(415) 555-0142
    Patient Portal|Provider Login
    Meridian
    Health Group
    Privacy

    Notice of Privacy Practices

    Effective January 1, 2026

    THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

    1. Our commitment to your privacy

    Meridian Health Group ("Meridian," "we," "us," or "our") is committed to protecting the privacy of your protected health information ("PHI") in accordance with the Health Insurance Portability and Accountability Act of 1996, the Health Information Technology for Economic and Clinical Health Act, and applicable California law including the Confidentiality of Medical Information Act.

    2. Information we collect

    We collect health information you provide us during care, including but not limited to: demographic information, medical history, medications, allergies, lab and imaging results, mental and behavioral health notes, billing and insurance information, and information disclosed to us by other providers or by you through our patient portal, telehealth platform, or front-desk staff.

    3. How we use and disclose your PHI

    We may use and disclose your PHI for the following purposes without your authorization:

    • Treatment. To deliver care, consult with other Meridian providers, refer you to outside specialists, and coordinate with hospitals, pharmacies, and laboratories.
    • Payment. To bill your insurer, obtain prior authorizations, and collect payment for services rendered.
    • Healthcare operations. Including quality improvement, peer review, credentialing, audits, training, business planning, and accreditation activities.
    • Required by law. When disclosure is required by federal, state, or local law, including public health reporting, abuse or neglect reporting, judicial proceedings, and law enforcement requests as permitted by law.
    • Appointment reminders and treatment alternatives. We may contact you with reminders or information about treatment options.
    • Patient directory. If you are admitted to a hospital, we may include your name and location in the directory unless you object.

    4. Uses and disclosures requiring your authorization

    Certain uses and disclosures of your PHI require your written authorization, including:

    • Most uses and disclosures of psychotherapy notes
    • Uses and disclosures for marketing purposes
    • Disclosures that constitute a sale of PHI
    • Disclosures to your employer for fitness-for-duty purposes
    • HIV/AIDS information, in accordance with California law
    • Substance use disorder records governed by 42 CFR Part 2

    5. Your rights

    Under HIPAA and California law, you have the following rights regarding your PHI:

    • Right to access. You have the right to inspect and obtain a copy of your medical and billing records, typically within 15 business days of a written request. Electronic copies are provided free of charge.
    • Right to amend. You may request an amendment to records you believe to be incorrect or incomplete.
    • Right to an accounting of disclosures. You may request a list of certain disclosures made in the prior six years.
    • Right to request restrictions. You may request limits on how we use or disclose your PHI; we are not required to agree except in certain circumstances (e.g., when you pay out-of-pocket in full).
    • Right to confidential communications. You may request that we contact you at a specific address or phone number.
    • Right to a paper copy of this notice, even if you have agreed to receive it electronically.
    • Right to file a complaint without retaliation.
    • Right to be notified of a breach affecting your PHI within 60 days.

    6. Patient portal and electronic communications

    Our patient portal is encrypted using TLS 1.3 and AES-256 at rest. Messages sent through the portal are part of your medical record. Email and SMS communications outside the portal are not secure; we will not include detailed clinical information in non-secure channels without your authorization.

    7. Telehealth

    Telehealth visits are conducted on a HIPAA-compliant video platform. The platform does not record visits. The visit is documented in your chart in the same manner as in-person visits.

    8. Research

    We may use limited data sets for research with appropriate data use agreements and IRB approval, in accordance with HIPAA. Identifiable information is not used for research without your authorization or an IRB waiver.

    9. California-specific rights

    California residents have additional rights under CMIA, CCPA, and CPRA. You may request additional disclosures of how we collect, use, and share information about you, and you may request deletion of information not subject to medical record retention requirements.

    10. Changes to this notice

    We reserve the right to update this notice. The revised notice will be posted at all locations and on our website with a new effective date. We will provide a copy to you upon request.

    11. How to contact us

    To exercise any right described above, request a paper copy of this notice, or file a complaint:

    Privacy Officer · Meridian Health Group
    1200 Wellness Boulevard, San Francisco, CA 94110
    Phone: (415) 555-0142 ext. 9
    Email: privacy@meridianhealthgroup.com

    You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, by visiting hhs.gov/ocr/privacy or calling 1-877-696-6775. We will not retaliate against you for filing a complaint.

    This Notice describes our practices and those of our employees, contractors, volunteers, and members of our workforce. It applies to all locations of Meridian Health Group.

    🍪 We Value Your Privacy

    We use cookies and similar technologies to enhance your experience, analyze site traffic, and understand where our visitors are coming from. You can customize your preferences at any time.