Orange County Eating Disorder Therapist Group

oceatingdisorders.com

Effective Date: March 5, 2026

1. Introduction

Orange County Eating Disorder Therapist Group (“we,” “our,” or “us”) is committed to protecting the privacy and confidentiality of all individuals who visit our website (oceatingdisorders.com), contact our office, or receive our clinical services. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information.

We are located at 27281 Las Ramblas, Suite 200, Mission Viejo, California 92691, and can be reached via contact form on our website.

This Privacy Policy applies to information collected through our website, email communications, telephone calls, in-person interactions, telehealth sessions, and any other means by which you provide information to us. Please read this Privacy Policy carefully. By accessing or using our website or services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. Information We Collect

2.1 Personal Information You Provide

We may collect the following categories of personal information when you interact with us:

• Identifiers: Full name, email address, mailing address, telephone number, date of birth
• Insurance and billing information: Health insurance policy details, payment card information, billing address
• Health and medical information: Information about your mental health history, eating disorder symptoms, treatment history, diagnoses, medications, and related clinical information provided during intake, therapy sessions, nutrition counseling, or consultations
• Emergency contact information: Names and contact details of designated emergency contacts
• Referral information: Name and contact information of referring physicians, therapists, or other providers
• Communication records: Content of emails, contact form submissions, voicemails, and other correspondence
• Demographic information: Age, gender, ethnicity, and other information voluntarily provided for treatment purposes

2.2 Information Collected Automatically

When you visit our website, we may automatically collect certain information, including:

• Device and browser type, operating system, and version
• Internet Protocol (IP) address and approximate geographic location
• Pages visited, time spent on pages, and navigation paths
• Referring URL and search terms used to reach our website
• Cookies and similar tracking technologies (see Section 7 below)

2.3 Sensitive Personal Information

Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA/CPRA”), some of the information we collect may be classified as “sensitive personal information.” This may include health information you provide in connection with our clinical services. We only collect and use sensitive personal information as reasonably necessary to provide our therapeutic and nutrition counseling services to you.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

• To provide, coordinate, and manage your eating disorder treatment, therapy, nutrition counseling, and related clinical services
• To schedule appointments and conduct intake assessments
• To process payments, submit insurance claims, and manage billing
• To communicate with you regarding appointments, treatment plans, and follow-up care
• To coordinate care with other healthcare providers involved in your treatment, with your authorization
• To comply with applicable laws, regulations, and professional licensing requirements
• To respond to your inquiries and requests, including free consultation requests
• To improve our website, services, and patient experience
• To send you educational materials, newsletters, or updates about our services (with your consent)
• To maintain the security and integrity of our systems and records

4. HIPAA and California Medical Privacy Protections

As healthcare providers, we are subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the California Confidentiality of Medical Information Act (“CMIA”). These laws impose strict requirements on how we handle your Protected Health Information (“PHI”) and medical information.

Notice of Privacy Practices. You will receive a separate HIPAA Notice of Privacy Practices that describes in detail how your medical and health information may be used and disclosed and your rights with respect to such information. In the event of any conflict between this Privacy Policy and our Notice of Privacy Practices, the Notice of Privacy Practices shall control with respect to PHI and medical information.

Sensitive Services. Under CMIA, mental health treatment information, including eating disorder treatment records, is classified as “sensitive services” information. We will not disclose such information without your express written authorization except as permitted by law.

5. Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA, as amended by the CPRA. Please note that many of these rights apply to personal information that is not otherwise protected as PHI under HIPAA or medical information under CMIA.

Right to Know. You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected the information, the purposes for collection, and the categories of third parties with whom we have shared the information.

Right to Delete. You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (for example, information required for treatment, billing, or legal compliance).

Right to Correct. You have the right to request that we correct inaccurate personal information that we maintain about you.

Right to Limit Use of Sensitive Personal Information. You have the right to limit our use and disclosure of your sensitive personal information to uses that are necessary to provide our services.

Right to Opt Out of Sale or Sharing. We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.

Right to Non-Discrimination. We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you services, charge you different prices, or provide a different level or quality of services because you exercised a privacy right.

Authorized Agent. You may designate an authorized agent to make a request on your behalf. The authorized agent must provide proof of your written authorization and we may require you to verify your identity directly.

To exercise any of these rights, please contact us using the information in Section 14 below. We will respond to verifiable consumer requests within 45 days, as required by law. We may extend this timeframe by an additional 45 days if reasonably necessary, with notice to you.

6. Disclosure of Personal Information

We may disclose your personal information to the following categories of recipients and for the following purposes:

• Healthcare providers involved in your coordinated care, with your authorization
• Health insurance companies and third-party payers for payment and billing purposes
• Professional service providers who assist with our business operations, such as IT support, electronic health records platforms, billing processors, and website hosting services, who are contractually required to protect your information
• Legal and regulatory authorities when required by law, subpoena, court order, or governmental investigation
• As otherwise required or permitted by HIPAA, CMIA, and other applicable laws

We do not sell your personal information to any third party. We have not sold personal information in the preceding 12 months. We do not share your personal information for cross-context behavioral advertising.

7. Cookies and Tracking Technologies

Our website may use cookies, web beacons, and similar tracking technologies to enhance your browsing experience and analyze website usage. Cookies are small data files stored on your device when you visit a website.

Essential Cookies: Necessary for the website to function properly, such as session management and security.

Analytics Cookies: Help us understand how visitors interact with our website, enabling us to improve its design and content. We may use services such as Google Analytics for this purpose.

You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling cookies may affect the functionality of certain features of our website.

Do Not Track / Global Privacy Control. We honor the Global Privacy Control (“GPC”) signal. If your browser or device sends a GPC signal, we will treat it as a valid opt-out request under the CCPA/CPRA. We also recognize “Do Not Track” signals to the extent technically feasible.

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, or as otherwise required by law. Specifically:

• Clinical and medical records are retained for a minimum of seven (7) years from the date of the last treatment encounter, or longer as required by California law. For minor patients, records are retained for at least seven (7) years after the patient reaches the age of eighteen (18).
• Billing and financial records are retained for the period required by applicable tax and healthcare regulations.
• Website analytics data is retained in anonymized or aggregated form and may be kept indefinitely for analytical purposes.
• Marketing and communications data is retained until you withdraw your consent or request deletion.

9. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction. These measures include:

• Encryption of data in transit and at rest
• Secure, HIPAA-compliant electronic health record systems
• Access controls limiting access to personal information on a need-to-know basis
• Regular staff training on privacy and security practices
• Secure telehealth platforms that meet applicable privacy and security standards

While we strive to protect your personal information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your information.

10. Telehealth Services

We offer telehealth services to clients across California. When you use our telehealth services, the same privacy protections described in this Privacy Policy apply. Telehealth sessions are conducted through secure, HIPAA-compliant video platforms. We do not record telehealth sessions unless you provide explicit written consent.

11. Children and Minors

We provide clinical services to adolescents (typically age 12 and older) with the consent and involvement of a parent or legal guardian. We are committed to complying with all applicable laws regarding the privacy of minors, including the Children’s Online Privacy Protection Act (“COPPA”) for children under 13 and California’s protections for minors.

Our website is not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13 through our website. If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will take steps to delete that information promptly.

For minor patients aged 12 to 17, certain information related to mental health treatment may be subject to the minor’s own consent and confidentiality protections under California law.

12. Third-Party Links

Our website may contain links to third-party websites, resources, or services that are not operated or controlled by us. This Privacy Policy does not apply to third-party websites. We encourage you to review the privacy policies of any third-party website you visit. We are not responsible for the privacy practices, content, or security of third-party websites.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make material changes, we will post the updated Privacy Policy on our website with a revised effective date. We encourage you to review this Privacy Policy periodically. Your continued use of our website or services after any changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your California privacy rights, or have concerns about how your information is being handled, please contact us:

Orange County Eating Disorder Therapist Group

27281 Las Ramblas, Suite 200

Mission Viejo, California 92691

Website: oceatingdisorders.com

© 2026 Orange County Eating Disorder Therapist Group. All rights reserved.