(425) 319-9288(425) 319-9288(425) 319-9288
Tap for Directions
Providence Medical Massage

Privacy Policies

Providence Medical Massage is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information obtained through our website and in the course of providing massage therapy and related health services. This policy complies with applicable Washington State laws, including the Uniform Health Care Information Act (RCW 70.02), Washington Consumer Protection laws, and the Health Insurance Portability and Accountability Act (HIPAA).

 

1. Information We Collect

1.1 Health Information (Protected Health Information – PHI)

If you schedule appointments, complete intake forms, communicate through our patient portal, or receive services, we may collect PHI including, but not limited to:

  • Medical history and treatment information

  • Health conditions, symptoms, injuries, and assessments

  • Insurance information

  • Billing and payment records

  • Any information you disclose during treatment or consultation

PHI is protected under HIPAA and RCW 70.02.

1.2 Personal Information (Non-PHI)

Through our website or business operations, we may also collect:

  • Name, phone number, email address

  • Appointment requests

  • Account/login information (if applicable)

  • Payment information

  • Communications you send via email, web forms, or messaging

1.3 Automatically Collected Website Information

We may automatically collect:

  • IP address

  • Browser type

  • Device identifiers

  • Pages visited, time spent, website traffic analytics (e.g., via cookies or similar technologies)

We do not collect or store PHI through website analytics tools.

2. How We Use Information

2.1 Use of PHI

We use your PHI only for purposes permitted by HIPAA and Washington law, such as:

  • Providing treatment and massage therapy services

  • Coordinating care with other healthcare providers (with your authorization unless allowed by law)

  • Billing, payment processing, and insurance claims

  • Maintaining clinical records

  • Health-care operations such as quality improvement, scheduling, and compliance

  • Required reporting (e.g., public health reporting if mandated by law)

2.2 Use of Personal and Website Information

We use non-PHI information to:

  • Respond to inquiries

  • Process appointment requests

  • Improve website functionality

  • Manage security and prevent fraud

  • Send administrative or appointment messages

  • Provide marketing communications directly from us via email or newsletter, and only with prior consent, as required by Washington law. We will never market to you via text message.

3. How We Share Information

3.1 Sharing of PHI

We may share PHI only as permitted by HIPAA and RCW 70.02, including:

  • With other healthcare providers involved in your care

  • With insurance companies for billing and authorizations

  • With business associates (e.g., EHR vendors, billing services) under HIPAA-required Business Associate Agreements

  • When required by state or federal law (subpoena, court order, public health reporting)

  • With your written authorization for any other disclosures

We will not sell, trade, or use your PHI for marketing without your explicit written authorization, as prohibited by HIPAA and Washington law.

3.2 Sharing of Non-PHI Website Data

We may share aggregated, non-identifying website analytics with service providers for security, analytics, or website performance.
We do not sell personal information.

4. HIPAA & Washington State Rights

As a patient, you have rights under HIPAA and RCW 70.02, including:

  • Right to Access: You may request copies of your health records.

  • Right to Amend: You may request corrections to your records.

  • Right to Accounting of Disclosures: You may request a list of certain disclosures.

  • Right to Request Restrictions: You may ask us to limit how we use or disclose your information.

  • Right to Confidential Communications: You may request communication through alternative means.

  • Right to File a Complaint: You may file a complaint with us, the Washington State Department of Health, or the U.S. Department of Health & Human Services (HHS) without fear of retaliation.

Requests may be submitted in writing to the contact information listed at the end of this policy.

5. Data Security

We maintain administrative, technical, and physical safeguards consistent with HIPAA Security Rule requirements and Washington privacy laws. These include:

  • Encrypted electronic health record (EHR) systems

  • Secure transmission protocols

  • Limited employee access to PHI

  • Regular training on privacy compliance

While we take reasonable measures to protect information, no system is 100% secure. We comply with Washington State breach notification requirements (RCW 19.255.010) and HIPAA breach rules in the event of an unauthorized access incident.

6. Cookies & Tracking Technologies

Our website may use:

  • Cookies

  • Local storage

  • Analytics tools

These track non-PHI browsing behavior to improve the user experience. You can disable cookies in your browser settings.

We do not use tracking technologies to collect PHI.

7. Third-Party Services

The website may contain links or integrations to third-party services, such as:

  • Online scheduling platforms

  • Payment processors

  • Electronic health record portals

Third-party providers operate under their own privacy policies. We encourage you to review those policies before submitting information.

8. Email, Text Messaging, and Electronic Communication

  • Standard email and text messaging are not guaranteed to be HIPAA-secure.

  • We will only use electronic communication for PHI when you have provided consent or when it meets HIPAA security requirements.

  • You may opt out of non-clinical communications at any time.

9. Minors’ Privacy

We do not knowingly collect information from minors without lawful parental or guardian consent as required by Washington law and HIPAA.

10. Your Choices

You may:

  • Opt out of marketing emails

  • Request that we not use certain information

  • Decline to provide information (though this may limit our ability to provide services)

11. Changes to This Policy

We may update this Privacy Policy to remain compliant with laws or to reflect changes in practice operations. Updates will be posted on our website with a revised effective date.