Privacy Policy

Last Updated: December 2025

1. Introduction

Rooted Health Online ("we," "our," or "us") is committed to protecting your privacy and maintaining the security of your personal health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

2. HIPAA Compliance

As a healthcare provider, we comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations. Your protected health information (PHI) is kept confidential and secure in accordance with HIPAA Privacy and Security Rules.

Your Rights Under HIPAA:

  • Right to Access: You have the right to inspect and obtain a copy of your health records.
  • Right to Amend: You may request corrections to your health information if you believe it is incorrect or incomplete.
  • Right to an Accounting: You may request a list of certain disclosures of your health information.
  • Right to Request Restrictions: You may request restrictions on certain uses and disclosures of your health information.
  • Right to Confidential Communications: You may request to receive communications of PHI by alternative means or at alternative locations.

3. Information We Collect

3.1 Personal Health Information

When you apply for our services or become a client, we collect:

  • Contact information (name, email, phone number, location)
  • Demographic information (age range)
  • Health history and current health concerns
  • Lab results and test interpretations
  • Treatment plans and progress notes
  • Payment information for billing purposes

3.2 Website Usage Information

We automatically collect certain information when you visit our website:

  • IP address and browser type
  • Pages visited and time spent on pages
  • Referring website addresses
  • Device information

4. How We Use Your Information

4.1 Treatment Purposes

We use your health information to:

  • Provide, coordinate, and manage your healthcare services
  • Develop and implement treatment plans
  • Communicate with you about your health and treatment
  • Order and interpret lab tests
  • Recommend supplements and therapeutic protocols

4.2 Payment and Operations

We may use your information for:

  • Processing payments and billing
  • Quality improvement and program evaluation
  • Internal business operations
  • Compliance with legal and regulatory requirements

4.3 Marketing (With Your Consent)

With your explicit consent, we may:

  • Send you newsletters about health topics
  • Notify you of new programs or services
  • Request testimonials (always anonymized unless you provide written consent to use your name)

You may opt out of marketing communications at any time.

5. How We Share Your Information

5.1 Limited Disclosures

We will never sell your personal health information. We may share your information only in these limited circumstances:

  • With Your Written Authorization: We will obtain your written consent before using or disclosing your health information for purposes other than treatment, payment, or healthcare operations.
  • Treatment Coordination: With other healthcare providers involved in your care (e.g., ordering physicians, specialist referrals) only as necessary for your treatment.
  • Business Associates: With third-party service providers who help us operate our practice (e.g., secure portal providers, payment processors, supplement dispensaries). These parties are contractually bound to protect your information and use it only for the services they provide to us.
  • Legal Requirements: When required by federal, state, or local law, including:
    • In response to a court order or subpoena
    • To report suspected abuse, neglect, or domestic violence
    • To prevent a serious threat to health or safety
    • For public health activities (e.g., disease reporting)

6. Data Security

We implement appropriate technical, administrative, and physical safeguards to protect your information:

  • Encryption: All data transmission is encrypted using SSL/TLS protocols
  • Secure Storage: Client records are stored on HIPAA-compliant, encrypted servers
  • Access Controls: Only authorized personnel have access to health information, limited to what is necessary for their role
  • Regular Audits: We regularly review our security practices and update them as needed
  • Training: All staff members receive HIPAA privacy and security training

7. Data Retention

We retain your health records for a minimum of 7 years from the date of your last service, or as required by applicable federal and state laws. After this period, records are securely destroyed.

8. International Clients

If you are located outside the United States, please be aware that your information will be transferred to and processed in the United States. By using our services, you consent to this transfer and processing.

9. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

10. Your Choices and Rights

Access Your Information

You may request access to your health records at any time by emailing hello@rootedhealthonline.com. We will provide copies within 30 days of your request.

Request Corrections

If you believe any information in your health record is incorrect or incomplete, you may request an amendment.

Opt-Out of Marketing

You may unsubscribe from our marketing emails by clicking the "unsubscribe" link in any email or by contacting us directly.

Request Deletion

You may request deletion of your health records, subject to legal retention requirements. We will honor deletion requests where legally permissible.

11. Cookies and Tracking

Our website uses cookies and similar tracking technologies to improve your experience:

  • Essential Cookies: Necessary for website functionality
  • Analytics Cookies: Help us understand how visitors use our site (Google Analytics)
  • Marketing Cookies: May be used if you arrive via advertising platforms

You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality.

12. Third-Party Services

Our website and practice may use the following HIPAA-compliant third-party services:

  • Secure Client Portal: For messaging and document sharing
  • Payment Processing: Stripe or similar PCI-compliant processors
  • Video Conferencing: HIPAA-compliant video platforms for sessions
  • Supplement Dispensary: Fullscript for professional-grade supplement access

Each of these services has signed a Business Associate Agreement (BAA) with us, ensuring they protect your information according to HIPAA standards.

13. Breach Notification

In the unlikely event of a breach of your unsecured protected health information, we will notify you without unreasonable delay and no later than 60 days after discovery of the breach, as required by HIPAA.

14. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. We will post the updated policy on this page with a new "Last Updated" date. We will notify active clients of material changes via email.

15. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or need to file a complaint, please contact:

Dr. Nicole Maxwell, NMD
Privacy Officer
Rooted Health Online
Email: hello@rootedhealthonline.com

Filing a Complaint

If you believe your privacy rights have been violated, you have the right to file a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights:

Office for Civil Rights
U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201
Phone: 1-877-696-6775
Website: www.hhs.gov/ocr/privacy/hipaa/complaints/

You will not be retaliated against for filing a complaint.

Return to Home