Back to Home

Privacy Policy

HIPAA Notice of Privacy Practices

Effective Date: January 2, 2026

Last Updated: January 2, 2026

Introduction

Pain Treatment Centers of Georgia ("we," "us," "our," "PTC of Georgia") respects your privacy and is committed to protecting your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

This Privacy Policy serves as both our website privacy policy and our HIPAA Notice of Privacy Practices, describing your rights and our legal duties with respect to your Protected Health Information (PHI).

HIPAA Compliance Statement

We are a HIPAA-covered entity under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Your health information is considered Protected Health Information (PHI) and is subject to strict privacy and security protections under federal law.

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

Information We Collect

1. Protected Health Information (PHI)

When you become a patient or contact us for services, we may collect:

  • Personal identifiers: Name, address, phone number, email, date of birth, Social Security number
  • Medical information: Pain conditions, symptoms, medical history, diagnoses, treatment plans
  • Insurance information: Insurance provider, policy numbers, coverage details
  • Referral information: Referring physician details, referral documentation
  • Appointment information: Scheduling preferences, visit history
  • Treatment records: Procedures performed, medications prescribed, clinical notes
  • Billing information: Claims, payments, account balances

2. Automatically Collected Information

When you visit our website, we automatically collect:

  • Device information: IP address, browser type, operating system, device identifiers
  • Usage data: Pages viewed, time spent on site, links clicked, referring website
  • Location data: General geographic location based on IP address
  • Cookie data: See our Cookie Policy section below

3. Marketing and Analytics Data

  • Facebook Click ID (FBCLID) when you arrive from a Facebook ad
  • UTM parameters from advertising campaigns
  • Aggregate analytics data (non-identifiable)

How We Use Your Information

Treatment, Payment, and Healthcare Operations

We use your PHI for the following purposes without requiring your written authorization:

For Treatment:

  • Providing pain management consultations and procedures
  • Coordinating care with your referring physician
  • Communicating with other healthcare providers about your care
  • Scheduling appointments and follow-up visits

For Payment:

  • Verifying insurance coverage and eligibility
  • Submitting claims to your insurance provider
  • Processing payments and managing billing
  • Conducting utilization review and pre-authorization

For Healthcare Operations:

  • Quality assessment and improvement activities
  • Staff training and education
  • Business planning and management
  • Customer service and appointment reminders

Marketing Communications (With Your Consent)

  • Sending appointment reminders via phone, text, or email
  • Providing information about new treatments or services
  • Delivering educational health information
  • Displaying personalized ads on Facebook and other platforms (only with cookie consent)

Cookie Policy & Tracking Technologies

What Are Cookies?

Cookies are small text files stored on your device that help us improve your website experience and deliver personalized advertising.

Types of Cookies We Use:

Essential Cookies (Always Active)

Required for website functionality. Cannot be disabled.

Analytics Cookies (Optional)

Help us understand how visitors use our website to improve user experience.

Advertising Cookies (Optional)

Facebook Pixel: We use Facebook's advertising technology to deliver personalized ads and measure campaign effectiveness. The Facebook Pixel tracks your interactions with our website (page views, button clicks) and connects this data to your Facebook profile to show you relevant ads.

Important: We do NOT share Protected Health Information (PHI) with Facebook or any advertising platform. Only general website activity (page views, clicks) is tracked. We never send health conditions, diagnoses, or treatment information to Facebook.

Managing Cookies

You can control cookies through:

When We Disclose Your Information

Disclosures Without Your Authorization

HIPAA permits us to disclose your PHI without your written authorization in these situations:

  • To Your Referring Physician: Coordinating your care and treatment
  • To Your Insurance Company: Processing claims and verifying coverage
  • Required by Law: Court orders, subpoenas, law enforcement investigations
  • Public Health Activities: Reporting diseases, adverse drug events, product recalls
  • Health Oversight: Audits, investigations, licensure activities
  • Abuse/Neglect Reporting: When required by Georgia law
  • Workers' Compensation: If your treatment is work-related

Disclosures Requiring Your Authorization

We will obtain your written authorization before using or disclosing your PHI for:

  • Marketing purposes (except appointment reminders)
  • Sale of PHI
  • Psychotherapy notes (if applicable)
  • Most uses and disclosures not described in this notice

Business Associate Agreements

We work with third-party vendors ("Business Associates") who may have access to your PHI to perform services on our behalf. All Business Associates sign HIPAA-compliant agreements requiring them to protect your information and use it only as permitted.

Our Business Associates Include:

  • Medical Billing Services: Processing insurance claims and payments
  • Web Hosting Provider: Secure hosting of our website and data
  • Email Service Provider: Sending appointment reminders and communications
  • IT Support Vendors: Maintaining secure systems and infrastructure

Note About Facebook/Meta: Meta Platforms does NOT sign Business Associate Agreements and is NOT a HIPAA-covered entity. We only share non-PHI data (general website activity) with Facebook for advertising purposes. We never transmit health conditions, diagnoses, treatment information, or other PHI to Facebook.

Data Security Measures

We implement administrative, technical, and physical safeguards to protect your PHI:

Administrative

  • • HIPAA training for staff
  • • Privacy policies & procedures
  • • Access controls & authorization
  • • Incident response plan

Technical

  • • TLS 1.2+ encryption
  • • Secure servers
  • • Firewalls & intrusion detection
  • • Regular security audits

Physical

  • • Locked facilities
  • • Secure medical records
  • • Controlled building access
  • • Secure document disposal

Your Rights Under HIPAA

You have the following rights regarding your Protected Health Information:

Right to Access Your PHI

You may request to inspect and obtain a copy of your medical records. We may charge a reasonable fee for copies. We will respond to your request within 30 days.

Right to Amend Your PHI

If you believe your medical records are incorrect or incomplete, you may request an amendment. We may deny your request if the information is accurate and complete.

Right to an Accounting of Disclosures

You may request a list of certain disclosures we've made of your PHI in the past six years (excluding disclosures for treatment, payment, and healthcare operations).

Right to Request Restrictions

You may request restrictions on how we use or disclose your PHI. We are not required to agree to your request, but if we do, we will honor it except in emergency situations.

Right to Confidential Communications

You may request that we communicate with you about your PHI by alternative means or at alternative locations (e.g., calling you at work instead of home).

Right to a Paper Copy of This Notice

You may request a paper copy of this Privacy Notice at any time, even if you previously agreed to receive it electronically.

Right to Revoke Authorization

If you provided written authorization for a use or disclosure of your PHI, you may revoke it at any time in writing (except to the extent we've already acted on it).

To Exercise Your Rights:

Submit a written request to our Privacy Officer at the address below. We may require you to complete a form for certain requests.

Privacy Officer: Pain Treatment Centers of Georgia
6606 Abercorn St #101, Savannah, GA 31405
Phone: (912) 910-3777

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know

Request disclosure of the personal information we collect, use, and disclose about you.

Right to Delete

Request deletion of your personal information (subject to exceptions for medical records retention requirements).

Right to Opt-Out of Sale/Sharing

We do NOT sell personal information. However, use of advertising cookies (Facebook Pixel) may be considered "sharing" under CCPA. You can opt-out by rejecting advertising cookies in our cookie banner.

Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

To exercise your California privacy rights, contact us at (912) 910-3777.

Data Retention

We retain your information as follows:

  • Medical Records: 10 years after the date of last treatment (Georgia law requirement)
  • Billing Records: 7 years as required by federal and state law
  • Marketing Data: Until you opt-out or withdraw consent
  • Website Cookies: 90 days for advertising cookies, varies for other types

Children's Privacy

Our website is not directed to children under 13. We do not knowingly collect personal information from children under 13 through our website. If you are under 13, do not use this website or provide any information. If we learn we've collected information from a child under 13, we will delete it promptly.

Breach Notification

In the unlikely event of a breach of unsecured PHI, we will notify you as required by HIPAA within 60 days of discovering the breach. Notification will include:

  • Description of what happened
  • Types of information involved
  • Steps we're taking to investigate and mitigate harm
  • Steps you should take to protect yourself
  • Contact information for questions

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. We will post the updated policy on our website with the new effective date. Changes to how we use or disclose PHI will only apply to information created or received after the effective date of the change.

We will notify you of material changes by posting a notice on our website homepage for 30 days.

Filing a Complaint

If you believe your privacy rights have been violated, you have the right to file a complaint with:

Pain Treatment Centers of Georgia:

Privacy Officer
6606 Abercorn St #101
Savannah, GA 31405
Phone: (912) 910-3777

U.S. Department of Health and Human Services:

Office for Civil Rights
U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201
Phone: 1-877-696-6775
Website: www.hhs.gov/ocr/privacy/hipaa/complaints/

You will not be retaliated against or penalized for filing a complaint.

Contact Us

Questions about this Privacy Policy or our privacy practices? Contact us:

Pain Treatment Centers of Georgia

Privacy Officer
6606 Abercorn St #101
Savannah, GA 31405

Phone: (912) 910-3777
Fax: (Contact office for fax number)

Office Hours:
Monday - Friday: 8:00 AM - 5:00 PM EST

Return to Homepage

Acknowledgment of Receipt

By using our website or services, you acknowledge that you have received and reviewed this Privacy Policy and HIPAA Notice of Privacy Practices. If you are a patient, we will ask you to sign an acknowledgment form during your first visit.

Questions About Your Privacy?

Our Privacy Officer is available to answer your questions and help you exercise your rights.

Call (912) 910-3777