THIS DOCUMENT SERVES AS BOTH A HIPAA NOTICE OF PRIVACY PRACTICES AND A WEBSITE PRIVACY POLICY. John Fjerstad, DPM is required by law to maintain the privacy of your protected health information (PHI), to provide you with this notice of legal duties and privacy practices, and to comply with the terms of this notice as currently in effect.

1. Who We Are and How to Contact Us

John Fjerstad, DPM operates two podiatry clinic locations in Northern California:

  • McKinleyville Office — 1967 Central Avenue, McKinleyville, CA 95519 — (707) 840-0226 — info@jfjerstad.com
  • Crescent City Office — 1080 Mason Mall #3, Crescent City, CA 95531 — (707) 464-3245 — info@jfjerstad.com

For privacy-related questions or to exercise your rights, contact us at either office location. Requests may be made in person, by phone, or in writing.

2. Protected Health Information (PHI)

Protected Health Information (PHI) is individually identifiable health information created, received, maintained, or transmitted by a covered health care provider. This includes information about your past, present, or future physical or mental health conditions; the health care we provide to you; and payment for that care.

We are committed to protecting your PHI in all forms — oral, written, and electronic — in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the HITECH Act, and the California Confidentiality of Medical Information Act (CMIA), California Civil Code § 56 et seq.

3. How We Use and Disclose Your Health Information

We use and disclose health information about you for the following purposes. For additional uses or disclosures not described here, we will obtain your written authorization.

Treatment

We may use and disclose your PHI to provide, coordinate, or manage your health care and related services. For example, we may share your information with other healthcare providers involved in your treatment, such as your primary care physician, specialists, physical therapists, or hospitals.

Payment

We may use and disclose your PHI to obtain payment for services provided to you. This includes activities such as billing, claims processing, and utilization review. For example, we may submit a claim to your health insurance carrier that includes information about your diagnosis and services rendered.

Health Care Operations

We may use and disclose your PHI for our internal operations, including quality assessment, staff training, legal and compliance activities, and business management. These activities are necessary to operate our practice and ensure all patients receive quality care.

Other Permitted Uses and Disclosures

We may also use or disclose PHI without your authorization in the following situations as permitted or required by law:

  • As required by federal, state, or local law
  • For public health activities (e.g., reporting communicable diseases to public health authorities)
  • To report abuse, neglect, or domestic violence as required by California law
  • For health oversight activities by government agencies
  • In connection with judicial or administrative proceedings, when required by court order or subpoena
  • For law enforcement purposes as permitted or required by law
  • To coroners, medical examiners, or funeral directors as necessary
  • For organ and tissue donation purposes
  • For research, subject to strict privacy safeguards required by law
  • To avert a serious threat to health or safety
  • For specialized government functions including military, veterans, national security, and intelligence activities
  • For workers' compensation or similar programs as permitted by law

4. Uses and Disclosures Requiring Your Authorization

Other uses and disclosures of your PHI not described in this notice will be made only with your written authorization, including:

  • Most uses and disclosures of psychotherapy notes
  • Uses and disclosures of PHI for marketing purposes
  • Sales of PHI
  • Any other use or disclosure not permitted or required by applicable law

You have the right to revoke an authorization in writing at any time, except to the extent that we have already acted on it.

5. Your Rights Regarding Your Health Information

Submit a Privacy Rights Request

You have the following rights regarding your PHI. To exercise any of these rights, submit a written request to either office location.

Right to Inspect and Copy

You have the right to inspect and obtain a copy of your medical and billing records. We may charge a reasonable fee for copying in accordance with California law. We will respond within 30 days.

Right to Amend

If you believe your health information is incorrect or incomplete, you may request that we amend it. We may deny your request under certain circumstances permitted by law. If denied, we will explain why in writing.

Right to an Accounting of Disclosures

You have the right to request a list of disclosures we have made of your PHI during the six years prior to your request, other than disclosures made for treatment, payment, health care operations, or disclosures you authorized.

Right to Request Restrictions

You may request restrictions on certain uses and disclosures of your PHI. We are not required to agree in most cases; however, if we agree, we are bound by that restriction. Under HIPAA, if you pay out of pocket in full for a service, you have the right to request that we not disclose information about that service to your health plan.

Right to Request Confidential Communications

You may request that we communicate with you about your health care at a specific location or by a specific method. We will accommodate reasonable requests.

Right to a Paper Copy of This Notice

You have the right to a paper copy of this notice at any time. We will provide a copy upon request at either office location.

California-Specific Rights (CMIA & CCPA)

California law provides additional protections under the Confidentiality of Medical Information Act (Civil Code § 56 et seq.) and the California Consumer Privacy Act (Cal. Civ. Code § 1798.100 et seq.). We will not share your medical information for marketing or sales purposes without your express written authorization. CCPA rights are addressed in Section 8 below.

6. Our Duties

  • We are required by law to maintain the privacy of your PHI
  • We must provide you with this notice of our legal duties and privacy practices
  • We must notify you following a breach of your unsecured PHI as required by the HITECH Act and HIPAA Breach Notification Rule (45 C.F.R. §§ 164.400–414)
  • We must follow the terms of this notice while it is in effect
  • We reserve the right to change the terms of this notice. If we revise it, we will post the updated version on our website and make printed copies available at both offices.

7. How to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights:

  • U.S. Department of Health & Human Services — Office for Civil Rights
  • 200 Independence Avenue, S.W., Washington, D.C. 20201
  • Toll-free: 1-877-696-6775
  • Website: hhs.gov/ocr/privacy/hipaa/complaints

We will not retaliate against you for filing a complaint.

8. Website Privacy — Information Collected Online

The following applies to information collected through our website at jfjerstaddpm.com.

Information We Collect

  • Contact form submissions — name, phone number, email address, and any message content you voluntarily submit
  • Automatically collected data — browser type, operating system, IP address, referring URL, pages visited, and time of visit collected via standard server logs or analytics tools
  • Cookies — small data files stored on your device to maintain session state and improve performance. You may disable cookies in your browser settings.

Important: Contact Forms Are Not Secure for PHI

Information submitted through this website is not encrypted end-to-end and is not a secure method of transmitting protected health information. Do not submit sensitive medical details (diagnoses, medications, test results) through web forms. Call the office directly for clinical matters.

How We Use Website Information

  • To respond to inquiries and schedule appointments
  • To improve website content and user experience
  • To maintain website security

We do not sell, rent, or share your personal information with third parties for marketing purposes.

California Consumer Privacy Act (CCPA)

California residents have the right to: (1) know what personal information is collected; (2) know whether personal information is sold or disclosed, and to whom; (3) opt out of the sale of personal information; (4) access their personal information; and (5) equal service without discrimination. We do not sell personal information. To exercise CCPA rights, contact either office in writing.

9. Minors

We do not knowingly collect personal information from individuals under age 13 through this website. Healthcare records for minor patients are handled in accordance with HIPAA and applicable California minor consent laws.

10. Changes to This Notice

We reserve the right to modify this notice at any time. The effective date at the top reflects the most recent revision. Material changes affecting PHI handling will be communicated as required by HIPAA.

11. Contact Us

  • John Fjerstad, DPM — 1967 Central Avenue, McKinleyville, CA 95519 — (707) 840-0226 — info@jfjerstad.com
  • John Fjerstad, DPM — 1080 Mason Mall #3, Crescent City, CA 95531 — (707) 464-3245 — info@jfjerstad.com