Privacy Notice

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This Notice of Privacy Practices applies to Protected Health Information associated with Group Health Plans provided by Geist Center for Allergy, Asthma & Immunology, PC to its employees, its employee’s dependents and, as applicable, retired employees. This Notice describes how Geist Center for Allergy, Asthma & Immunology, PC, collectively we, us, or our practice may use and disclose Protected Health Information to carry out payment and health care operations, and for other purposes that are permitted or required by law. When you use our services, our collection and handling of your information is regulated by The Health Insurance Portability and Accountability Act (“HIPAA”) and our agreements with your healthcare provider All new patients will be given the opportunity to read and acknowledge the terms of our privacy notice. You can download a full PDF copy of this form here: Privacy Notice 2025.

Table of Contents 

  • What information do we collect? 
  • How do we use your information? 
  • Sharing your information 
  • Data retention 
  • Security of information 
  • Electronic communications 
  • Third party platforms 
  • Tracking Technologies 
  • Changes to our privacy policy 
  • Contact information 

What information do we collect?

In accordance with our agreements with your healthcare provider, we may collect:

  • We collect information you provide us if you access, voluntarily enter information into or sign up or requests our services.
  • You may also have the option, in certain instances, to enter information in free text fields so that your healthcare provider can manage your requested services or visit.
  • When you visit our websites, interact with any mobile applications or use our Services, we may gather information about your visit/use of the Services and your device. The information we automatically collect includes data about your device such as device ID, browser type, language preferences, IP address, information about when you accessed or registered, modified, logged in/out of the services, information related to actions taken on the site and information related to your operating system. We may also collect information that allows us to connect to the device that you use to connect to the Services (such as your cell phone and your computer or device).
  • We may also collect information related to your use of the Services, including any permissions you set, authorizations you provide (including authorizations and information related to any third party platforms you use or access through your accounts), your language and communication preferences, security related information (such as your account credentials, failed log in attempts, timeouts, past passwords, security questions for identity or account validation, number and frequency of username or password resets/access attempts and geolocation information.
  • In addition, we may collect other information as permitted under applicable law or our agreements with your healthcare provider.

 

How do we use your information?

We use your information in accordance with HIPAA and our agreements with your healthcare provider. This includes, for example:

  • To provide, enhance, secure, support and improve the Services we provide to you and your healthcare provider. This includes to communicate with you in connection with the services as well as communications related to new features, feedback requests, technical notices and administrative messages.
  • For data analysis, our internal management/operations, audits, and compliance with all applicable laws, regulations and law enforcement requirements.
  • To enable cross-device/cross-context tracking for your log in with our website/portal.
  • To fulfill or meet the reason you provided the information such as registering you for the requested Services.
  • To plan and execute security and risk control measures to detect fraud and abuse detection and prevention for your health and safety as well as your healthcare provider.
  • We may also de-identify and/or aggregate your data for business purposes in accordance with our agreements with your healthcare providers. We de-identify protected health information in accordance with the HIPAA expert determination method and/or the safe harbor method.

 

Sharing your information

In general, we share your information only in accordance with HIPAA and our affiliates to provide for your health care services.

  • To comply with the contractual obligations that we may have to your healthcare provider.
  • With our third-party vendors, consultants, agents, other service providers or third parties we use to help us provide or improve the services.
  • With third parties that your healthcare provider has directed us to share your information in accordance with your provider.
  • That you consent to or direct us to send/receive information to/from pursuant to our agreements with your provider.
  • When we are complying with laws or responding to lawful requests and legal processes or responding to an emergency situation.
  • When we believe it necessary to protect our rights and the security of the Services, to protect the rights and security of our customers or partners, to avoid liability and to avoid violations of the law; or
  • In connection with or during negotiation or consummation of any merger, divestiture, restructuring, reorganizing, financing, acquisition, or bankruptcy transaction or proceeding involving sale or transfer of all or a portion of our business or assets to another company.
  • Mobile information will not be shared with third parties/affiliates for marketing/promotional purposes.

We may have the right under our agreements with your healthcare provider to de-identify data in accordance with HIPAA. We may sell or disclose such de-identified information to third parties.

 

Data retention

We retain your information for as long as permitted under our contracts with your healthcare providers or as needed to comply with our legal obligations, to resolve disputes, and to enforce our legal rights, policies, terms, and agreements.

 

Security of information

We use technical, administrative and physical safeguards designed to protect the security of your information from unauthorized disclosure. However, security cannot be guaranteed against all threats.

 

Electronic communications

In connection with your accounts created through your use of the Services, Geist Allergy, may need to send business, informational, support and security related messages (texts, alerts or calls) to all telephone numbers, including mobile devices, you choose to provide on your accounts. You agree such texts or calls may be pre-recorded messages or placed with an automatic telephone dialing system. In addition, you agree to accept and pay all carrier message and data rates that apply to such text messages.

 

If you chose to provide an email or other electronic address on your account, you acknowledge that and consent to receive business and informational messages relating to your account at the address and you represent and warrant that such address is awaiting your review. To the extent that we inform you via email, by signing up and/or using our patient portal, you agree that such emails may be sent between 9 PM and 8 AM. You are providing your direct consent to receive such emails. If you wish to be removed from receiving future communications, you can opt out by texting STOP, QUIT, END, REVOKE, OPT OUT, CANCEL, or UNSUBSCRIBE.
SMS Terms & Conditions: By opting in, you agree to receive SMS messages from Geist Allergy, including service updates and appointment reminders. Message frequency varies. Standard message and date rates apply. For additional details, please see our full Privacy Policy. To opt-out, reply STOP. For help, reply Help or contact us at 317-826-5440.

 

Third Party Platforms

Online tracking technologies (“Tracking Technologies”) are generally scripts or code on a website or mobile app used to gather information about users as they interact with the website or mobile app. After information is collected through Tracking Technologies from websites or mobile apps, it is then analyzed by owners of the website or mobile app (“website owner” or “mobile app owner”), or third parties, to create insights about user’s online activities and used to collect and analyze information about how users interact with websites or mobile applications.

We use Tracking Technologies as a part of the provision of Services to our healthcare provider clients (your healthcare provider). We use third party Tracking Technologies only in instances where: (1) disclosure of information collected by such third party Tracking Technologies is permitted by law; (2) appropriate contractual assurances are in place with such third parties, which may include a Business Associate Agreement; and (3) the use and disclosure are permitted by the contractual terms agreed upon between Geist Allergy and our client(s).

Changes to our Privacy Policy

We reserve the right to amend this policy at our discretion and at any time. When we make changes to this policy, we will post the updated policy on the website and update the Policy’s effective date. Your continued use of our Services following the posting of changes constitutes your acknowledgement of such changes.

 

Contact Information

Our goal is to respect your privacy, and we encourage user feedback to help us improve our privacy policies. If you have any questions or suggestions about this privacy statement, please contact us at:

Geist Center For Allergy, Asthma & Immunology

8150 Oaklandon Road, Suite 119

Indianapolis, IN 46236

Office: 318-826-5440

Fax: 317-826-5463

 

EFFECTIVE DATE
This Notice is effective and was most recently updated on March 13, 2025.