Privacy Policy

Introduction

Protecting your personal information is a core Privia Health value. We believe it is important for you to know how we collect and use the information we receive from you while using this site and our services.  This privacy policy describes how Privia Health collects and uses the personal information you provide to us via our Web sites, including those of our affiliated doctors, via the telephone, via the mail, and via other communication tools.   It also describes the choices available to you regarding Privia Health’s use of your personal information and the steps you can take to access this information and to request that we correct or delete it.

Information We Collect

While you may use some of the functionality of Privia Health’s Web site without registration, many of the specific tools and services on our Web site require registration or the completion of response forms.  If you use our Web site without registering or completing any response forms, the only information we collect will be Non-Personal Information through the use of Cookies or Web Beacons.  If you choose to register with our website, complete a response form, or join as a member, we collect and require you to submit Personally Identifiable Information and, in some cases, Personal Health Information that may be “protected health information” (“PHI”) (as that term is defined in the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations).

You are responsible for ensuring the accuracy of the Personally Identifiable Information and Personal Health Information you submit to Privia Health. Inaccurate information will affect the quality of information you receive from us when using our site, services, and tools, and our ability to contact you as described in this Privacy Policy. For example, your email address should be kept current because that it is how we communicate with you.

Personal Health Information

It is Privia Health’s policy never to disclose any of your personally identifiable Protected Health Information (“PHI”) without your direct authorization.  

If you join Privia Health as a member, you will provide a limited authorization for the use of your PHI to Privia Health and its employees, contractors, and authorized partners   This authorization will be governed by the terms of your Membership Agreement, and by any associated “Authorizations for Release of Health Information” which you may decide to provide to us. 

Non-PHI Personally Identifiable Information

We collect non-PHI Personally Identifiable Information, like your name, email address, date of birth, zip code, and any other information you provide to us when you fill out a web form on our Web site, or register as a member of Privia Health.  We use the Personally Identifiable Information that you provide to us to respond to your questions and inquiries, provide you the specific services you select, call and send you emails about our services, make available valuable partner offers, provide you updates, and inform you of significant changes to this Privacy Policy.  We work with carefully selected business partners so that you may receive valuable offers for their products and services.  We use non-PHI Personally Identifiable Information to help make these offers relevant and valuable to you.  You can inform us not to send you these offers.

Security and Protection of Your Information

Providing security for the personal information you submit to us is a top priority for Privia Health.  We spend a great deal of time, attention, and resources to help protect your privacy.  Here are some of the security procedures we employ:

  • We use one of the highest standards of Secure Socket Layer (SSL) encryption technology in transmitting Personally Identifiable Information to our servers with a 256 Bit Extended Validation security certificate.  In order to take advantage of encryption technology, you must have an Internet browser that supports at least 128-bit encryption.
  • We require both a personal username (log-in name) and a password in order for users to access their Personally Identifiable Information or Personal Health Information.
  • Our servers are located in state-of-the-art secure data centers designed to protect some of the country’s most sensitive data, with professional security measures such as:
    • 24x7x365 security guards
    • 24x7x365 video surveillance
    • 24x7x365 network operations monitoring center and on-site network engineering support
    • Biometric security access through hand scanners
    • Servers located in locked cages
    • Hurricane proof buildings
    • Redundant electrical systems and redundant emergency power generators
    • Redundant HVAC systems
  • We use firewalls to protect the information held in our servers
  • We back-up our systems and data regularly to a redundant off-site secure data center located in another city
  • We maintain audit trails so you can know who has accessed your information
  • We provide a secure messaging tool so that your communications with your health team are sent through a secure, encrypted connection
  • We closely monitor the limited number of Privia Health employees who have potential access to your Personally Identifiable Information.
  • We require all Privia Health employees to undergo privacy training, to abide by our Privacy Policy, and to be subject to disciplinary action if they violate it

Despite Privia Health's efforts to protect your Personally Identifiable Information and Personal Health Information, there is always some risk that an unauthorized third party may find a way around our security systems or that transmissions of your information over the Internet may be intercepted.  You should, therefore, always use caution when submitting personal information online.

Cookies

A “cookie” is a small text file that a Web site can place on your computer’s hard drive in order, for example, to collect information about your activities on the site or to make it easier to use certain site functions.  The cookie transmits this information back to the Web site’s computer.  Many users do not know that “cookies” are being placed on their computers when they visit Web sites.  If you want to know when this happens, or prevent it from happening, you can set your browser to warn you when a website attempts to place a “cookie” on your computer.

The information collected by cookies (i) helps us dynamically generate advertising and content on Web pages or in newsletters, (ii) allows us to statistically monitor how many people are using our Web site and selected sponsors' and advertisers' sites, (iii) let’s us know how many people open our emails, and (iv) for what purposes these actions are being taken. We may use cookie information to target certain advertisements to your browser or to determine the popularity of certain content or advertisements. Cookies are also used to facilitate a user's log-in, as navigation aides and as session timers. 

Web Site Analytics

We use a third party Web analytics service provider that uses cookies and Web beacons to help us analyze how users use our Web site and the effectiveness of our marketing search terms.  The information generated by the cookie about your use of this Web site (including, without limitation, your IP address) will be transmitted to and stored by this service provider.  They will use this information for the purpose of evaluating your use of our Web site and compiling reports for us.  The information collected by our service provider and provided to us is not personally identifiable. 

Information Automatically Collected By Our Sites

Our servers automatically collect certain non-personally identifying information, such as your computer’s IP address, the type of browser in use, and pages viewed, when you visit our Sites. We use this information to understand how visitors navigate through our Sites, to enhance your experience while using our Sites, and to make the materials we post as valuable to visitors as possible. We do not link this information to personally identifiable information.

Personal Information Sharing

We will share your personal information with third parties in the ways that are described above in this privacy statement. We will also share your personal information if we are required to do so by law, or if we believe that doing so is necessary in order to conform to the law, cooperate with law enforcement agencies, comply with legal process served on Privia Health, or otherwise protect Privia Health’s legal rights. From time to time we employ service providers to perform various functions involving personal information on our behalf. These service providers are prohibited from using this personal information for any other purpose.

Access to your Personal Information

Privia Health will provide you reasonable access to your personally identifiable information, at no cost to you, within 30 days of your access request. If we cannot provide access within the 30-day period, we will tell you when we will provide access. In the unlikely event that we cannot provide you access to this information, we will explain why we cannot do so. To request access to your personally identifying information, contact us by email at info@priviahealth.com or by writing us at the following address:

107 S West Street, #409
Alexandria, VA 22314

How to Update or Delete Your Personal Information

Privia Health’s personal health record tools allow you to correct, update or review information you have submitted by going back to the specific tool, logging-in and making the desired changes.  If you terminate your membership in Privia Health or ask to have your profile deleted, we’ll attempt to delete your current profile and its associated PHI.  Note that we may store your information in an inactive back-up medium for a period of not less than six (6) years.  If you specifically direct us to erase you record from our back-up medium, we will attempt to do so to the point it is reasonable and technically feasible.  

Note that it's not technically feasible for us to remove from our servers every record of the information you've provided to us. The need to back up our systems to protect information from inadvertent loss means that a copy of your Personal Information may exist in a nonerasable form, making the information difficult or impossible for us to locate. 

To request deletion of your personally identifying information, contact us by email at info@priviahealth.com or by writing us at the following address:

107 S. West Street, #409
Alexandria, VA 22314

Links to Other Web Sites

Our Web sites may include links to other Web sites whose privacy practices may differ from those of Privia Health. If you submit personal information to any of those sites, your information is subject to their privacy statements. Privia Health’s privacy policy does not apply to information you may submit to those sites. We encourage you to carefully read the privacy statement of any Web site you visit.

Changes in this Privacy Statement

If we change this privacy policy in ways that affect the personally identifying information we have collected, we will post those changes in this space and advise you of choices you may have as a result of those changes. We will also post a notice on our home page that this privacy statement has changed.

Privacy Policy Compliance

If you have questions about this privacy policy or feel Privia Health has not complied with its policies, please send us an email at info@priviahealth.com or write to us at the following address:

107 S. West Street, #409
Alexandria, VA 22314

If you have technical difficulty using our websites, please contact Privia Support at support@priviahealth.com