI as permitted or required by law.

4. Disclosure of Information

We may share your information in the following circumstances:

• With healthcare providers involved in your treatment

• With third-party service providers performing business operations on our behalf (e.g., billing, IT support, care coordination platforms)

• With authorized partners for care management or population health initiatives

• When required by federal, state, or local law

• In response to valid legal processes such as subpoenas or court orders

• To prevent serious threats to health or safety

All third-party partners handling PHI are contractually obligated to maintain confidentiality and comply with HIPAA standards through Business Associate Agreements (BAAs).

5. Data Security

Iris Health Medical Group implements administrative, technical, and physical safeguards designed to protect your personal and health information from unauthorized access, use, or disclosure. These measures include:

• Encrypted data transmission

• Secure storage systems

• Access control protocols

• Workforce training on privacy compliance

Despite these safeguards, no method of electronic transmission or storage is entirely secure. We encourage patients to take precautions when sharing sensitive information electronically.

6. Your Rights Under HIPAA

You have the right to:

• Access and obtain copies of your medical records

• Request corrections to inaccurate or incomplete information

• Request restrictions on certain uses or disclosures

• Receive confidential communications

• Request an accounting of disclosures

• File a complaint regarding privacy practices

Requests must be submitted in writing to the Privacy Officer at the contact information listed below.

7. Retention of Information

We retain patient information for the duration required to fulfill medical, legal, regulatory, and operational obligations in accordance with applicable laws and professional standards.

8. Third-Party Websites and Services

Our website or digital communications may contain links to third-party services. Iris Health Medical Group is not responsible for the privacy practices or content of external websites.

9. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. Changes will be posted on our website with an updated effective date.

10. Contact Information

For questions regarding this Privacy Policy or to exercise your privacy rights, please contact:

Privacy Officer
Iris Health Medical Group
2554 Millcreek Drive
Sacramento, CA, 95833
916-231-4747
info@irishealthgroup.com

This Privacy Policy is intended to comply with applicable healthcare privacy regulations and reflects Iris Health Medical Group’s commitment to maintaining the confidentiality and integrity of patient information.