Privacy Policy

Core Movement Chiropractic LLC DBA Gentle Care Chiropractic

21860 Willamette Dr., West Linn, OR 97068  |  (503) 650-2394

1. Who We Are

Core Movement Chiropractic LLC DBA Gentle Care Chiropractic ("we," "us," or "our") is a chiropractic healthcare practice located at 21860 Willamette Dr., West Linn, OR 97068. We are a covered entity under the Health Insurance Portability and Accountability Act (HIPAA) and are committed to protecting the privacy and security of your Protected Health Information (PHI).

2. Information We Collect

2.1 Protected Health Information (PHI)

As a healthcare provider, we collect and maintain health information necessary to provide you with quality care, including:

• Personal identifiers: name, date of birth, address, phone number, email address
• Health history: medical history, chief complaints, diagnosis, and treatment records
• Treatment records: chiropractic adjustments, massage therapy, physical rehabilitation, laser therapy, red light therapy, and nutritional supplement recommendations
• Diagnostic imaging: X-rays and associated reports
• Telehealth visit records
• Insurance information and billing records
• Payment information

2.2 Website & Digital Information

When you interact with our website or digital services, we may also collect:

• Contact form submissions (name, email, phone number, message)
• Online appointment booking information
• IP address and browser/device information
• Website usage data through cookies, Google Analytics, Google Ads, and the Facebook/Meta pixel
• SMS opt-in consent and phone number when you sign up for text reminders
• Email address when you subscribe to our newsletter or email communications

3. How We Use Your Information

3.1 Treatment

We use your PHI to provide, coordinate, and manage your healthcare and related services. This includes sharing necessary information with other healthcare providers involved in your care, such as specialists or referral providers, when clinically appropriate.

3.2 Payment

We use and disclose your PHI to obtain payment for services provided. This includes submitting claims to your health insurance carrier or third-party billing company, verifying insurance coverage, and collecting payment from you directly for services rendered.

3.3 Healthcare Operations

We may use your PHI for internal business activities necessary to operate our practice, including quality assessment, staff training, compliance reviews, and administrative functions.

3.4 Appointment Reminders & Communications

We may contact you using SMS/text messages, phone calls, or email to remind you of upcoming appointments, share health-related information, or follow up on your care. You may opt out of SMS messages at any time by replying STOP to any text message we send.

3.5 Digital Marketing & Analytics

Our website uses third-party tracking tools including Google Analytics, Google Ads, and the Facebook/Meta Pixel to understand how visitors interact with our site and to display relevant advertisements. These tools may collect anonymized data about your browsing behavior. This information is not your medical PHI and is governed by Google's and Meta's respective privacy policies. You may opt out of interest-based advertising through your browser settings or at www.aboutads.info.

3.6 Nutritional Supplements

If you purchase or receive recommendations for nutritional supplements as part of your care, relevant health information used to make those recommendations is treated as PHI and protected accordingly.

4. How We Share Your Information

4.1 Permitted Disclosures Without Your Authorization

HIPAA permits us to share your PHI without your written authorization in certain circumstances, including:

• With other treating healthcare providers involved in your care
• With your health insurance company or third-party billing service for payment purposes
• For public health activities required by law
• To comply with legal proceedings, court orders, or law enforcement requests
• To report abuse, neglect, or domestic violence as required by Oregon law
• For oversight activities by government agencies
• To avert a serious and imminent threat to health or safety
• For workers' compensation purposes

4.2 Disclosures Requiring Your Written Authorization

All other uses and disclosures of your PHI require your written authorization, including:

• Disclosure to employers (unless related to workers' compensation)
• Use of PHI for most marketing purposes
• Sale of PHI
• Psychotherapy notes (if applicable)
• Substance use disorder records — these require separate written consent except as required by law, court order, or medical emergency

4.3 Reproductive Health Information

We are committed to protecting the privacy of your reproductive health information. Consistent with updated HIPAA rules effective 2024, we will not disclose your reproductive PHI when requested for the purpose of investigating or penalizing individuals seeking, obtaining, or providing lawful reproductive healthcare.

4.4 Third-Party Service Providers (Business Associates)

We share PHI with certain third-party vendors who assist in operating our practice, including our Electronic Health Records (EHR) software provider, insurance billing company, and IT services. These vendors are required to sign a Business Associate Agreement (BAA) obligating them to protect your information in accordance with HIPAA.

4.5 No Sale of Information

We do not sell your PHI or your website data (including SMS opt-in information) to third parties for marketing purposes.

5. Your Privacy Rights

6. Cookies & Website Tracking

Our website uses cookies and similar tracking technologies. Cookies are small data files stored on your device that help us understand how the site is used and improve your experience.

• Session cookies expire when you close your browser and are used for basic site functionality
• Persistent cookies remain on your device and are used for analytics and advertising (e.g., Google Analytics, Facebook Pixel)
• You may disable cookies through your browser settings; however, some site features may not function properly

7. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your PHI and personal information from unauthorized access, use, or disclosure. These measures include:

• Access controls limiting PHI access to authorized staff only
• Encrypted transmission and storage of electronic PHI (ePHI)
• Secure EHR software with audit logging
• Staff training on HIPAA privacy and security practices
• Physical safeguards including locked files and restricted access areas

In the event of a data breach involving your unsecured PHI, we will notify you and the appropriate authorities as required by the HIPAA Breach Notification Rule within the required timeframes.

8. How Long We Retain Your Information

We retain patient medical records in accordance with Oregon state law, which generally requires retention for a minimum of 10 years from the date of last treatment (or until a minor patient reaches age 21, whichever is longer). Website interaction data and marketing analytics data are retained according to the applicable third-party platform policies.

9. Telehealth Services

Gentle Care Chiropractic offers telehealth/virtual visits to patients located in Oregon. During telehealth visits, the same privacy and security standards apply as with in-office visits. We use HIPAA-compliant telehealth platforms. You have the right to withdraw consent for telehealth services at any time.

10. Minors

Our website is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13 through our website. For minor patients, a parent or legal guardian must provide consent for treatment, and that guardian generally has the right to access the minor's PHI as permitted by Oregon law.

11. How to File a Privacy Complaint

If you believe your privacy rights have been violated, you may file a complaint with us or directly with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights. We will not retaliate against you for filing a complaint.

12. Changes to This Notice

We reserve the right to change this Notice and to make the revised Notice effective for PHI we already have as well as any information we receive in the future. We will post the current Notice in our office and on our website. You may request a copy of our current Notice at any time.