Company Information
We are Herman Rus Medical Professional Corporation dba Soft Reboot Wellness, a California medical professional corporation (“SRW”, “Company”, “We”, “Our” and “Us”). SRW provides ketamine treatments. We operate the website www.softrebootwellness.com (“Website”).
We at SRW value and respect your privacy. This privacy policy (“Privacy Policy”) explains how We use the personal data that We gather through or related to your use of Our Website and the measures We take to protect the security of this information. It applies to all personal information processed by Us in connection with or as part of providing services or engaging in written or electronic communications with you. It does not describe how we collect or used your Protected Health Information (as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) which is covered by our Notice of HIPAA Privacy Practices [insert link here] and explains SRW’s privacy practices with respect to your Protected Health Information. You should read this policy carefully to get a clear understanding of how We collect, use, protect or otherwise handle your personal data. Currently, We use your personal information for your medical care, to schedule appointments, to collect payments, to contact you and provide you with information related to your appointments.
We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request or to provide your best user experience.
We take precautions to protect your information. When you submit sensitive or confidential information via this website, your information is protected both online and offline.
This Privacy Policy, together with Our Notice of HIPAA Privacy Practices, Medical Terms of Service, and General Terms of Use, set forth the legal terms and conditions on which We allow you to access Our Website. By accessing, browsing or otherwise using our Website, you accept this Privacy Policy as well as the General Terms of Use and Social Media Terms of Use, without limitation or qualification. If you do not accept this Privacy Policy, you are not entitled to access or use the Website and you should leave the Website immediately.
1. Protecting Your Privacy
When you visit the Website, we use reasonable security measures to protect the confidentiality of personal information under our control and appropriately limit access to it. We use a variety of information security measures to protect your online transactions with us. SRW uses encryption technology to protect your personal information during data transport. SRW cannot ensure or warrant the security of any information you transmit to us, and you do so at your own risk. We take reasonable steps to ensure the integrity and confidentiality of personally identifiable information that you may provide. Electronic transmissions via the Internet are not necessarily protected from interception, so we cannot absolutely guarantee the security or confidentiality of such transmissions.
2. What personal data do we collect?
2.1 We may collect the following information:
2.1.1 Information that you provide to us (e.g., by scheduling an appointment on the Website or contacting us).
- Your name and contact details (including telephone number, address, and email address);
- Expressed personal preferences (e.g., communications and language settings);
- Correspondence and communications between us and you; and
Healthcare information.
2.1.2 Information we collect from your use of the Website
We may automatically collect the following information:
- Technical information, including your computer’s IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
- Information about your visit, including the URL clickstream to, through and from our Website (including date and time); page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
2.2 Where permitted by applicable law, we may also collect ancillary information either directly or from third-party sources (e.g., business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers and credit reference agencies) and may combine it with your personal data for the purposes described in this Privacy Policy.
2.3 You do not have to provide personal data to access the Website or our social media channels but certain functionality may not otherwise be available to you.
2.4 You confirm that all information you provide to Us at any time is true, accurate and complete.
2.5 You must not provide information about anyone else unless you have that party’s permission to do so.
3. Why do we need your personal data?
3.1 We may use your personal data for the following reasons:
- Website and business analysis, administration and management;
- Allowing you to participate in the interactive features of the Website (e.g., accessing social network platforms);
- To give you information related to appointments;
- Processing payments;
- Customizing the Website to suit your preferences; and
- Keeping our Website secure.
3.2 We may share your information with other SRW affiliates and service providers for the purposes outlined in this Privacy Policy. We do not sell or rent lists or otherwise disclose personal information that we collect about you, except as provided herein.
3.3 We may also disclose personal data to third parties in the following circumstances, subject to Notice of HIPAA Privacy Practices:
- Third parties (such as social networks), where you direct us to do so. Your personal data will become subject to the privacy policies of those third parties when it is shared with them. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statement(s);
- If We or substantially all of Our assets are acquired by a third party, personal data held by Us will be one of the transferred assets that may be disclosed to the prospective and eventual buyers subject to the Notice of HIPAA Privacy Practices; or
- If We are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use or any other agreements; or to protect the rights, property, or safety of SRW or SRW’s affiliates, Our customers, or others. This includes exchanging information with other companies and organizations for the purpose of fraud protection and credit risk reduction.
3.4 In carrying out the above activities, we may transfer your personal data. Wherever we transfer your personal data, we will take steps to safeguard it.
3.5 By submitting your personal data, you agree to us transferring, storing or processing your personal data as outlined above.
3.6 We will retain your personal data for as long as it is necessary to fulfill the purposes outlined in this Privacy Policy.
4. Cookies
4.1 Our Website uses cookies, which are small text files that are placed within your computer with your permission. Cookies allow Us to understand how Our Website is used and to improve it. They also allow us to recognize you when you use the Website and to provide you with a positive browsing experience. By using the Website, you agree that we may use cookies for these purposes.
4.2 The cookies that we use can be categorized as follows:
Strictly necessary cookies are essential for your use of the Website and its features. We have to use these cookies to make the Website work as it should, whether or not you agree to cookies being used.
Performance cookies collect information about how visitors use the Website, so that We can understand how Our Website is used. We may use Google Analytics or other programs for this purpose: https://developers.google.com/analytics/resources/concepts/gaConceptsCookies.
Functionality cookies allow the Website to remember you in order to provide enhanced customized features (e.g., language preferences).
Social media cookies are used when you share information using a social media sharing button or “like” button on the Website or engage with us on or through social networking websites such as Facebook, which may link your use of our Website to targeting/advertising activities. We do not control how these social networks use cookies.
4.3 To find out more about cookies, visit: http://www.allaboutcookies.org/manage-cookies/. Your browser settings may allow you to choose not to receive any cookies: you should consult the ‘Help’ section of your browser for more information. By rejecting or disabling cookies, certain Website content or functionality may not be available to you.
5. Keeping your personal data secure
5.1 We take steps to ensure that your personal data is protected against unauthorized loss or disclosure. However, the transmission of information via the internet is not completely secure. We cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately misused, accessed, disclosed, altered, lost or destroyed.
5.2 Our Website may contain links to and from third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that We do not accept any responsibility or liability for these policies or how those third parties may use your personal data. Please check these policies before you submit any personal data to these websites.
5.3 We do not knowingly collect information about anyone under 18 years of age or the age of majority in your state of residence. By using this site, you represent that you are at least the age of majority in your state of residence, or that you are the age of majority in your state of residence and you have given Us your consent to allow any of your minor dependents to use this site.
6. Third Parties
6.1 We sometimes use third-party companies and individuals to perform functions for Us, including, but not limited to, form submissions, processing credit card payments, social media, and following up with you. We disclose personal information to such third parties only to the extent necessary to schedule appointments, charge your credit card, provide customer service, and send announcements to you.
6.1.1. Osmind. SRW uses Osmind for telehealth communications which is HIPAA compliant. Information can be found here: Osmind’s Privacy Policy
6.2.2 Klara: SRW uses Klara for telehealth communications which is HIPAA compliant. Information can be found here: Klara’s Privacy Policy
6.2.3 Social Media: Our Website links to Our Facebook and Instagram accounts. The privacy policies and other policies for Facebook can be viewed at https://www.facebook.com/policy.php. The privacy policies and other policies for Instagram can be viewed at https://help.instagram.com/519522125107875. Your use of the social media channels may result in the collection or sharing of information about you by those social media channels. We have no control over, and decline all responsibility for, the use of your personal data by these third parties. Your use of social media channels, including your interactions with Us on social media, are at your discretion.
7. Your rights
7.1 In accordance with applicable law, users of our Website may have the right to:
- access the personal data that We hold about you;
- request that We correct, amend or update your personal data; and
- request that We stop using your information for marketing purposes and, in certain circumstances, that We stop using your personal data altogether.
7.2 You may have additional rights under your local law.
7.3 Please contact hello@softrebootwellness.com for any requests.
8. California Do Not Track Notice
8.1 Under California law, website and online service operators are required to disclose how they respond to web browser “do not track” signals or other similar mechanisms that provide consumers the ability to exercise choice regarding the collection of personal information about a consumer’s online activities over time and across third-party websites, to the extent the operator engages in that collection. At this time, We do not track our customers’ personal information over time and across third-party websites and therefore this requirement does not apply to Us.
8.2 California law also requires website and online service operators to disclose whether third parties may collect personal information about their users’ online activities over time and across different sites when the users use the operator’s website or service. Third parties that have content or services on Our site such as a social feature, analytics service, or an advertising network partner, may obtain information about your browsing or usage habits but this information does not include personal information. We do not knowingly permit such third parties to collect any personal information from Our site unless you directly provide it to Us and We provide it to them with your consent.
8.3 California Privacy Notices: If you are a California resident under 18 years old and a registered user of the Site, you can request that we remove content or information that you have posted to Our website. Please note that responding to your request may not ensure complete or comprehensive removal from our website (e.g., if the content or information has been reposted by another user). To request removal of content or information, please contact us at the address, telephone or email below.
8.4 Under California Law, residents have the deletion rights as set forth below:
- Right to Know. You have the right to know the personal information We collect, use, disclose, and sell about you. You have the right to request in writing from Us a copy of the categories of personal information We have collected about you, the categories of sources from which We collected such information, why We collected that information, the categories of third parties with whom We shared your personal information, the categories of personal information that We disclosed about you for a business purpose, and the specific pieces of Personal Information We have collected about you. Please note that we are only required to respond twice per calendar year to your Rights to Know.
- Right to Deletion. You have the right to request that We delete any Personal Information We have collected from you or maintain about you. However, We are not required to comply with such requests if it is necessary for Us or Our partners to maintain the Personal Information in order to:
– complete the transaction for which the Personal Information was collected;
– detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity;
– debug to identify and repair errors that impair existing intended functionality;
– exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
– comply with the California Electronic Communications Privacy Act;
– engage in public or peer-reviewed scientific, historical, or statistical research in the public interest;
– comply with a legal obligation; or
– use personal information internally in a lawful manner that is compatible with the context in which a California resident provided the information and is reasonably aligned with the expectations of the resident based on the resident’s relationship with the business. - Right to Opt-Out of the Sale of Your Personal Information. If a business sells your personal information you have the right to opt-out of having your Personal Information sold. We do not sell any of your personal information.
- Right to Non-Discrimination. We will not discriminate against those who exercise their Rights. Specifically, if you exercise your rights, We will not deny you goods or services, charge you different prices or rates for goods or services or provide you a different level or quality of goods or services.
Your Right to Know and Right to Deletion are not absolute and are subject to certain exceptions. For instance, We cannot disclose specific pieces of personal information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of the personal information, your account with us or the security of the business’s systems of networks.
Contact hello@softrebootwellness.com to submit requests under this section.
9. Contacting Us.
If you have any questions about the Website or this Privacy Policy, please contact Us via email at hello@softrebootwellness.com.
Thank you for visiting our Website.
Privacy Policy last updated 2/10/2021. Any changes to this Privacy Policy will be posted on this page. We reserve the right to modify this Privacy Policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website.
HIPAA Notice of Privacy Practices
As required by the Privacy Regulations Promulgated Pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)
Effective Date: 1/24/2021
Under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) SRW must ask each of our patients to acknowledge receipt of our Notice of HIPAA Privacy Practices. The Notice is published on the SRM website and is available at SRW. You acknowledge receipt of the Notice by clicking on the “I Acknowledge Receipt of the Notice of HIPAA Privacy Practices” button, or by indicating your acknowledgement in another written or digital manner provided. You can receive a copy of the Notice by asking for one at a SRW, or by printing one from our website at any time.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
We are Herman Rus Medical Professional Corporation dba Soft Reboot Wellness, a California medical professional corporation (“SRW”, “Company”, “we”, “our” and “us”). SRW provides ketamine treatments. We operate the website www.softrebootwellness.com (“Website”). When We refer to “you” or “your” We mean you, the person accessing or using Our Website.
These HIPAA Notice of Privacy Practices (“Notice of Privacy Practices”), together with Our General Terms of Use, Privacy Policy, and Medical Terms of Service, set forth the legal terms and conditions on which We allow you to access and use Our Website. By accessing, browsing, or otherwise using Our Website, you accept these Terms, and the Privacy Policy without limitation or qualification.
This Notice of Privacy Practices describes how we may use and disclose your protected health information (PHI) to carry out treatment, payment or health care operations and for other purposes that are permitted or required by law. It also describes your rights to access and control your protected health information. “Protected health information” is information about you, including demographic information, that may identify you and that relates to your past present or future physical or mental health or condition and related health care services. It includes information that SRW creates or receives regarding your health or payment for healthcare services. It includes your medical records and personal information including your name, address, phone number, financial information, and social security number.
Under HIPAA, SRW is required to:
- Maintain the privacy of your PHI;
- Provide you with this Notice of Privacy Practices detailing our PHI practices and duties and give you a copy of the Notice;
- Notify you in the case of any breach of your PHI; and
- Follow the practices and procedures in this Notice.
I. Uses and Disclosures of Protected Health Information:
Your protected health information may be used and disclosed by our organization, our office staff and others outside of our office that are involved in your care and treatment for the purpose of providing health care services to you, to pay your health care bills, to support the operation of the organization, and any other use required by law.
A. When your authorization to use and disclose your PHI is not required
- Treatment: We will use and disclose your protected health information to provide, coordinate, or manage your health care and any related services. This includes the coordination or management of your health care with a third party. For example, your protected health information may be provided to a physician to whom you have been referred to ensure that the physician has the necessary information to diagnose or treat you.
- Payment: Your protected health information will be used, as needed, to obtain payment for your health care services. For example, obtaining approval for equipment or supplies coverage may require that your relevant protected health information be disclosed to the health plan to obtain approval for coverage.
- Healthcare Operations: We may use or disclose, as needed, your protected health information in order to support the business activities of our organization. These activities include, but are not limited to, quality assessment activities, employee review activities, accreditation activities, and conducting or arranging for other business activities. For example, we may disclose your protected health information to accrediting agencies as part of an accreditation survey. We may also call you by name while you are at our facility. We may use or disclose your protected health information, as necessary, to contact you to check the status of your equipment. We may disclose your PHI to other individuals (including attorneys) and organizations that help us with our business activities. Any individual or organization that we share PHI with must agree to protect your privacy.
B. We may use or disclose your protected health information in the following situations without your authorization:
- As required by law: When we are required by applicable law, including workers’ compensation laws.
- Public health and safety: To an authorized public health authority or individual to:
– Protect public health and safety.
– Prevent or control disease, injury, or disability.
– Report vital statistics such as births or deaths.
– Investigate or track problems with prescription drugs and medical devices. - Abuse or neglect – To government entities authorized to receive reports regarding abuse, neglect, or domestic violence.
- Minors – In general, parents and legal guardians are legal representatives of minor patients. However, in certain circumstances, as dictated by state law, minors can act on their own behalf and consent to their own treatment. In general, we will share the PHI of a patient who is a minor with the minor’s parents or guardians, unless the minor could have consented to the care themselves (except where parental disclosure may be required per applicable law).
- Oversight agencies – To health oversight agencies for certain activities such as audits, vital records, workers compensation, organ/tissue donation requests/responses, examinations, investigations, inspections, and licensures.
- Legal proceedings – In the course of any legal proceeding or in response to an order of a court or administrative agency and in response to a subpoena, discovery request, or other lawful process.
- Law enforcement – To law enforcement officials in certain circumstances for law enforcement purposes. By way of example and without limitation, disclosures may be made to identify or locate a suspect, witness, or missing person; to report a crime; or to provide information concerning victims of crimes.
- Research – We may disclose health information about you for research purposes, subject to the confidentiality provisions of state and federal law. In most cases, we will ask for your written authorization before using your PHI or sharing it with others in order to conduct research. However, under some circumstances, we may use and disclose your PHI without your written authorization if an Institutional Review Board (IRB), applying specific criteria, determines that the particular research protocol poses minimal risk to your privacy. Under no circumstances, however, would we allow researchers to use your name or identity publicly without your authorization. We may release your PHI without your written authorization to people who are preparing a future research project as long as any information identifying you does not leave SRW. Enrollment in a research study is completely voluntary, will not affect your treatment or welfare, and your PHI will continue to be protected.
- National Security
- If related to Food and Drug Administration Requirements
C We may also use or disclose your PHI without your authorization in the following miscellaneous circumstances:
- Contacting you directly: SRW may use your PHI to contact you by email, phone or text message for appointment reminders, information relating to treatment, or other health related information that may be of interest to you.
- Osmind account: Certain PHI (including information about your treatment, appointments and medication records) will be accessible to you through your Osmind account or by email.
- Family and friends: To a member of your family, a relative, a close friend—or any other person you identify or designate who is directly involved in your healthcare—when you are either not present or unable to make a healthcare decision for yourself and we determine that disclosure is in your best interest. We will also assume that we may disclose PHI to any person you permit to be physically present with you as we discuss your PHI with you. For example, we may disclose PHI with a person you bring with you to your appointments. If you can object to having your PHI shared with such person(s), please let us know.
- In the waiting area of our office: When you join us in our office, we may call your name aloud in the waiting area. If you do not wish to have your name called aloud, please tell the front desk admin and we will make adjustments to meet your request.
- Treatment alternatives: To communicate with you about treatment services, options, or alternatives.
- De-identified information: If information is removed from your PHI so that you cannot be identified, except as prohibited by law.
- Disaster relief – To an authorized public or private entity for disaster relief purposes. For example, we might disclose your PHI to help notify family members of your location or general condition.
- Threat to health or safety – To avoid a serious threat to the health or safety of yourself and others.
D. Other Permitted and Required Uses and Disclosures Will Be Made Only with Your Consent, Authorization or Opportunity to Object, unless required by law.
You make revoke this authorization, at any time, in writing, except to the extent that your physician or this organization has taken an action in reliance on the use or disclosure indicated in the authorization.
II. Your Rights: Following is a statement of your rights with respect to your protected health information.
- You have the right to inspect and copy your protected health information. Under federal law, however, you may not inspect or copy the following records; psychotherapy notes; information compiled in reasonable anticipation of, or use in, a civil, criminal, or administrative action or proceeding, and protected health information that is subject to law that prohibits access to protected health information.
- You have the right to request a restriction of your protected health information. This means you may ask us not to use or disclose any part of your protected health information for the purposes of treatment, payment or healthcare operations. You may also request that any part of your protected health information not be disclosed to family members or friends who may be involved in your care or for notification purposes as described in this Notice of Privacy Practices. Your request must state the specific restriction requested and to whom you want the restriction to apply.
Our organization is not required to agree to a restriction that you may request. If our organization believes it is in your best interest to permit use and disclosure of your protected health information, your protected health information will not be restricted. You then have the right to use another Healthcare Professional. - You have the right to request to receive confidential communications from us by alternative means or at an alternative location. You have the right to obtain a paper copy of this notice from us, upon request, even if you have agreed to accept this notice alternatively, e.g., electronically.
- You may have the right to have our organization amend your protected health information. If we deny your request for amendment, you have right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal.
- You have the right to receive an accounting of certain disclosures we have made, if any, of your protected health information.
You have the right to choose someone to act for you. If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will confirm the person has the authority and can act for you before we take any action. - You have the right to receive written notification of any breach of your unsecured PHI.
- You have the right to request a paper copy of this Notice.
III. Complaints: You may complain to use or to the Secretary of Health and Human Services if you believe your privacy rights have been violated by us.
You may file a complaint with us by notifying our privacy contact of your complaint. We will not retaliate against you for filing a complaint.
We are required by law to maintain the privacy of, and provide individuals with, this notice of our legal duties and privacy practices with respect to protected health information, if you have any questions concerning or objections to this form, please ask to speak with the owner/CEO. Please contact us at *INSERT NUMBER.
Associated companies with whom we may do business, such as an answering service or delivery service, are given only enough information to provide the necessary service to you. No medical information is provided.
We welcome your comments: Please feel free to call us if you have any questions about how we protect your privacy. Our goal is always to provide you with the highest quality services.
We reserve the right to change the terms of this Notice and will inform you by mail of any changes. It will also be posted on our website and posted in a prominent location at SRW. A copy will be available to you on request. We reserve the right to apply any changes to this Notice PHI that has previously been acquired. You then have the right to object or withdraw as provided in this notice.
I/We understand and agree to all of the above information.
___________________________________________________ __________________
Patient or Guardian (relationship to patient) Signature Date
Alternatively, you may print it and then fax it to us at (650) 419-9877.
Questions and Complaints
If you have any questions about this Notice or would like an additional copy, please contact Soft Reboot Wellness at (650) 419-3330.
If you think that we may have violated your privacy rights or you disagree with a decision we made about access to your PHI, you may send a written complaint to the Soft Reboot Wellness 825 Oak Grove Ave Suite A101 Menlo Park CA 94025.
Notice to Patients About Open Payments Database
As required by Assembly Bill (AB) 1278, physicians are required to provide a notice to their patients regarding the Open Payments database (Database), which is managed by the U.S. Centers for Medicare & Medicaid Services, or CMS.
The Open Payments database is a federal tool used to search payments made by drug and device companies to physicians and teaching hospitals. It can be found at https://openpaymentsdata.cms.gov.”
For informational purposes only, a link to the federal Centers for Medicare and Medicaid Services (CMS) Open Payments web page is provided here. The federal Physician Payments Sunshine Act requires that detailed information about payment and other payments of value worth over ten dollars ($10) from manufacturers of drugs, medical devices, and biologics to physicians and teaching hospitals be made available to the public.