MD Senior Care Medical Group ("MDSCMG," "we," "us," or "our") is committed to protecting the privacy and security of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard information in compliance with the Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA) as amended by the CPRA, and all applicable federal and California state laws.
MD Senior Care Medical Group is an Independent Physician Association (IPA) operating in Southern California, specializing in Medicare Advantage and value-based care programs. We serve Medicare-eligible seniors through contracted network physicians, specialists, and ancillary providers. As a covered entity under HIPAA, we are required by law to maintain the privacy of your Protected Health Information (PHI) and to provide you with this notice of our legal duties and privacy practices.
The information collected is used to provide and improve our healthcare services, respond to inquiries and requests, manage appointments and care coordination, and communicate updates about our services. We may also use this information to support marketing and outreach efforts, subject to your consent, and to improve the overall functionality and security of our website.
We use your information for the following purposes, consistent with HIPAA's permitted uses and disclosures:
Treatment: Coordinating care among network physicians, specialists, and facilities to support your health outcomes
Payment: Processing claims, verifying eligibility, and managing risk-based reimbursement under full-risk Medicare Advantage contracts
Healthcare operations: Quality improvement, utilization management, care management programs, provider credentialing, and HCC risk adjustment activities
Legal compliance: Meeting obligations under CMS regulations, state licensing requirements, and contractual duties to Medicare Advantage health plans
Communication: Sending appointment reminders, care gap alerts, and plan-related notices
We may share your PHI and personal information with:
-Network physicians, specialists, and hospitals involved in your care
-Medicare Advantage health plans with which we hold full-risk contracts
-Business associates performing services on our behalf (e.g., billing, health IT, care management vendors), under written Business Associate Agreements (BAAs)
-Government agencies including CMS, DHCS, and the California Department of Insurance, as required by law
-Legal and regulatory authorities when required by court order, subpoena, or applicable law
We do not sell your personal information or PHI. We do not use or disclose your information for marketing purposes.
As our patient or plan member, you have the right to:
Access: Request a copy of your medical records and PHI
Amendment: Request corrections to inaccurate or incomplete information
Accounting of disclosures: Request a list of disclosures we have made of your PHI
Restriction: Request restrictions on certain uses and disclosures of your PHI
Confidential communications: Request that we contact you in a specific way or at a specific location
Complaint: File a complaint with us or with the U.S. Department of Health and Human Services if you believe your privacy rights have been violated
California residents have additional rights under the CCPA as amended by the CPRA. To the extent these rights apply outside of HIPAA-regulated activities, you have the right to:
-Know what personal information we collect, use, disclose, or sellRequest deletion of your personal information, subject to applicable exceptions
-Opt out of the sale or sharing of your personal information (we do not sell or share personal information)
-Correct inaccurate personal informationLimit the use of sensitive personal information
-Non-discrimination for exercising your privacy rights
To submit a CCPA request, contact us using the information in Section 9 below. We will respond within 45 days as required by law.
We maintain administrative, physical, and technical safeguards to protect your information in accordance with HIPAA Security Rule requirements. Access to PHI is limited to authorized workforce members on a need-to-know basis. In the event of a breach of unsecured PHI, we will notify affected individuals, the Secretary of HHS, and where required, the media, in accordance with HIPAA Breach Notification Rules.
We retain medical records and PHI for a minimum of 10 years from the date of service, or longer if required by California law or our contractual obligations with Medicare Advantage health plans. Business records are retained in accordance with applicable federal and state record retention requirements.
We reserve the right to update this Privacy Policy at any time. Changes will be posted on our website with a revised effective date. Material changes affecting how we use your PHI will be communicated to you directly as required by HIPAA.
Last revised: April 7, 2025
