Privacy Policy

Effective Date: December 23, 2025
Last Updated: December 23, 2025

This Privacy Policy explains how Cumming Family Medicine and Dawson 400 Family Medicine (together, “we,” “us,” or “our”) collect, use, disclose, and protect information when you visit or use our website at cfmcare.com (the “Site”) or otherwise interact with us online (collectively, the “Services”).

Important:

• The Site is for general information and convenience (such as learning about our services, locations, and downloading forms). It is not intended for medical emergencies. If you think you have a medical emergency, call 911 or go to the nearest emergency room.
• If you are a patient, certain information we handle may be Protected Health Information (“PHI”) regulated by the Health Insurance Portability and Accountability Act (“HIPAA”) and other laws. Our HIPAA-related practices are described in the HIPAA Notice of Privacy Practices section below.

1. Who We Are

We provide primary care and family medicine services, including preventive care, pediatrics, chronic disease management, and telemedicine/virtual visits. We operate clinics in Georgia, including at:

• Cumming Family Medicine – 765 Lanier 400 Parkway, Cumming, GA 30040
• Dawson 400 Family Medicine – 133 Prominence Court, Suite 230, Dawsonville, GA 30534

(See “Contact Us” below for phone/fax and other contact details.)

2. Scope of This Privacy Policy

This Privacy Policy applies to information collected through:

• The Site and its pages, including informational pages, blog pages, and download pages;
• Communications you initiate with us through the Site or related channels (e.g., calls or emails initiated from information displayed on the Site);
• Any online tools we provide or integrate that link to this Privacy Policy.

This Privacy Policy does not cover:

• Information collected by third-party sites or services linked from our Site (see “Third-Party Links” below);
• Employment-related information for job applicants or employees (if applicable);
• Information governed by a separate notice, agreement, or consent you receive as a patient (including HIPAA forms and consents).

3. Information We Collect

We collect information in several ways:

A. Information You Provide Directly

Depending on how you interact with us, you may provide:

• Contact information (e.g., name, phone number, email address, mailing address);
• Appointment-related information (e.g., preferred location, preferred times, reason for visit—if you provide it);
• Messages and communications you send to us (questions, requests, feedback);
• Forms and documents you submit to us (for example, completed patient registration forms or release forms, if submitted electronically or via fax/email).

Please avoid sending highly sensitive medical information via standard email or web forms unless we specifically provide a secure method. Email and standard web submissions may not be encrypted end-to-end.

B. Patient/Clinical Information (If You Become a Patient)

If you receive care from us, we may collect additional information needed for treatment, payment, and healthcare operations, such as:

• Date of birth, sex, demographic information;
• Insurance and billing information;
• Medical history, symptoms, diagnoses, medications, allergies, test results;
• Identifiers that may include government-issued identifiers when required for care, coverage, or legal purposes.

This information may be PHI and is addressed further in the HIPAA section.

C. Information Collected Automatically

When you visit the Site, we (and service providers acting on our behalf) may automatically collect:

• Device and browser information (e.g., IP address, device identifiers, browser type, operating system);
• Usage data (e.g., pages visited, time spent on pages, referring/exit pages, clicks);
• Approximate location information (derived from IP address);
• Log data stored by servers and security tools (e.g., access logs, error logs).

D. Cookies and Similar Technologies

We may use cookies, pixels, local storage, and similar technologies to:

• Operate the Site and remember preferences;
• Understand usage and improve Site performance;
• Maintain security and prevent fraud.

You can control cookies through your browser settings (see “Cookies & Tracking Choices” below).

E. Information From Third Parties

We may receive information about you from third parties such as:

• Referral sources (with your consent or as permitted by law);
• Insurance plans or clearinghouses;
• Labs, imaging centers, pharmacies, and other providers involved in your care;
• Technology vendors (e.g., telemedicine platforms, electronic health record systems) used to deliver Services.

4. How We Use Information

We use information for purposes including:

A. Providing and Improving Services

• Responding to inquiries and requests;
• Scheduling and managing appointments;
• Providing telemedicine/virtual visits and related support;
• Delivering care and clinical services;
• Operating and improving the Site and our offerings;
• Maintaining quality assurance and internal operations.

B. Treatment, Payment, and Healthcare Operations (If You Are a Patient)

Where applicable and permitted by law, we may use information to:

• Provide, coordinate, or manage care (treatment);
• Bill and collect payment, verify coverage, and process claims (payment);
• Run our practice efficiently (operations), such as training, quality improvement, and auditing.

C. Communications

• Sending administrative and operational messages (appointment reminders, instructions, lab follow-ups, billing questions, policy updates);
• Customer service and support.

D. Security and Compliance

• Protecting our patients, staff, and systems;
• Detecting, preventing, and investigating security incidents, fraud, and misuse;
• Complying with legal obligations and responding to lawful requests.

E. Marketing (Limited)

We may communicate about services that may be relevant to you, consistent with law. Where required, we will obtain your consent and provide opt-out options.

5. How We Share Information

We may share information as follows:

A. With Service Providers

We may share information with vendors that help us operate, such as:

• Website hosting and IT support;
• Security, fraud prevention, and monitoring tools;
• Communications tools (phone/SMS/email vendors);
• Telemedicine technology vendors;
• Billing and administrative support vendors.

We require service providers to protect information appropriately and only use it for contracted services.

B. With Healthcare and Payment Partners (If Applicable)

As permitted by law, we may share information with:

• Other healthcare providers involved in your care;
• Health plans and payers;
• Clearinghouses and billing partners.

C. For Legal Reasons

We may disclose information:

• To comply with laws, regulations, subpoenas, or court orders;
• To respond to lawful requests by public authorities;
• To protect our rights, privacy, safety, or property, and that of our patients or others.

D. Business Transfers

If we undergo a business transaction such as a merger, acquisition, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to applicable law.

E. With Your Authorization

We may share information with third parties when you direct us to do so, including via signed authorizations or release forms.

F. No Sale of PHI

We do not sell PHI in violation of HIPAA.

6. Cookies and Tracking Choices

A. Cookie Controls

Most browsers allow you to delete or block cookies and set preferences for certain websites. If you block cookies, parts of the Site may not function as intended.

B. Analytics and Advertising

We may use analytics tools to understand how the Site is used. If we use third-party analytics or advertising tools, those providers may set cookies or collect information under their own privacy policies.

C. Do Not Track / Global Privacy Control

Some browsers provide “Do Not Track” signals and some users enable Global Privacy Control (GPC). Because standards vary, we may not respond to all such signals. Where required by applicable law, we will honor valid opt-out signals.

7. Data Retention

We retain information for as long as reasonably necessary for the purposes described in this Privacy Policy, including providing Services, maintaining records as required by healthcare, tax, and other laws, resolving disputes, and enforcing agreements. Medical records and related patient information may be retained for the time required by applicable law and professional standards.

8. Security

We use administrative, technical, and physical safeguards designed to protect information. However, no method of transmission or storage is completely secure. We cannot guarantee absolute security, and you use the Site at your own risk.

9. Your Choices and Rights

Depending on your relationship with us and where you live, you may have certain rights.

A. Communication Preferences

You may request that we contact you in certain ways (e.g., phone vs. mail) or at certain locations, subject to our ability to accommodate. If we send text messages, you can opt out by following the instructions in the message (commonly by replying “STOP”).

B. HIPAA Rights (For PHI)

If you are a patient, you have rights under HIPAA regarding your PHI. See the HIPAA Notice section below.

C. State Privacy Rights (Non-PHI)

Some state laws may provide rights to know what personal information is collected, access or receive a copy, correct inaccuracies, delete personal information (subject to exceptions), or opt out of certain processing. We will honor applicable requests as required by law and may need to verify your identity before responding.

To submit a request, contact us using the information in the Contact Us section.

10. Children’s Privacy

The Site is not intended for children under 13. We do not knowingly collect personal information from children under 13 through the Site. If you believe a child has provided personal information through the Site, contact us and we will take appropriate steps.

11. Third-Party Links and Services

The Site may contain links to third-party websites, tools, or services. We are not responsible for the privacy practices of third parties. Your use of third-party services is subject to their terms and privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The Last Updated date at the top indicates when the policy was last revised. Changes take effect when posted, unless otherwise stated.

13. Contact Us

For privacy questions, requests, or concerns, contact:

Cumming Family Medicine / Dawson 400 Family Medicine
Attn: Privacy Officer
765 Lanier 400 Parkway, Cumming, GA 30040
Phone: 770-205-1294
Fax: 770-887-4597
Email: webmaster@cfmcare.com

HIPAA Notice of Privacy Practices

Effective Date: December 23, 2025
Last Updated: December 23, 2025

This section describes how we may use and disclose Protected Health Information (“PHI”) about you and how you can access this information. This section applies when we act as a healthcare provider and HIPAA applies.

A. Our Duties

We are required by law to:

• Maintain the privacy and security of your PHI;
• Provide you with this Notice of our legal duties and privacy practices;
• Follow the terms of the Notice currently in effect; and
• Notify you following a breach of unsecured PHI as required by law.

B. How We May Use and Disclose PHI Without Your Written Authorization

HIPAA allows us to use and disclose PHI for certain purposes, including:

1. Treatment
   We may use and share PHI to provide, coordinate, or manage your healthcare and related services. For example, sharing information with specialists, labs, pharmacies, or hospitals involved in your care.
2. Payment
   We may use and share PHI to bill and obtain payment from health plans or other entities. This may include eligibility checks, claims processing, and collections.
3. Healthcare Operations
   We may use and share PHI for practice operations, such as quality assessment, training, accreditation, licensing, business planning, and audits.
4. Appointment Reminders and Health-Related Benefits/Services
   We may contact you to remind you of appointments or provide information about treatment alternatives or other health-related benefits and services that may be of interest.
5. People Involved in Your Care
   We may share PHI with a family member, friend, or others you identify who are involved in your care or payment for your care, unless you object or we determine it is not in your best interest.
6. As Required by Law
   We may disclose PHI when required by federal, state, or local law.
7. Public Health and Safety
   We may disclose PHI for public health activities (e.g., disease reporting) or to prevent or lessen a serious and imminent threat to health or safety.
8. Health Oversight Activities
   We may disclose PHI to agencies for oversight activities authorized by law (e.g., audits, inspections, investigations).
9. Legal Proceedings and Law Enforcement
   We may disclose PHI in response to a court order, subpoena, or certain law enforcement requests, as permitted by law.
10. Coroners, Medical Examiners, and Funeral Directors
    We may disclose PHI as necessary to these professionals as permitted by law.
11. Organ and Tissue Donation
    We may disclose PHI for organ procurement and transplantation purposes as permitted by law.
12. Research
    We may use or disclose PHI for research when approved by an Institutional Review Board (IRB) or when other legal requirements are satisfied.
13. Workers’ Compensation
    We may disclose PHI for workers’ compensation or similar programs as authorized by law.
14. Specialized Government Functions
    We may disclose PHI for certain specialized functions such as military, national security, or correctional institution activities, as permitted by law.

C. Uses and Disclosures That Typically Require Your Authorization

Unless an exception applies, we generally need your written authorization for:

• Most uses and disclosures of psychotherapy notes;
• Marketing communications that are not otherwise permitted by HIPAA; and
• Sale of PHI (if applicable).

You may revoke an authorization in writing at any time, except to the extent we have already relied on it.

D. Your HIPAA Rights

You have the right to:

1. Get a copy of your medical record
   You can request to inspect or receive an electronic or paper copy of your medical record and other PHI we have about you, with limited exceptions. We may charge a reasonable, cost-based fee as permitted by law.
2. Ask us to correct your medical record
   You can ask us to correct PHI you believe is incorrect or incomplete. We may deny your request in certain circumstances, but we will explain our decision in writing.
3. Request confidential communications
   You can ask us to contact you in a specific way (e.g., home vs. work phone) or to send mail to a different address.
4. Ask us to limit what we use or share
   You can request restrictions on certain uses/disclosures. We are not required to agree to all requests, but we will comply when required by law (including certain paid-in-full out-of-pocket requests).
5. Get a list of those with whom we’ve shared information
   You can request an accounting of certain disclosures of your PHI, as permitted by law.
6. Get a copy of this notice
   You can request a paper copy of this Notice at any time.
7. Choose someone to act for you
   If you have given someone medical power of attorney or that person is your legal guardian, that person can exercise your rights and make choices about your PHI.
8. File a complaint
   If you feel we have violated your rights, you can complain to us using the contact details below, and/or file a complaint with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights. We will not retaliate against you for filing a complaint.

E. Contact for HIPAA Questions or Complaints

Cumming Family Medicine / Dawson 400 Family Medicine
Attn: Privacy Officer
765 Lanier 400 Parkway, Cumming, GA 30040
Phone: 770-205-1294
Fax: 770-887-4597
Email: webmaster@cfmcare.com