Healthcare As It Should Be
Terms and conditions

Please read these terms and conditions of use carefully before using this website.

By using partners.crossoverhealth.com (the “Website”), you signify your assent to these Terms and Conditions. If you do not agree to all of these Terms and Conditions of use, do not use this Website. Crossover Health is the owner of the Website and may revise and update these Terms and Conditions at any time. Your continued usage of the Website will mean you accept those changes.

Website Does Not Provide Medical Advice

The contents of the Website, such as scores, statistics, text, graphics, images, information, and other material contained or that may be contained on the Website (the “Content”) are for informational purposes only. The Content is not intended to be a substitute for professional medical advice, diagnosis, or treatment. Always seek the advice of your physician or other qualified health provider with any questions you may have regarding a medical condition. Never disregard professional medical advice or delay in seeking it because of something you have seen on the Website. If you think you may have a medical emergency, call your doctor or 911 immediately. Crossover Health does not recommend or endorse any specific tests, physicians, products, procedures, opinions, or other information. Reliance on any information provided by the Website is solely at your own risk.

Security

Crossover Health is committed to protecting your personal information. The Website contains many of the same types of security features as other secure websites such as banking websites including: encryption, registration requirements, authorization, and password protection. The Website has several tools that allow for the recording and storage of your information. You are responsible for taking all reasonable steps to ensure that no unauthorized person shall have access to your devices or passwords or accounts. It is your sole responsibility to: (1) control the dissemination and use of sign-in name, screen name and passwords; (2) authorize, monitor, and control access to and use of your account and password; (3) promptly inform Crossover Health if you believe your account or password has been compromised or if there is any other reason you need to deactivate a password. To send us an email, use the “Contact Us” links located at the bottom of every page of our Website. You grant Crossover Health and all other persons or entities involved in the operation of the Website the right to transmit, monitor, retrieve, store, and use your information in connection with the operation of the Website. Crossover Health cannot and does not assume any responsibility or liability for your or third parties’ use or misuse of information transmitted or received using the Website’s tools and services.

Liability

The use of the Website and the Content is at your own risk. When using the Website, while advanced technological safeguards are in place, information will be transmitted over a medium that may be beyond the control and jurisdiction of Crossover Health and its affiliates. Accordingly, Crossover Health assumes no liability for or relating to the delay, failure, interruption, or corruption of any data or other information transmitted in connection the with use of the Website. The Website and the Content are provided on an “as is” basis. CROSSOVER HEALTH, ITS LICENSORS, AFFLIATIATES, AND ITS SUPPLIERS, TO THE FULLEST EXTENT PERMITTED BY LAW, DISCLAIM ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT OF THIRD PARTIES’RIGHTS, AND FITNESS FOR PARTICULAR PURPOSE. Without limiting the foregoing, Crossover Health, its licensors, affiliates and its suppliers make no representations or warranties about the following: 1. The accuracy, reliability, completeness, currentness, or timeliness of the content, software, text, graphics, links, or communications provided on or through the use of the Website. 2. The satisfaction of any government regulations or compliance of any software tools with regard to the content contained on the Website. In no event shall Crossover Health, its licensors, affiliates, its suppliers, or any third parties mentioned on the Website be liable for any damages (including, without limitation, incidental and consequential damages, personal injury/wrongful death, lost profits, or damages resulting from lost data or business interruption) resulting from the use of or inability to use the Website or the Content, whether based on warranty, contract, tort, or any other legal theory, and whether or not Crossover Health, its licensors, its suppliers, or any third parties mentioned on the Website are advised of the possibility of such damages. Crossover Health, its licensors, affiliates, its suppliers, or any third parties mentioned on the Website shall be liable only to the extent of actual damages incurred by you, not to exceed U.S. $1000. Crossover Health, its licensors, its suppliers, or any third parties mentioned on the Website are not liable for any personal injury, including death, caused by your use or misuse of the Website or Content. Any claims arising in connection with your use of the Website or Content must be brought within one (1) year of the date of the event giving rise to such action occurred. Remedies under these Terms and Conditions are exclusive and are limited to those expressly provided for in these Terms and Conditions.

Copyright

Materials in the Website are protected by international trademark and copyright laws. You may use the materials on this Website for your personal, non-commercial purposes. You may not reproduce, duplicate, distribute (including by way of email, facsimile or other electronic means), publish, modify, copy or transmit material from the Website unless you have obtained Crossover Health’s prior written consent.

Online Content

You agree not to use the Website or any of its features for any purpose that is unlawful or prohibited by the Terms. You are personally responsible for the material that you send and for adhering to rules of conduct on any page of the Website. Crossover Health reserves the right to deny access to any part of the Website at our sole discretion.

Indemnity

You agree to defend, indemnify, and hold Crossover Health, its officers, directors, employees, agents, licensors, affiliates and suppliers, harmless from and against any claims, actions or demands, liabilities and settlements including without limitation, reasonable legal and accounting fees, resulting from, or alleged to result from, your violation of these Terms and Conditions.

Jurisdiction

You expressly agree that exclusive jurisdiction for any dispute with Crossover Health, or in any way relating to your use of the Website, resides in the courts of the State of California and you further agree and expressly consent to the exercise of personal jurisdiction in the courts of the State of California in connection with any such dispute including any claim involving Crossover Health or its affiliates, subsidiaries, employees, contractors, officers, directors, telecommunication providers, and content providers. These Terms and Conditions are governed by the internal substantive laws of the State of California, without respect to its conflict of laws principles. If any provision of these Terms and Conditions is found to be invalid by any court having competent jurisdiction, the invalidity of such provision shall not affect the validity of the remaining provisions of these Terms and Conditions, which shall remain in full force and effect. No waiver of any of these Terms and Conditions shall be deemed a further or continuing waiver of such term or condition or any other term or condition.

Complete Agreement

These Terms and Conditions constitute the entire agreement between you and Crossover Health with respect to the use of the Website and Content.

Privacy Policy

Crossover Health works to protect the integrity of its website and applications. Although Crossover Health uses the most up-to-date encryption technology, please be aware that unauthorized third parties could obtain illegal access to this site.

EFFECTIVE DATE: MAY 15, 2018

Collection and Use of Personal Information

Crossover Health will not collect your name, email address or other personal information unless you voluntarily provide it. Crossover Health will not sell, trade, rent or share personal information about you or other Website or Application visitors to any unaffiliated third party.

If you use http://gopartners.crossoverhealth.com, also known as the Crossover Health member website (the “Website”) or the Crossover Health Portal (the “Application”), Crossover Health may collect, use and store the following personal information:

  • First and Last Name
  • Company email address
  • Date of Birth
  • Password and log-in information
  • Collection and Use of Anonymous Information

If you use the Website or the Application, you consent to the collection and use of information as discussed below. Changes in this policy will be posted on this page so you will always know what information is being collected, how it is being used and under what circumstances it is being disclosed.

Crossover Health collects the following non-personal information about its Website and Application visitors on an aggregated basis:

  • Date and time of visit IP address (numbers that identify your Internet service provider or network)
  • Name of the Internet browser you used to visit the Website or Application
  • Pages visited and files downloaded on this Website or Application
  • Referring website (the last website you visited before coming to this Website or Application)
  • Search keywords used to find this Website or Application
  • Type of computer (PC or Mac) you used to visit this Website or Application

This information is used to improve your experience on the Website or Application. Crossover Health may make changes and updates to the Website or Application based on the collection of this information. Website administrators will gather this information and may report on broad user trends, site usage and popular web pages to Crossover Health.

Cookies

Our website(s) uses cookies to distinguish you from other users of our website. This helps us to provide you with an exceptional experience when you browse our website(s) and also allows us to improve our site. By continuing to use the site, you are agreeing to our use of cookies.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.

We use the following cookies:

  • Essential cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart, or make use of e-billing services.
  • Analytical/performance cookies. They allow us to recognize and count the number of visitors and to see how visitors move around our website(s). This helps us to improve the way our website(s) works, for example, by ensuring that users are finding what they are looking for easily
  • Functionality cookies. These are used to recognize you when you return to our website. This enables us to personalize our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).
  • Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website(s) and the content displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

You can find more information about the individual cookies we use and the purposes for which we use them in the table

CookieNamePurpose
Sessionrack.sessionThe Session cookie is used to maintain your login and other personalization while using the site. This cookie is considered essential for the proper use of the site.
Analytics _ga
_utm
_unam
_utma
_utmb
_utmc
_utmt
_utmz
_ga
_gid
NOTE: Only set and used by the Crossover Health corporate website and clinic micro-sites. The Patient Portal does not read/use this cookie. Analytical cookies are used to track your clicks as you browse the corporate website. This provides the Crossover teams with insight into how you use the site, which allows us to improve the site’s usefulness and performance.
identity Providercrossover-portal-#{$client}-identity-providerSome Crossover clients have elected to enable Identity Providers for their employees. This means those client’s employees may use their employer login/credentials to authenticate on Crossover’s Patient Portal. This cookie is used by our software to remember which Identity Provider you authenticate with. It will only be set for patients that choose to use their employer’s identity provider for authentication.
Stripe__stripe_mid, __stripe_sidStripe is a 3rd-party partner that provides highly secure, PCI-DSS compliant payment functions. These cookies are essential for payments within the Patient Portal to succeed. These cookies are used to maintain a link between your account and payment methods, as well as part of the communication between your browser and Stripe’s website during payment processing and “card-on-file” actions.
Notifications (Corp)wpfront-notification-bar-landingpageOn the corporate website only, we use this cookie to keep track of notifications displayed to visitors, as well as notifications that have been dismissed by the visitor.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. Please note, if you use your browser settings to block all cookies (including essential cookies) you will not be able to access all or parts of our website(s).

Safe Harbor

Crossover adheres to the principles set forth in the US-EU and US-Swiss Safe Harbor Frameworks with respect to its services. Information on both Safe Harbors may be found at www.export.gov/safeharbor. In compliance with the US-EU and US-Swiss Safe Harbor Principles, Crossover commits to resolve complaints about privacy and our collection or use of personal information. Citizens of the European Union or Switzerland with inquiries or complaints about privacy should contact Crossover at  privacy@partners.crossoverhealth.com. In the event of a dispute relating to data protection which cannot be resolved directly with Crossover, Crossover is committed to cooperating with the EU Data Protection Authorities and has registered with the U.S. Council for International Business to act as an independent recourse mechanism.

Contact Us

Crossover Health welcomes your questions and comments about privacy. Please feel free to send us an email at: privacy@partners.crossoverhealth.com.

Notice of Privacy Practices

Crossover Health Medical Group

Notice Of Privacy Practices (Effective Date: November 2018)

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

As required by the privacy regulations created as a result of the Health Insurance Portability and Accountability Act of 1996 (HIPAA):

A. Our commitment to your privacy:

Our practice is dedicated to maintaining the privacy of your individually identifiable health information (also called protected health information, or PHI). In conducting our business, we will receive information and create records regarding you and the treatment and services we provide to you. We are required by law to maintain the confidentiality of health information that identifies you. We also are required by law to provide you with this notice of our legal duties and the privacy practices that we maintain in our practice concerning your PHI. By federal and state law, we must follow the terms of the Notice of Privacy Practices that we have in effect at the time. We realize that these laws are complicated, but we must provide you with the following important information:

  • How we may use and disclose your PHI
  • Your privacy rights in your PHI
  • Our obligations concerning the use and disclosure of your PHI

The terms of this notice apply to all records containing your PHI that are created or retained by our practice. We reserve the right to revise or amend this Notice of Privacy Practices (the “Notice”). Any revision or amendment to the Notice will be effective for all of your records that our practice has created or maintained in the past, and for any of your records that we may create or maintain in the future. Our practice will post a copy of our current Notice in our clinics in a visible location at all times and on our website, and you may request a copy of our most current Notice at any time. We are required to abide by the terms of the notice currently in effect A revised Notice may be obtained by forwarding a written request to Crossover Health Medical Group, 101 W. Avenida Vista Hermosa Ste. 120, San Clemente, CA 92672.

B. Your personal information:

We keep records of the medical care we provide you, and we may receive similar records from others. We use this information so that we, or other health care providers, can render quality medical care, obtain payment for services and enable us to meet our professional and legal responsibilities to operate our medical practice. We may store this information in a chart and in our computers. This information makes up your medical record. The medical record is our property; however, this notice explains how we use information about you and when we are allowed to share that information with others.

C. Our privacy practices:

We have a HIPAA and Health Information Technology for Economic and Clinical Health (“HITECH”) Act Policy in place to help ensure your PHI is protected. Crossover Health Medical Group not only uses traditional methods to deliver care but also cutting edge technology to help deliver quality care to our patients. It is our policy to maintain reasonable and feasible physical, electronic and process safeguards to restrict unauthorized access to and protect the availability and integrity of your health information. Our protective measures may include secured office facilities, locked file cabinets, managed computer network systems and password protected accounts. Access to health information is only granted on a “need-to-know” basis. Once the need is established the access is limited to the minimum necessary information to accomplish the intended purpose. Our staff are required to comply with the policies and procedures designed to protect the confidentiality of your health information. Any staff member who violates our privacy policy is subject to disciplinary action.

D. If you have questions about this Notice, please contact:

101 W. Avenida Vista Hermosa Ste. 120

San Clemente, CA 92672

E. We may use and disclose your PHI in the following ways:

The following categories describe the different ways in which we may use and disclose your PHI.

1. Treatment. Our practice may use your PHI to treat you. For example, we may ask you to have laboratory tests (such as blood or urine tests), and we may use the results to help us reach a diagnosis. We might use your PHI in order to write a prescription for you, or we might disclose your PHI to a pharmacy when we order a prescription for you. Many of the people who work for our practice – including, but not limited to, our doctors and nurses – may use or disclose your PHI in order to treat you or to assist others in your treatment. Additionally, we may also receive and disclose your PHI to other health care providers for purposes related to your treatment.

2. Payment. Our practice may use and disclose your PHI in order to bill and collect payment for the services and items you may receive from us. In addition, and by way of example of disclosures for payment purposes, we may disclose your PHI to other health care providers and entities to assist in their billing and collection efforts.

3. Health care operations. Our practice may use and disclose your PHI to operate our business. As examples of the ways in which we may use and disclose your information for our operations, our practice may use your PHI to evaluate the quality of care you received from us, or to conduct cost-management and business planning activities for our practice. We may disclose your PHI to other health care providers and entities to assist in their health care operations.

4. Appointment reminders. Our practice may use and disclose your PHI to contact you and remind you of an appointment.

5. Treatment options. Our practice may use and disclose your PHI to inform you of potential treatment alternatives or other health-related benefits and services that may be of interest to you.

6. Health-related benefits and services. Our practice may use and disclose your PHI to inform you of health-related benefits or services that may be of interest to you.

7. Release of information to family/friends. Our practice may release your PHI to a friend or family member that is involved in your care, or who assists in taking care of you. However, any such disclosure will be subject to legal requirements and our HIPAA and HITECH Policy.

8. Disclosures required by law. Our practice will use and disclose your PHI when we are required to do so by federal, state or local law.

F. Use and disclosure of your PHI in certain special circumstances:

The following categories describe unique scenarios in which we may use or disclose your identifiable health information:

1. Public health risks. Our practice may disclose your PHI to public health authorities that are authorized by law to collect information for the purpose of:

  • Maintaining vital records, such as births and deaths;
  • Reporting child abuse or neglect;
  • Preventing or controlling disease, injury or disability;
  • Notifying a person regarding potential exposure to a communicable disease;
  • Notifying a person regarding a potential risk for spreading or contracting a disease or condition
  • Reporting reactions to drugs or problems with products or devices;
  • Notifying individuals if a product or device they may be using has been recalled;
  • Notifying appropriate government agency(ies) and authority(ies) regarding the potential abuse or neglect of an adult patient (including domestic violence); however, we will only disclose this information if the patient agrees or we are required or authorized by law to disclose this information; or
  • Notifying your employer under limited circumstances related primarily to workplace injury or illness or medical surveillance.

2. Health oversight activities. Our practice may disclose your PHI to a health oversight agency for activities authorized by law. Oversight activities can include, for example, investigations, inspections, audits, surveys, licensure and disciplinary actions; civil, administrative and criminal procedures or actions; or other activities necessary for the government to monitor government programs, compliance with civil rights laws and the health care system in general.

3. Lawsuits and similar proceedings. Our practice may use and disclose your PHI in response to a court or administrative order, if you are involved in a lawsuit or similar proceeding. We also may disclose your PHI in response to a discovery request, subpoena or other lawful process by another party involved in the dispute, but only if we have made an effort to inform you of the request or to obtain an order protecting the information the party has requested.

4. Law enforcement. We may release PHI if asked to do so by a law enforcement official:

  • Regarding a crime victim in certain situations, if we are unable to obtain the person’s agreement;
  • Concerning a death we believe has resulted from criminal conduct;
  • Regarding criminal conduct at our offices;
  • In response to a warrant, summons, court order, subpoena or similar legal process;
  • To identify/locate a suspect, material witness, fugitive or missing person; or
  • In an emergency, to report a crime (including the location or victim(s) of the crime, or the description, identity or location of the perpetrator).

5. Deceased patients. Our practice may release PHI to a medical examiner or coroner to identify a deceased individual or to identify the cause of death. If necessary, we also may release information in order for funeral directors to perform their jobs.

6. Organ and tissue donation. Our practice may release your PHI to organizations that handle organ, eye or tissue procurement or transplantation, including organ donation banks, as necessary to facilitate organ or tissue donation and transplantation if you are an organ donor.

7. Research. Our practice may use and disclose your PHI for research purposes in certain limited circumstances. We will obtain your written authorization to use your PHI for research purposes except when an Internal Review Board or Privacy Board has determined that the waiver of your authorization satisfies all of the following conditions: The use or disclosure involves no more than a minimal risk to your privacy based on the following:

  • (a) an adequate plan to protect the identifiers from improper use and disclosure; (b) an adequate plan to destroy the identifiers at the earliest opportunity consistent with the research (unless there is a health or research justification for retaining the identifiers or such retention is otherwise required by law); and (c) adequate written assurances that the PHI will not be re-used or disclosed to any other person or entity (except as required by law) for authorized oversight of the research study, or for other research for which the use or disclosure would otherwise be permitted;
  • The research could not practicably be conducted without the waiver; and
  • The research could not practicably be conducted without access to and use of the PHI.

8. Serious threats to health or safety. Our practice may use and disclose your PHI when necessary to reduce or prevent a serious threat to your health and safety or the health and safety of another individual or the public. Under these circumstances, we will only make disclosures to a person or organization able to help prevent the threat.

9. Military. Our practice may disclose your PHI if you are a member of U.S. or foreign military forces (including veterans) and if required by the appropriate authorities.

10. National security. Our practice may disclose your PHI to federal officials for intelligence and national security activities authorized by law. We also may disclose your PHI to federal and national security activities authorized by law. We also may disclose your PHI to federal officials in order to protect the president, other officials or foreign heads of state, or to conduct investigations.

11. Inmates. Our practice may disclose your PHI to correctional institutions or law enforcement officials if you are an inmate or under the custody of a law enforcement official. Disclosure for these purposes would be necessary: (a) for the institution to provide health care services to you, (b) for the safety and security of the institution, and/or (c) to protect your health and safety or the health and safety of other individuals.

12. Workers’ compensation. Our practice may release your PHI for workers’ compensation and similar programs.

13. Change of Ownership. In the event that our practice is sold or merged with another organization, your medical record will become the property of the new owner, although you will maintain the right to request that copies of your health information be transferred to another physician or medical group.

14. De-Identified Data. We may use or share your PHI once it has been “de-identified.” PHI is considered de-identified when it has been processed in such a way that it can no longer personally identify you.

15. Limited Data Sets. We may also use a “limited data set” that does not contain any information that can directly identify you. This limited data set may only be used for the purposes of research, public health matters or health care operations. For example, a limited data set may include your city, county and zip code, but not your name or street address.

G. Receiving PHI from providers, insurance entities, and their business associates:

We want to make you aware that, just as Crossover Health Medical Group uses and discloses certain PHI in your treatment, our operations and management and certain payment practices, Crossover Health Medical Group receives PHI from other healthcare entities and their business associates including but not limited to: medical files, charts, laboratory testing results, imagining results, and insurance claims data. PHI that is received and maintained by Crossover Health Medical Group from outside entities is subject to the protections of relevant law and our HIPAA and HITECH policy.

H. Your written permission:

Except as described in this Notice, or as otherwise permitted by law, we must obtain your written permission – called an authorization – prior to using or sharing health information that identifies you as an individual. If you provide an authorization and then change your mind, you may revoke your authorization in writing at any time. Once an authorization has been revoked, we will no longer use or share your health information as outlined in the authorization form; however you should be aware that we won’t be able to retract a use or disclosure that was previously made in good faith based on what was then a valid authorization from you. Except as specified above under the applicable state law of the practice location, we may not share your health information with your employer or benefit plan unless you provide us an authorization to do so.

I. Other Restrictions:

Under the applicable state law of the practice location, there may be additional laws regarding the use and disclosure of health information related to HIV status, communicable diseases, reproductive health, genetic test results, substance abuse, mental health and mental retardation. Generally, we will be bound by whatever law is more stringent and provides more protection for your privacy.

J. Your rights regarding your PHI:

You have the following rights regarding the PHI that we maintain about you:

1. Confidential communications. You have the right to request that our practice communicate with you about your health and related issues in a particular manner or at a certain location. For instance, you may ask that we contact you at home, rather than work. In order to request a type of confidential communication, you must make a written request to Crossover Health Medical Group, 101 W. Avenida Vista Hermosa Ste. 120, San Clemente, CA 92672 and inform us of the requested method of contact, or the location where you wish to be contacted. Our practice will accommodate reasonable requests. You do not need to give a reason for your request.

2. Requesting restrictions. You have the right to request a restriction in our use or disclosure of your PHI for treatment, payment or health care operations. Additionally, you have the right to request that we restrict our disclosure of your PHI to only certain individuals involved in your care or the payment for your care, such as family members and friends. We are not required to agree to your request; however, if we do agree, we are bound by our agreement except when otherwise required by law, in emergencies or when the information is necessary to treat you. In order to request a restriction in our use or disclosure of your PHI, you must make your request in writing to Crossover Health Medical Group, 101 W. Avenida Vista Hermosa Ste. 120, San Clemente, CA 92672. Your request must describe in a clear and concise fashion:

  • The information you wish restricted;
  • Whether you are requesting to limit our practice’s use, disclosure or both; and/or
  • To whom you want the limits to apply.

3. Inspection and copies. You have the right to inspect and obtain a copy of the PHI that may be used to make decisions about you, including patient medical records and billing records, but not including psychotherapy notes. You must submit your request in writing to Crossover Health Medical Group, 101 W. Avenida Vista Hermosa Ste. 120, San Clemente, CA 92672 in order to inspect and/or obtain a copy of your PHI. Our practice may charge a fee for the costs of copying, mailing, labor and supplies associated with your request. Our practice may deny your request to inspect and/or copy in certain limited circumstances; however, you may request a review of our denial. Another licensed health care professional chosen by us will conduct reviews.

4. Amendment. You may ask us to amend your health information if you believe it is incorrect or incomplete, and you may request an amendment for as long as the information is kept by or for our practice. To request an amendment, your request must be made in writing and submitted to Crossover Health Medical Group, 101 W. Avenida Vista Hermosa Ste. 120, San Clemente, CA 92672. You must provide us with a reason that supports your request for amendment. Our practice will deny your request if you fail to submit your request (and the reason supporting your request) in writing. Also, we may deny your request if you ask us to amend information that is in our opinion: (a) accurate and complete; (b) not part of the PHI kept by or for the practice; (c) not part of the PHI which you would be permitted to inspect and copy; or (d) not created by our practice, unless the individual or entity that created the information is not available to amend the information.

5. Accounting of disclosures. All of our patients have the right to request an “accounting of disclosures.” An “accounting of disclosures” is a list of certain non-routine disclosures our practice has made of your PHI for purposes not related to treatment, payment or operations. Use of your PHI as part of the routine patient care in our practice is not required to be documented – for example, the doctor sharing information with the nurse; or the billing department using your information to file your insurance claim. In order to obtain an accounting of disclosures, you must submit your request in writing to Crossover Health Medical Group, 101 W. Avenida Vista Hermosa Ste. 120, San Clemente, CA 92672. All requests for an “accounting of disclosures” must state a time period, which may not be longer than six (6) years from the date of disclosure. The first list you request within a 12-month period is free of charge, but our practice may charge you for additional lists within the same 12-month period. Our practice will notify you of the costs involved with additional requests, and you may withdraw your request before you incur any costs.

6. Right to a paper copy of this notice. You are entitled to receive a paper copy of our Notice. You may ask us to give you a copy of this Notice at any time. To obtain a paper copy of this Notice, contact Crossover Health Medical Group at (949) 891-0328.

7. Right to file a complaint. If you believe your privacy rights have been violated, you may file a complaint with our practice or with the Secretary of the Department of Health and Human Services. To file a complaint with our practice, contact Crossover Health Medical Group, 101 W. Avenida Vista Hermosa Ste. 120, San Clemente, CA 92672. All complaints must be submitted in writing. You will not be penalized for filing a complaint.

8. Right to provide an authorization for other uses and disclosures. Our practice will obtain your written authorization for uses and disclosures that are not identified by this Notice or permitted by applicable law. Any authorization you provide to us regarding the use and disclosure of your PHI may be revoked at any time in writing. After you revoke your authorization, we will no longer use or disclose your PHI for the reasons described in the authorization. Please note: we are required to retain records of your care.

Again, if you have any questions regarding this Notice or our health information privacy policies, please contact Crossover Health Medical Group at (949) 891-0328.

I acknowledge that I have received the Notice of Privacy Practices for Crossover Health Medical Group, and have been provided an opportunity to review it. If you have any questions or would like a hard copy of this Notice, please ask for one at the front desk or contact Crossover Health Medical Group at (949) 891-0328.

Notice to California Consumers

Effective Date: January 1, 2020

Last Updated on: January 27, 2021

This Privacy Policy for California Residents (“Policy”) supplements the information contained in Crossover Health’s Notice of Privacy Practices https://partners.crossoverhealth.com/notice-of-privacy-practices and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”). Any terms defined in the CCPA have the same meaning when used in this Policy.

This Policy does not apply to workforce-related personal information collected from California-based employees, job applicants, contractors, or similar individuals.

Information We Collect

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:

  • Publicly available information from government records;
  • Deidentified or aggregated consumer information;
  • Information excluded from the CCPA’s scope, such as:
    • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data, or other qualifying research data;
    • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

We have collected the following categories of personal information from consumers within the last twelve (12) months:

CategoryExamplesCollected
A. Identifiers.Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.Yes
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.Yes
C. Protected classification characteristics under California or federal law.Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). No
D. Commercial information.Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.No
E. Biometric information.Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.No
F. Internet or other similar network activity.Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.Yes
G. Geolocation data.Physical location or movements.Yes
H. Sensory data.Audio, electronic, visual, thermal, olfactory, or similar information.No
I. Professional or employment-related information.Current or past job history or performance evaluations.No
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.No
K. Inferences drawn from other personal information.Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.Yes

We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from you. For example, from forms you complete or services you use.
  • Indirectly from you. For example, from observing your actions on our Website.

Use of Personal Information

We use or disclose the personal information we collect for one or more of the following purposes:

  • To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to ask a question about our products or services, we will use that personal information to respond to your inquiry. We may also save your information to facilitate services.
  • To provide, support, personalize, and develop our Website, products, and services.
  • To create, maintain, customize, and secure your account with us.
  • To process your requests and transactions and prevent transactional fraud.
  • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
  • To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, through our Website, and via email (with your consent, where required by law)
  • To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business.
  • For testing, research, analysis, and product development, including to develop and improve our Website, products, and services.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Sharing Personal Information

We may share your personal information by disclosing it to a third party for a business purpose. We only make these business purpose disclosures under written contracts that describe the purposes for disclosure, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, we have disclosed personal information for a business purpose to the following categories of third parties:

  • Service providers
  • Marketing/advertising partners

Disclosures of Personal Information for a Business Purpose

In the preceding twelve (12) months, Crossover Health has disclosed the following categories of personal information for a business purpose:

X Identifiers
X Personal Information described in Cal. Civ. C. 1798.80(e)
Characteristics of Protected Classifications under California or federal law
Commercial Information
Biometric Information
X Internet or other Electronic Network Activity
Geolocation Data
Sensory Data
Professional or Employment-Related Information
Education Information
X Inference Drawn from Personal Information

Sharing Personal Information

We disclose your personal information for a business purpose to the following categories of third parties:

  • Service providers
  • Marketing/advertising partners

Sale of Personal Information

In the preceding twelve (12) months, Company has not sold personal information.

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the “right to know”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
    • sales, identifying the personal information categories that each category of recipient purchased; and
    • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
  • The specific pieces of personal information we collected about you (also called a data portability request).

Right to Delete

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.

Exercising Your Rights to Know or Delete

To exercise your rights to know or delete described above on behalf of yourself or a dependent child, please submit a request by either:

  • Emailing us at privacy@partners.crossoverhealth.com.
  • Writing us at Crossover Health, 101 W. Ave. Vista Hermosa, San Clemente, CA 92672, Attention: Privacy.

Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information.

You may only submit a request to know twice within a 12-month period. Your request to know or delete must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include address, date of birth, and other identifying information as well information establishing your authority to act on behalf of a minor or other individual;

  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

You do not need to create an account with us to submit a request to know or delete. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.

We will only use personal information provided in the request to verify the requestor’s identity or authority to make it.

Response Timing and Format

We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact us at privacy@partners.crossoverhealth.com.

We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.

We will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Changes to Our Privacy Policy

We reserve the right to amend this privacy policy at our discretion and at any time. When we make changes to this privacy policy, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.

Contact Information

If you have any questions or comments about this notice, the ways in which Crossover collects and uses your information described here and in our Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Email: privacy@partners.crossoverhealth.com

Postal Address:

101 W. Avenida Vista Hermosa, Suite 120,

San Clemente, CA 92672

Attn: Privacy

If you need to access this Policy in an alternative format due to having a disability, please contact us at privacy@partners.crossoverhealth.com or the above address.