Privacy Policy

Introduction

At Meridian Plastic Surgeons and SturgillMD.com, we are dedicated to safeguarding the privacy and security of our patients and website visitors. This Privacy Policy outlines our practices regarding the collection, use, and protection of your personal information when you interact with our website and services. We maintain the highest standards of privacy and comply with all applicable federal, state, and international privacy laws.

HIPAA Notice of Privacy Practices

Meridian Plastic Surgeons is a healthcare provider regulated under the Health Insurance Portability and Accountability Act (HIPAA). This section provides important information about how we handle Protected Health Information (PHI).

Uses and Disclosures of Protected Health Information

We use and disclose your PHI for the following purposes:

• Treatment: To provide, coordinate, and manage your medical care and treatment.
• Payment: To process insurance claims, handle billing, and collect payment for services.
• Healthcare Operations: To support business functions including quality improvement, compliance, training, and administrative activities.
• Legal Compliance: To comply with applicable laws, court orders, subpoenas, and law enforcement requests.
• Patient Communication: To send appointment reminders, treatment recommendations, and other health-related information with your authorization.

Your HIPAA Rights

You have the following rights regarding your PHI:

• Right to Access: You may request access to your medical records and receive a copy within 30 days.
• Right to Amendment: You may request correction of inaccurate or incomplete medical information.
• Right to an Accounting of Disclosures: You may request a detailed list of who has accessed your PHI.
• Right to Request Restrictions: You may request limitations on how your PHI is used or disclosed, though we are not always required to agree.
• Right to Confidential Communications: You may request that we contact you by alternative means or at alternative locations.
• Right to Receive Breach Notification: We will notify you if your PHI is breached in accordance with HIPAA requirements.

Exercising Your Rights

To exercise any of your HIPAA rights, please contact our Privacy Officer in writing at the address provided in the “Contact Us” section, or call 317-575-0330. You may also submit requests via email to the contact provided. We will respond to your request within the timeframes required by HIPAA (typically 30 days, extendable by an additional 30 days if necessary).

Business Associate Disclosures

We may share your PHI with trusted Business Associates who assist us in providing care, processing payments, and conducting healthcare operations. All Business Associates are bound by written agreements requiring them to maintain the privacy and security of your information in accordance with HIPAA.

Breach Notification

If your PHI is breached, we will notify you promptly as required by HIPAA. We maintain breach notification procedures and security safeguards designed to prevent unauthorized access to your information.

Information Collection

Information You Provide Directly

We collect personal information that you voluntarily provide when using our website and services, including:

• Name, email address, phone number, and mailing address
• Medical history, health information, and consultation preferences
• Payment and insurance information (processed securely)
• Any other information submitted through contact forms or appointment requests

Information Collected Automatically

We may collect certain information about your device and browsing behavior through cookies and similar tracking technologies, including:

• IP addresses and device identifiers
• Browser type, operating system, and device type
• Pages visited, time spent on the site, and navigation patterns
• Referring website and search terms
• Analytics data collected via Squarespace and third-party analytics services

Third-Party Data Collection

Our website is hosted on Squarespace, which may collect and process certain data. Squarespace’s privacy practices are available at their privacy policy. We also use third-party analytics services that may collect data about your interactions with our website.

Use of Information

We use the information we collect for the following purposes:

• To provide and improve our medical services and website functionality
• To respond to your inquiries and process appointment requests
• To send appointment reminders and healthcare communications
• To process payments and insurance claims
• To conduct quality improvement and compliance activities
• With your express consent, to send educational content, newsletters, and updates about our services
• To comply with legal obligations and regulatory requirements
• To protect against fraud, abuse, and security threats

Protection of Information

We implement appropriate administrative, physical, and technical security measures to protect your personal information and PHI against unauthorized access, use, or disclosure. These safeguards include:

• Secure servers with encryption technologies (SSL/TLS)
• Restricted access to patient information on a need-to-know basis
• Regular security audits and compliance assessments
• Employee training on privacy and data protection protocols
• Secure disposal of physical and electronic records
• Incident response procedures for potential breaches

Sharing of Information

We Do Not Sell Your Information

We do not sell, rent, or trade your personal information to third parties for marketing purposes. Under CCPA/CPRA, we affirm that we do not sell personal information to data brokers or other third parties.

Authorized Disclosures

Your information may be shared with the following categories of trusted partners and service providers who assist us in operating our website and providing care:

• Payment Processors and Financial Institutions: To process payments securely
• Insurance Companies and TPAs: To verify coverage and process claims
• Healthcare Providers: When you authorize referrals or coordinated care
• Email and Communication Services: To send appointment reminders and communications
• Analytics Providers: To understand website usage and improve services
• Hosting and IT Providers: To maintain website infrastructure and security

Legal Obligations

We may disclose your information when required by law, including in response to subpoenas, court orders, regulatory requests, or law enforcement inquiries. We may also disclose information to protect our rights, your safety, or the safety of others, or to prevent fraud and abuse.

Data Retention and Deletion

We retain your personal information and PHI for the duration necessary to provide treatment, comply with legal obligations, and support our business operations. Retention periods vary by record type:

• Medical Records: Retained in accordance with Indiana state law and federal HIPAA requirements (typically 6 years from last treatment)
• Financial Records: Retained for the period required for tax and accounting purposes
• Website Analytics: Retained and aggregated as needed for service improvement
• Contact Inquiries: Retained for one year unless you request earlier deletion

Upon request, we will delete non-medical personal information unless legal obligations require retention. Medical records cannot be deleted due to legal requirements but may be de-identified. To request deletion, contact our Privacy Officer.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and gather data about website usage. These include:

• Essential Cookies: Required for website functionality
• Analytics Cookies: Track usage patterns to improve our site
• Third-Party Cookies: Set by Squarespace and other service providers

Do Not Track Disclosure (CalOPPA)

Our website does not currently recognize automated Do Not Track (DNT) browser signals. However, you can manage cookie preferences through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent.

Managing Your Preferences

You can manage your cookie preferences through your browser settings, disable certain tracking technologies, and clear cookies from your device. Please note that disabling cookies may affect website functionality.

Children’s Privacy

Our website is not intended for children under the age of 13, and we do not knowingly collect personal information from children under 13 (in compliance with COPPA). If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly and notify the parents or guardians. For children 13-18, we limit collection to what is necessary for providing medical services, with appropriate parental consent.

State-Specific Privacy Rights

California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

• Right to know what personal information is collected, used, and shared
• Right to delete personal information under certain circumstances
• Right to opt-out of the sale of personal information (we do not sell your information)
• Right to correct inaccurate personal information
• Right to limit use and disclosure of personal information

To exercise these rights, contact our Privacy Officer using the information in the “Contact Us” section.

Indiana Residents

Indiana residents are protected under Indiana Code 24-4.9, the Personal Information Protection Act, and Indiana data breach notification laws. In the event of a data breach involving your personal information, we will notify you as required by Indiana law.

Your Privacy Rights and How to Exercise Them

You have the following rights regarding your personal information and PHI:

• Right to Access: Request a copy of your records
• Right to Correct: Request correction of inaccurate information
• Right to Delete: Request deletion where permitted by law
• Right to Opt-Out: Decline promotional communications
• Right to Restrict: Request limitation on how your information is used

How to Exercise Your Rights

To exercise any of these rights, submit a written request to:

You may also unsubscribe from promotional communications by following the “unsubscribe” link in our emails.

Telehealth and Virtual Consultation Data

Information shared during telehealth and virtual consultation sessions is treated as PHI and is subject to all HIPAA protections outlined in this policy. We use secure, HIPAA-compliant platforms for virtual consultations. Information transmitted via email, text, or non-secure messaging is not protected by HIPAA and should not be used to transmit sensitive health information.

Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time to reflect changes in our practices, technology, or legal requirements. We will notify you of any significant changes by posting the updated policy on our website and indicating the date of the latest revision. Your continued use of our website and services following the posting of changes constitutes your acceptance of those changes. We recommend reviewing this policy periodically to stay informed of how we protect your information.