Privacy Policy

1. Introduction

​

Sutti Spine & Sport LLC is committed to protecting your privacy and ensuring the security of your Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and corresponding federal regulations (45 CFR Parts 160 and 164) — which apply to all covered health care providers in the U.S. who handle PHI.

​

This Privacy Policy explains how we collect, use, disclose, and safeguard your information, including PHI, when you visit our website or receive healthcare services with us in Kansas or Missouri.

​

We comply with all applicable HIPAA requirements regarding the privacy and security of PHI, including limits on uses/disclosures, patient rights, and breach notification.

​

By using this website and our services, you consent to the collection and use of your information as described here.

​

2. Information We Collect

​

2.1 Personal and Health Information

​

When you interact with us (e.g., scheduling appointments, completing intake forms, or communicating with our staff), we may collect:

• Identifying information (name, address, phone number, email)

• Medical and health information related to treatment

• PHI as defined under HIPAA, including treatment history, diagnoses, insurance details, and payment information.
   

We collect both:

• Information you provide voluntarily, and

• Information collected automatically through site analytics (see Cookies & Tracking below).
   

2.2 Cookies & Tracking Technologies

​

We may use cookies and similar technologies to improve our website and understand usage. Any data that could be associated with identifiable individuals may be treated carefully to avoid PHI exposure or shared only under HIPAA-compliant terms (e.g., Business Associate Agreements when required).

​

3. How We Use Your Information

​

We use personal information, including PHI, for the following purposes:

• Treatment: To provide, coordinate, or manage your healthcare.

• Payment: To obtain payment for services provided.

• Healthcare Operations: For quality assessment, provider training, business management, and related healthcare operations.

• Administrative purposes: To manage scheduling and communications.

• Legal compliance: To meet applicable federal and state laws.
   

4. Disclosure of PHI

​

We do not sell your PHI. We may share it only in ways permitted by HIPAA or with your written authorization.

​

4.1 Permitted Disclosures

​

Without specific written consent, we may disclose PHI:

• For treatment, payment, and healthcare operations.

• To business associates with whom we have HIPAA-compliant agreements.

• When required by law (for example, public health reporting).
   

4.2 Business Associate Agreements

​

When a third party (like a billing service, web-based scheduling platform, or analytics provider) handles PHI on our behalf, we ensure a HIPAA Business Associate Agreement (BAA) is in place — which legally binds them to safeguard PHI with administrative, physical, and technical protections.
 

5. Patient Rights Under HIPAA
 

Under HIPAA, patients have the right to:

• Access: Request access to their PHI.

• Amend: Request correction/amendments to their PHI.

• Accounting of Disclosures: Request an accounting of to whom PHI has been disclosed.

• Request Restrictions: Limit how PHI is used/disclosed.

• Confidential Communications: Request confidential methods of contact.

• Breach Notification: Be notified if a breach compromises unsecured PHI.

To exercise any right above, contact our Privacy Officer (see Section 10).
 

6. Data Security

​

We implement administrative, technical, and physical safeguards to protect PHI’s confidentiality and integrity. These include secure servers, encrypted electronic systems where applicable, and access controls.

Review, training, and monitoring procedures are in place to help ensure HIPAA compliance and prevent unauthorized access.
 

7. Website Use Considerations & HIPAA
 

If the website collects health information tied to identifiable individuals (e.g., through patient portals or intake forms), it may be subject to HIPAA privacy/security rules under federal law. Any such data collection will be handled consistent with HIPAA and governed by appropriate agreements and safeguards.
 

8. Third-Party Websites
 

Our website may link to external sites. We are not responsible for their privacy practices or PHI protections. If you follow a link off our website, review the privacy policy of the new site.

​

9. Children’s Privacy
 

We do not knowingly collect PHI from individuals under 13 via this website. If we discover such collection, we will promptly delete that data.
 

10. Your Privacy Officer & Contact Information
 

If you have questions about this policy, want to exercise your HIPAA rights, or believe your privacy has been violated:

​

Privacy Officer
Sutti Spine & Sport LLC
Address: 7101 W. 115th St, Overland Park, KS 66210
Email: suttispineandsport@gmail.com
Phone: (913) 940-1161

​

You also have the right to contact the U.S. Department of Health & Human Services — Office for Civil Rights to file a HIPAA complaint.

​

11. Policy Updates
 

We may revise this policy periodically. The effective date at the top will reflect updates. Continued use of this site and our services indicates acceptance of the updated policy.