PRIVACY
Notice of Privacy Practices
Effective Date: January 1, 2024
Last Updated: October 26, 2025
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. The privacy of your medical information is important to us.
About
Michael Chan, MD, MS, RST, Inc., a Nevada professional corporation, including any board members, representatives, employees, contractors, agents, and affiliates ("Company," "Medical Group", "Practice", "Clinic", "provider", "provider's delegate", "we," "us," "our") provides its services and products to you ("you", "user", "patient", "intended patient", "responsible party") through its website, software, applications, communications, documents, and select electronic services from third party providers (collectively, the "Platform").
This Notice applies to all services, products, programs, and communications provided by the Company.
Our Legal Duty
We are required by applicable federal and state laws to maintain the privacy of your Protected Health Information (PHI).
We are also required to provide you with this Notice explaining our legal duties and privacy practices concerning your PHI, and to abide by the terms of this Notice while it is in effect.
This Notice takes effect immediately and will remain in effect until replaced.
You may request a copy of this Notice (or any revised version) at any time. For more information about our privacy practices, or to request additional copies, please contact us using the information provided at the end of this document.
Uses and Disclosures of Protected Health Information
We will use and disclose your protected health information about you for treatment, payment, and health care operations. Following are examples of the types of uses and disclosures of your protected health care information that may occur. These examples are not meant to be exhaustive, but to describe the types of uses and disclosures that may be made by the Company.
Treatment:
We may use and disclose your PHI to provide, coordinate, or manage your healthcare and related services. For example, we may disclose information to other healthcare providers involved in your treatment, such as specialists or laboratories.
For example, your protected health information may be provided to a physician to whom you have been referred to ensure that the physician has the necessary information to diagnose or treat you. In addition, we may disclose your protected health information from time to time to another physician or healthcare provider (e.g., a specialist or laboratory) who, at the request of your physician, becomes involved in your care by providing assistance with your health care diagnosis or treatment to your physician.
Payment: Your protected health information will be used, as needed, to obtain payment for healthcare services and products applicable to you. We may use and disclose your PHI to obtain payment for services or products rendered. This may include activities such as eligibility verification, insurance authorization, and billing.
This may include certain activities that your health insurance plan may undertake before it approves or pays for the health care services we recommend for you, such as: making a determination of eligibility or coverage for insurance benefits, reviewing services provided to you for protected health necessity, and undertaking utilization review activities. For example, obtaining approval for a hospital stay may require that your relevant protected health information is disclosed to the health plan to obtain approval for the hospital admission.
Health Care Operations: We may use and disclose your PHI as necessary for business operations, such as quality assessments, staff training, and licensing.
We may contact you by telephone, mail, or electronic means to remind you of appointments or to discuss care-related matters.
We may share your protected health information with third-party “business associates” that perform various activities (e.g., billing, transcription services) for the practice. Whenever an arrangement between our office and a business associate involves the use or disclosure of your protected health information, we will have a written contract that contains terms that will protect the privacy of your protected health information.
We may use or disclose your protected health information, as necessary, to provide you with information about treatment alternatives or other health-related benefits and services that may be of interest to you. We may also use and disclose your protected health information for other marketing activities. For example, your name and address may be used to send you a newsletter about our practice and the services we offer. We may also send you information about products or services that we believe may be beneficial to you. You may contact us to request that these materials not be sent to you.
SMS Communications Policy: We may also contact you via text message (SMS or MMS) if you provide your mobile number and consent to receive such messages. By opting in, you expressly consent to receive text communications from the Company (“we,” “us,” or “our”) for purposes related to your care, including:
- Appointment reminders and scheduling updates
- Care coordination and follow-up instructions
- Prescription refill notifications
- Billing or administrative notices
- Health-related alerts or wellness messages
Consent and Opt-Out: You may withdraw your consent to receive text messages at any time by replying “STOP” to any message you receive, or by contacting us using the information listed at the end of this notice. After sending “STOP,” we will send one final confirmation message. You may also reply “HELP” for assistance.
Message and data rates may apply depending on your mobile carrier. Your consent to receive SMS messages is not required as a condition of treatment, payment, or enrollment.
Healthcare and Privacy Compliance: We comply with all applicable privacy and communication laws, including the Health Insurance Portability and Accountability Act (HIPAA), the Telephone Consumer Protection Act (TCPA), and related state privacy laws.
Our SMS program complies with the Health Insurance Portability and Accountability Act (HIPAA), the Telephone Consumer Protection Act (TCPA), and other applicable federal and state privacy laws.
Text messages may contain limited PHI necessary for coordination of your care. While we use HIPAA-compliant messaging systems, please note that standard SMS is not encrypted and may carry privacy risks. You may request alternative communication methods at any time.
Prohibition on Marketing to Minors
We do not knowingly send marketing or promotional SMS messages to individuals under the age of 18. If we become aware that a minor has received a marketing message in error, we will promptly remove that number from our marketing lists. Parents or guardians may contact us at ml@captainmd.com to request deletion or restriction of a minor’s contact information.
Use and Disclosure of SMS Information: We collect and retain only the minimum data needed to manage SMS communications, including your phone number, message delivery information, consent status, and message content (if applicable).
This data may be shared with HIPAA-compliant third-party vendors who assist us in delivering messages.
We do not sell or share your mobile number or message content with unaffiliated third parties for their own marketing purposes.
Security and Retention: We maintain administrative, physical, and technical safeguards to protect SMS-related data in accordance with HIPAA and industry best practices.
SMS data is retained only as long as necessary for the purpose collected or as required by law.
Uses and Disclosures Based On Your Written Authorization:
Other uses and disclosures of your PHI will be made only with your written authorization as described below, unless otherwise permitted or required by law. You may revoke your authorization in writing at any time by sending an email to ml@captainmd.com.
Patient Rights
You have the following rights concerning your Protected Health Information:
- Access: You may request copies of your PHI.
- Amendment: You may request corrections to your PHI.
- Restrictions: You may request limitations on disclosures of your PHI.
- Confidential Communication: You may request that we communicate through alternate means or locations.
- Accounting of Disclosures: You may request a record of certain disclosures we have made of your PHI.
- Paper Copy: You are entitled to a paper copy of this Notice at any time.
Requests may be made in writing by email to ml@captainmd.com.
Others Involved in Your Health Care: Unless you object, we may disclose to a member of your family, a relative, a close friend, or any other person you identify, your protected health information that directly relates to that person’s involvement in your healthcare. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment. We may use or disclose protected health information to notify or assist in notifying a family member, personal representative or any other person that is responsible for the care of your location, general condition, or death.
Marketing: We may use your protected health information to contact you with information about treatment alternatives that may be of interest to you. We may disclose your protected health information to a business associate to assist us in these activities. Unless the information is provided to you by a general newsletter or in person or is for products or services of nominal value, you may opt-out of receiving further such information by telling us using the contact information listed at the end of this notice.
Research; Death; Organ Donation: We may use or disclose your protected health information for research purposes in limited circumstances. We may disclose the protected health information of a deceased person to a coroner, protected health examiner, funeral director or organ procurement organization for certain purposes.
Public Health and Safety: We may disclose your protected health information to the extent necessary to avert a serious and imminent threat to your health or safety or the health or safety of others. We may disclose your protected health information to a government agency authorized to oversee the health care system or government programs or its contractors, and to public health authorities for public health purposes.
Health Oversight: We may disclose protected health information to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include government agencies that oversee the health care system, government benefit programs, other government regulatory programs, and civil rights laws.
Abuse or Neglect: We may disclose your protected health information to a public health authority that is authorized by law to receive reports of child abuse or neglect. In addition, we may disclose your protected health information if we believe that you have been a victim of abuse, neglect, or domestic violence to the governmental entity or agency authorized to receive such information. In this case, the disclosure will be made consistent with the requirements of applicable federal and state laws.
Food and Drug Administration: We may disclose your protected health information to a person or company required by the Food and Drug Administration to report adverse events, product defects or problems, biologic product deviations; to track products; to enable product recalls; to make repairs or replacements; or to conduct post-marketing surveillance, as required.
Criminal Activity: Consistent with applicable federal and state laws, we may disclose your protected health information, if we believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. We may also disclose protected health information if it is necessary for law enforcement authorities to identify or apprehend an individual.
Required by Law: We may use or disclose your protected health information when we are required to do so by law. For example, we must disclose your protected health information to the U.S. Department of Health and Human Services upon request for purposes of determining whether we are in compliance with federal privacy laws. We may disclose your protected health information when authorized by workers’ compensation or similar laws.
Process and Proceedings: We may disclose your protected health information in response to a court or administrative order, subpoena, discovery request, or other lawful processes, under certain circumstances. Under limited circumstances, such as a court order, warrant, or grand jury subpoena, we may disclose your protected health information to law enforcement officials.
Law Enforcement: We may disclose limited information to a law enforcement official concerning the protected health information of a suspect, fugitive, material witness, crime victim, or missing person. We may disclose the protected health information of an inmate or another person in lawful custody to a law enforcement official or correctional institution under certain circumstances. We may disclose protected health information where necessary to assist law enforcement officials to capture an individual who has admitted to participation in a crime or has escaped from lawful custody.
Patient Rights
Access: You have the right to look at or get copies of your protected health information, with limited exceptions. You must make a request in writing to the contact person listed herein to obtain access to your protected health information. You may also request access by sending us a letter to the address at the end of this notice. If you prefer, we will prepare a summary or an explanation of your protected health information for a fee. Contact us using the information listed at the end of this notice for a full explanation of our fee structure.
Accounting of Disclosures: You have the right to receive a list of instances in which we or our business associates disclosed your protected health information for purposes other than treatment, payment, health care operations, and certain other activities after September 1, 2024. We will provide you with the date on which we made the disclosure, the name of the person or entity to whom we disclosed your protected health information, a description of the protected health information we disclosed, the reason for the disclosure, and certain other information. If you request this list more than once in a 12-month period, we may charge you a reasonable, cost-based fee for responding to these additional requests. Contact us using the information listed at the end of this notice for a full explanation of our fee structure.
Restriction Requests: You have the right to request that we place additional restrictions on our use or disclosure of your protected health information. We are not required to agree to these additional restrictions, but if we do, we will abide by our agreement (except in an emergency). Any agreement we may make to a request for additional restrictions must be in writing signed by a person authorized to make such an agreement on our behalf. We will not be bound unless our agreement is so memorialized in writing.
Confidential Communication: You have the right to request that we communicate with you in confidence about your protected health information by alternative means or to an alternative location. You must make your request in writing. We must accommodate your request if it is reasonable, specifies the alternative means or location, and continues to permit us to bill and collect payment from you.
Amendment: You have the right to request that we amend your protected health information. Your request must be in writing, and it must explain why the information should be amended. We may deny your request if we did not create the information you want to be amended or for certain other reasons. If we deny your request, we will provide you with a written explanation. You may respond with a statement of disagreement to be appended to the information you wanted to be amended. If we accept your request to amend the information, we will make reasonable efforts to inform others, including people or entities you name, of the amendment and to include the changes in any future disclosures of that information.
Electronic Notice: If you receive this notice on our website or by electronic mail (email), you are entitled to receive this notice in written form. Please contact us using the information listed at the end of this notice to obtain this notice in written form.
Questions and Complaints
If you have questions, concerns, or complaints about our privacy practices, or believe your privacy rights have been violated, you may contact us using the information below.
You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights. We support your right to protect the privacy of your protected health information. We will not retaliate in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.
Cookies and GDPR Compliance
We use cookies to enhance your browsing experience and to analyze site traffic. Cookies are small data files stored on your device. We use several types of cookies, including necessary cookies required for website functionality, and non-essential cookies for analytics and advertising purposes.
For visitors located in the European Union, we comply with the General Data Protection Regulation (GDPR). Under GDPR, before placing non-essential cookies on your device, we obtain your explicit consent. You will see a cookie consent banner when you first visit our site, allowing you to accept or reject optional cookies. Consent is given through affirmative action and is freely given and specific to the cookie categories you select.
You may withdraw or change your cookie preferences at any time by accessing the cookie settings on our website. We store your consent securely and renew consent requests at least once every 12 months.
Strictly necessary cookies do not require your consent but are necessary for core website functions.
For visitors outside the EU, cookie usage may be governed by other privacy laws but generally does not require cookie consent as per GDPR.
You can control or disable cookies through your browser settings. Please note that disabling cookies may affect your experience on this site.
Contact Information
Patients:
Contact us using our Patient Portal (best method of contact). In the event of an urgent medical matter, or if requested by the Company, you may contact your Provider outside of the Patient Portal.
Others:
Contact us via email at ml@captainmd.com.
Please do not email us sensitive, personal, or private health information.
Acknowledgment of Receipt
By using our services or continuing to communicate with us electronically, you acknowledge that you have received, read, and understood this Notice of Privacy Practices, including our SMS Communications Policy.
PRIVACY
Notice of Privacy Practices
Effective Date: January 1, 2024
Last Updated: October 26, 2025
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. The privacy of your medical information is important to us.
About
Michael Chan, MD, MS, RST, Inc., a Nevada professional corporation, including any board members, representatives, employees, contractors, agents, and affiliates ("Company," "Medical Group", "Practice", "Clinic", "provider", "provider's delegate", "we," "us," "our") provides its services and products to you ("you", "user", "patient", "intended patient", "responsible party") through its website, software, applications, communications, documents, and select electronic services from third party providers (collectively, the "Platform").
This Notice applies to all services, products, programs, and communications provided by the Company.
Our Legal Duty
We are required by applicable federal and state laws to maintain the privacy of your Protected Health Information (PHI).
We are also required to provide you with this Notice explaining our legal duties and privacy practices concerning your PHI, and to abide by the terms of this Notice while it is in effect.
This Notice takes effect immediately and will remain in effect until replaced.
You may request a copy of this Notice (or any revised version) at any time. For more information about our privacy practices, or to request additional copies, please contact us using the information provided at the end of this document.
Uses and Disclosures of Protected Health Information
We will use and disclose your protected health information about you for treatment, payment, and health care operations. Following are examples of the types of uses and disclosures of your protected health care information that may occur. These examples are not meant to be exhaustive, but to describe the types of uses and disclosures that may be made by the Company.
Treatment:
We may use and disclose your PHI to provide, coordinate, or manage your healthcare and related services. For example, we may disclose information to other healthcare providers involved in your treatment, such as specialists or laboratories.
For example, your protected health information may be provided to a physician to whom you have been referred to ensure that the physician has the necessary information to diagnose or treat you. In addition, we may disclose your protected health information from time to time to another physician or healthcare provider (e.g., a specialist or laboratory) who, at the request of your physician, becomes involved in your care by providing assistance with your health care diagnosis or treatment to your physician.
Payment: Your protected health information will be used, as needed, to obtain payment for healthcare services and products applicable to you. We may use and disclose your PHI to obtain payment for services or products rendered. This may include activities such as eligibility verification, insurance authorization, and billing.
This may include certain activities that your health insurance plan may undertake before it approves or pays for the health care services we recommend for you, such as: making a determination of eligibility or coverage for insurance benefits, reviewing services provided to you for protected health necessity, and undertaking utilization review activities. For example, obtaining approval for a hospital stay may require that your relevant protected health information is disclosed to the health plan to obtain approval for the hospital admission.
Health Care Operations: We may use and disclose your PHI as necessary for business operations, such as quality assessments, staff training, and licensing.
We may contact you by telephone, mail, or electronic means to remind you of appointments or to discuss care-related matters.
We may share your protected health information with third-party “business associates” that perform various activities (e.g., billing, transcription services) for the practice. Whenever an arrangement between our office and a business associate involves the use or disclosure of your protected health information, we will have a written contract that contains terms that will protect the privacy of your protected health information.
We may use or disclose your protected health information, as necessary, to provide you with information about treatment alternatives or other health-related benefits and services that may be of interest to you. We may also use and disclose your protected health information for other marketing activities. For example, your name and address may be used to send you a newsletter about our practice and the services we offer. We may also send you information about products or services that we believe may be beneficial to you. You may contact us to request that these materials not be sent to you.
SMS Communications Policy: We may also contact you via text message (SMS or MMS) if you provide your mobile number and consent to receive such messages. By opting in, you expressly consent to receive text communications from the Company (“we,” “us,” or “our”) for purposes related to your care, including:
- Appointment reminders and scheduling updates
- Care coordination and follow-up instructions
- Prescription refill notifications
- Billing or administrative notices
- Health-related alerts or wellness messages
Consent and Opt-Out: You may withdraw your consent to receive text messages at any time by replying “STOP” to any message you receive, or by contacting us using the information listed at the end of this notice. After sending “STOP,” we will send one final confirmation message. You may also reply “HELP” for assistance.
Message and data rates may apply depending on your mobile carrier. Your consent to receive SMS messages is not required as a condition of treatment, payment, or enrollment.
Healthcare and Privacy Compliance: We comply with all applicable privacy and communication laws, including the Health Insurance Portability and Accountability Act (HIPAA), the Telephone Consumer Protection Act (TCPA), and related state privacy laws.
Our SMS program complies with the Health Insurance Portability and Accountability Act (HIPAA), the Telephone Consumer Protection Act (TCPA), and other applicable federal and state privacy laws.
Text messages may contain limited PHI necessary for coordination of your care. While we use HIPAA-compliant messaging systems, please note that standard SMS is not encrypted and may carry privacy risks. You may request alternative communication methods at any time.
Prohibition on Marketing to Minors
We do not knowingly send marketing or promotional SMS messages to individuals under the age of 18. If we become aware that a minor has received a marketing message in error, we will promptly remove that number from our marketing lists. Parents or guardians may contact us at ml@captainmd.com to request deletion or restriction of a minor’s contact information.
Use and Disclosure of SMS Information: We collect and retain only the minimum data needed to manage SMS communications, including your phone number, message delivery information, consent status, and message content (if applicable).
This data may be shared with HIPAA-compliant third-party vendors who assist us in delivering messages.
We do not sell or share your mobile number or message content with unaffiliated third parties for their own marketing purposes.
Security and Retention: We maintain administrative, physical, and technical safeguards to protect SMS-related data in accordance with HIPAA and industry best practices.
SMS data is retained only as long as necessary for the purpose collected or as required by law.
Uses and Disclosures Based On Your Written Authorization:
Other uses and disclosures of your PHI will be made only with your written authorization as described below, unless otherwise permitted or required by law. You may revoke your authorization in writing at any time by sending an email to ml@captainmd.com.
Patient Rights
You have the following rights concerning your Protected Health Information:
- Access: You may request copies of your PHI.
- Amendment: You may request corrections to your PHI.
- Restrictions: You may request limitations on disclosures of your PHI.
- Confidential Communication: You may request that we communicate through alternate means or locations.
- Accounting of Disclosures: You may request a record of certain disclosures we have made of your PHI.
- Paper Copy: You are entitled to a paper copy of this Notice at any time.
Requests may be made in writing by email to ml@captainmd.com.
Others Involved in Your Health Care: Unless you object, we may disclose to a member of your family, a relative, a close friend, or any other person you identify, your protected health information that directly relates to that person’s involvement in your healthcare. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment. We may use or disclose protected health information to notify or assist in notifying a family member, personal representative or any other person that is responsible for the care of your location, general condition, or death.
Marketing: We may use your protected health information to contact you with information about treatment alternatives that may be of interest to you. We may disclose your protected health information to a business associate to assist us in these activities. Unless the information is provided to you by a general newsletter or in person or is for products or services of nominal value, you may opt-out of receiving further such information by telling us using the contact information listed at the end of this notice.
Research; Death; Organ Donation: We may use or disclose your protected health information for research purposes in limited circumstances. We may disclose the protected health information of a deceased person to a coroner, protected health examiner, funeral director or organ procurement organization for certain purposes.
Public Health and Safety: We may disclose your protected health information to the extent necessary to avert a serious and imminent threat to your health or safety or the health or safety of others. We may disclose your protected health information to a government agency authorized to oversee the health care system or government programs or its contractors, and to public health authorities for public health purposes.
Health Oversight: We may disclose protected health information to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include government agencies that oversee the health care system, government benefit programs, other government regulatory programs, and civil rights laws.
Abuse or Neglect: We may disclose your protected health information to a public health authority that is authorized by law to receive reports of child abuse or neglect. In addition, we may disclose your protected health information if we believe that you have been a victim of abuse, neglect, or domestic violence to the governmental entity or agency authorized to receive such information. In this case, the disclosure will be made consistent with the requirements of applicable federal and state laws.
Food and Drug Administration: We may disclose your protected health information to a person or company required by the Food and Drug Administration to report adverse events, product defects or problems, biologic product deviations; to track products; to enable product recalls; to make repairs or replacements; or to conduct post-marketing surveillance, as required.
Criminal Activity: Consistent with applicable federal and state laws, we may disclose your protected health information, if we believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. We may also disclose protected health information if it is necessary for law enforcement authorities to identify or apprehend an individual.
Required by Law: We may use or disclose your protected health information when we are required to do so by law. For example, we must disclose your protected health information to the U.S. Department of Health and Human Services upon request for purposes of determining whether we are in compliance with federal privacy laws. We may disclose your protected health information when authorized by workers’ compensation or similar laws.
Process and Proceedings: We may disclose your protected health information in response to a court or administrative order, subpoena, discovery request, or other lawful processes, under certain circumstances. Under limited circumstances, such as a court order, warrant, or grand jury subpoena, we may disclose your protected health information to law enforcement officials.
Law Enforcement: We may disclose limited information to a law enforcement official concerning the protected health information of a suspect, fugitive, material witness, crime victim, or missing person. We may disclose the protected health information of an inmate or another person in lawful custody to a law enforcement official or correctional institution under certain circumstances. We may disclose protected health information where necessary to assist law enforcement officials to capture an individual who has admitted to participation in a crime or has escaped from lawful custody.
Patient Rights
Access: You have the right to look at or get copies of your protected health information, with limited exceptions. You must make a request in writing to the contact person listed herein to obtain access to your protected health information. You may also request access by sending us a letter to the address at the end of this notice. If you prefer, we will prepare a summary or an explanation of your protected health information for a fee. Contact us using the information listed at the end of this notice for a full explanation of our fee structure.
Accounting of Disclosures: You have the right to receive a list of instances in which we or our business associates disclosed your protected health information for purposes other than treatment, payment, health care operations, and certain other activities after September 1, 2024. We will provide you with the date on which we made the disclosure, the name of the person or entity to whom we disclosed your protected health information, a description of the protected health information we disclosed, the reason for the disclosure, and certain other information. If you request this list more than once in a 12-month period, we may charge you a reasonable, cost-based fee for responding to these additional requests. Contact us using the information listed at the end of this notice for a full explanation of our fee structure.
Restriction Requests: You have the right to request that we place additional restrictions on our use or disclosure of your protected health information. We are not required to agree to these additional restrictions, but if we do, we will abide by our agreement (except in an emergency). Any agreement we may make to a request for additional restrictions must be in writing signed by a person authorized to make such an agreement on our behalf. We will not be bound unless our agreement is so memorialized in writing.
Confidential Communication: You have the right to request that we communicate with you in confidence about your protected health information by alternative means or to an alternative location. You must make your request in writing. We must accommodate your request if it is reasonable, specifies the alternative means or location, and continues to permit us to bill and collect payment from you.
Amendment: You have the right to request that we amend your protected health information. Your request must be in writing, and it must explain why the information should be amended. We may deny your request if we did not create the information you want to be amended or for certain other reasons. If we deny your request, we will provide you with a written explanation. You may respond with a statement of disagreement to be appended to the information you wanted to be amended. If we accept your request to amend the information, we will make reasonable efforts to inform others, including people or entities you name, of the amendment and to include the changes in any future disclosures of that information.
Electronic Notice: If you receive this notice on our website or by electronic mail (email), you are entitled to receive this notice in written form. Please contact us using the information listed at the end of this notice to obtain this notice in written form.
Questions and Complaints
If you have questions, concerns, or complaints about our privacy practices, or believe your privacy rights have been violated, you may contact us using the information below.
You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights. We support your right to protect the privacy of your protected health information. We will not retaliate in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.
Cookies and GDPR Compliance
We use cookies to enhance your browsing experience and to analyze site traffic. Cookies are small data files stored on your device. We use several types of cookies, including necessary cookies required for website functionality, and non-essential cookies for analytics and advertising purposes.
For visitors located in the European Union, we comply with the General Data Protection Regulation (GDPR). Under GDPR, before placing non-essential cookies on your device, we obtain your explicit consent. You will see a cookie consent banner when you first visit our site, allowing you to accept or reject optional cookies. Consent is given through affirmative action and is freely given and specific to the cookie categories you select.
You may withdraw or change your cookie preferences at any time by accessing the cookie settings on our website. We store your consent securely and renew consent requests at least once every 12 months.
Strictly necessary cookies do not require your consent but are necessary for core website functions.
For visitors outside the EU, cookie usage may be governed by other privacy laws but generally does not require cookie consent as per GDPR.
You can control or disable cookies through your browser settings. Please note that disabling cookies may affect your experience on this site.
Contact Information
Patients:
Contact us using our Patient Portal (best method of contact). In the event of an urgent medical matter, or if requested by the Company, you may contact your Provider outside of the Patient Portal.
Others:
Contact us via email at ml@captainmd.com.
Please do not email us sensitive, personal, or private health information.
Acknowledgment of Receipt
By using our services or continuing to communicate with us electronically, you acknowledge that you have received, read, and understood this Notice of Privacy Practices, including our SMS Communications Policy.
PRIVACY
Notice of Privacy Practices
Effective Date: January 1, 2024
Last Updated: October 26, 2025
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. The privacy of your medical information is important to us.
About
Michael Chan, MD, MS, RST, Inc., a Nevada professional corporation, including any board members, representatives, employees, contractors, agents, and affiliates ("Company," "Medical Group", "Practice", "Clinic", "provider", "provider's delegate", "we," "us," "our") provides its services and products to you ("you", "user", "patient", "intended patient", "responsible party") through its website, software, applications, communications, documents, and select electronic services from third party providers (collectively, the "Platform").
This Notice applies to all services, products, programs, and communications provided by the Company.
Our Legal Duty
We are required by applicable federal and state laws to maintain the privacy of your Protected Health Information (PHI).
We are also required to provide you with this Notice explaining our legal duties and privacy practices concerning your PHI, and to abide by the terms of this Notice while it is in effect.
This Notice takes effect immediately and will remain in effect until replaced.
You may request a copy of this Notice (or any revised version) at any time. For more information about our privacy practices, or to request additional copies, please contact us using the information provided at the end of this document.
Uses and Disclosures of Protected Health Information
We will use and disclose your protected health information about you for treatment, payment, and health care operations. Following are examples of the types of uses and disclosures of your protected health care information that may occur. These examples are not meant to be exhaustive, but to describe the types of uses and disclosures that may be made by the Company.
Treatment:
We may use and disclose your PHI to provide, coordinate, or manage your healthcare and related services. For example, we may disclose information to other healthcare providers involved in your treatment, such as specialists or laboratories.
For example, your protected health information may be provided to a physician to whom you have been referred to ensure that the physician has the necessary information to diagnose or treat you. In addition, we may disclose your protected health information from time to time to another physician or healthcare provider (e.g., a specialist or laboratory) who, at the request of your physician, becomes involved in your care by providing assistance with your health care diagnosis or treatment to your physician.
Payment: Your protected health information will be used, as needed, to obtain payment for healthcare services and products applicable to you. We may use and disclose your PHI to obtain payment for services or products rendered. This may include activities such as eligibility verification, insurance authorization, and billing.
This may include certain activities that your health insurance plan may undertake before it approves or pays for the health care services we recommend for you, such as: making a determination of eligibility or coverage for insurance benefits, reviewing services provided to you for protected health necessity, and undertaking utilization review activities. For example, obtaining approval for a hospital stay may require that your relevant protected health information is disclosed to the health plan to obtain approval for the hospital admission.
Health Care Operations: We may use and disclose your PHI as necessary for business operations, such as quality assessments, staff training, and licensing.
We may contact you by telephone, mail, or electronic means to remind you of appointments or to discuss care-related matters.
We may share your protected health information with third-party “business associates” that perform various activities (e.g., billing, transcription services) for the practice. Whenever an arrangement between our office and a business associate involves the use or disclosure of your protected health information, we will have a written contract that contains terms that will protect the privacy of your protected health information.
We may use or disclose your protected health information, as necessary, to provide you with information about treatment alternatives or other health-related benefits and services that may be of interest to you. We may also use and disclose your protected health information for other marketing activities. For example, your name and address may be used to send you a newsletter about our practice and the services we offer. We may also send you information about products or services that we believe may be beneficial to you. You may contact us to request that these materials not be sent to you.
SMS Communications Policy: We may also contact you via text message (SMS or MMS) if you provide your mobile number and consent to receive such messages. By opting in, you expressly consent to receive text communications from the Company (“we,” “us,” or “our”) for purposes related to your care, including:
- Appointment reminders and scheduling updates
- Care coordination and follow-up instructions
- Prescription refill notifications
- Billing or administrative notices
- Health-related alerts or wellness messages
Consent and Opt-Out: You may withdraw your consent to receive text messages at any time by replying “STOP” to any message you receive, or by contacting us using the information listed at the end of this notice. After sending “STOP,” we will send one final confirmation message. You may also reply “HELP” for assistance.
Message and data rates may apply depending on your mobile carrier. Your consent to receive SMS messages is not required as a condition of treatment, payment, or enrollment.
Healthcare and Privacy Compliance: We comply with all applicable privacy and communication laws, including the Health Insurance Portability and Accountability Act (HIPAA), the Telephone Consumer Protection Act (TCPA), and related state privacy laws.
Our SMS program complies with the Health Insurance Portability and Accountability Act (HIPAA), the Telephone Consumer Protection Act (TCPA), and other applicable federal and state privacy laws.
Text messages may contain limited PHI necessary for coordination of your care. While we use HIPAA-compliant messaging systems, please note that standard SMS is not encrypted and may carry privacy risks. You may request alternative communication methods at any time.
Prohibition on Marketing to Minors
We do not knowingly send marketing or promotional SMS messages to individuals under the age of 18. If we become aware that a minor has received a marketing message in error, we will promptly remove that number from our marketing lists. Parents or guardians may contact us at ml@captainmd.com to request deletion or restriction of a minor’s contact information.
Use and Disclosure of SMS Information: We collect and retain only the minimum data needed to manage SMS communications, including your phone number, message delivery information, consent status, and message content (if applicable).
This data may be shared with HIPAA-compliant third-party vendors who assist us in delivering messages.
We do not sell or share your mobile number or message content with unaffiliated third parties for their own marketing purposes.
Security and Retention: We maintain administrative, physical, and technical safeguards to protect SMS-related data in accordance with HIPAA and industry best practices.
SMS data is retained only as long as necessary for the purpose collected or as required by law.
Uses and Disclosures Based On Your Written Authorization:
Other uses and disclosures of your PHI will be made only with your written authorization as described below, unless otherwise permitted or required by law. You may revoke your authorization in writing at any time by sending an email to ml@captainmd.com.
Patient Rights
You have the following rights concerning your Protected Health Information:
Access: You may request copies of your PHI.
Amendment: You may request corrections to your PHI.
Restrictions: You may request limitations on disclosures of your PHI.
Confidential Communication: You may request that we communicate through alternate means or locations.
Accounting of Disclosures: You may request a record of certain disclosures we have made of your PHI.
Paper Copy: You are entitled to a paper copy of this Notice at any time.
Requests must be made in writing by email to ml@captainmd.com.
Others Involved in Your Health Care: Unless you object, we may disclose to a member of your family, a relative, a close friend, or any other person you identify, your protected health information that directly relates to that person’s involvement in your healthcare. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment. We may use or disclose protected health information to notify or assist in notifying a family member, personal representative or any other person that is responsible for the care of your location, general condition, or death.
Marketing: We may use your protected health information to contact you with information about treatment alternatives that may be of interest to you. We may disclose your protected health information to a business associate to assist us in these activities. Unless the information is provided to you by a general newsletter or in person or is for products or services of nominal value, you may opt-out of receiving further such information by telling us using the contact information listed at the end of this notice.
Research; Death; Organ Donation: We may use or disclose your protected health information for research purposes in limited circumstances. We may disclose the protected health information of a deceased person to a coroner, protected health examiner, funeral director or organ procurement organization for certain purposes.
Public Health and Safety: We may disclose your protected health information to the extent necessary to avert a serious and imminent threat to your health or safety or the health or safety of others. We may disclose your protected health information to a government agency authorized to oversee the health care system or government programs or its contractors, and to public health authorities for public health purposes.
Health Oversight: We may disclose protected health information to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include government agencies that oversee the health care system, government benefit programs, other government regulatory programs, and civil rights laws.
Abuse or Neglect: We may disclose your protected health information to a public health authority that is authorized by law to receive reports of child abuse or neglect. In addition, we may disclose your protected health information if we believe that you have been a victim of abuse, neglect, or domestic violence to the governmental entity or agency authorized to receive such information. In this case, the disclosure will be made consistent with the requirements of applicable federal and state laws.
Food and Drug Administration: We may disclose your protected health information to a person or company required by the Food and Drug Administration to report adverse events, product defects or problems, biologic product deviations; to track products; to enable product recalls; to make repairs or replacements; or to conduct post-marketing surveillance, as required.
Criminal Activity: Consistent with applicable federal and state laws, we may disclose your protected health information, if we believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. We may also disclose protected health information if it is necessary for law enforcement authorities to identify or apprehend an individual.
Required by Law: We may use or disclose your protected health information when we are required to do so by law. For example, we must disclose your protected health information to the U.S. Department of Health and Human Services upon request for purposes of determining whether we are in compliance with federal privacy laws. We may disclose your protected health information when authorized by workers’ compensation or similar laws.
Process and Proceedings: We may disclose your protected health information in response to a court or administrative order, subpoena, discovery request, or other lawful processes, under certain circumstances. Under limited circumstances, such as a court order, warrant, or grand jury subpoena, we may disclose your protected health information to law enforcement officials.
Law Enforcement: We may disclose limited information to a law enforcement official concerning the protected health information of a suspect, fugitive, material witness, crime victim, or missing person. We may disclose the protected health information of an inmate or another person in lawful custody to a law enforcement official or correctional institution under certain circumstances. We may disclose protected health information where necessary to assist law enforcement officials to capture an individual who has admitted to participation in a crime or has escaped from lawful custody.
Patient Rights
Access: You have the right to look at or get copies of your protected health information, with limited exceptions. You must make a request in writing to the contact person listed herein to obtain access to your protected health information. You may also request access by sending us a letter to the address at the end of this notice. If you prefer, we will prepare a summary or an explanation of your protected health information for a fee. Contact us using the information listed at the end of this notice for a full explanation of our fee structure.
Accounting of Disclosures: You have the right to receive a list of instances in which we or our business associates disclosed your protected health information for purposes other than treatment, payment, health care operations, and certain other activities after September 1, 2024. We will provide you with the date on which we made the disclosure, the name of the person or entity to whom we disclosed your protected health information, a description of the protected health information we disclosed, the reason for the disclosure, and certain other information. If you request this list more than once in a 12-month period, we may charge you a reasonable, cost-based fee for responding to these additional requests. Contact us using the information listed at the end of this notice for a full explanation of our fee structure.
Restriction Requests: You have the right to request that we place additional restrictions on our use or disclosure of your protected health information. We are not required to agree to these additional restrictions, but if we do, we will abide by our agreement (except in an emergency). Any agreement we may make to a request for additional restrictions must be in writing signed by a person authorized to make such an agreement on our behalf. We will not be bound unless our agreement is so memorialized in writing.
Confidential Communication: You have the right to request that we communicate with you in confidence about your protected health information by alternative means or to an alternative location. You must make your request in writing. We must accommodate your request if it is reasonable, specifies the alternative means or location, and continues to permit us to bill and collect payment from you.
Amendment: You have the right to request that we amend your protected health information. Your request must be in writing, and it must explain why the information should be amended. We may deny your request if we did not create the information you want to be amended or for certain other reasons. If we deny your request, we will provide you with a written explanation. You may respond with a statement of disagreement to be appended to the information you wanted to be amended. If we accept your request to amend the information, we will make reasonable efforts to inform others, including people or entities you name, of the amendment and to include the changes in any future disclosures of that information.
Electronic Notice: If you receive this notice on our website or by electronic mail (email), you are entitled to receive this notice in written form. Please contact us using the information listed at the end of this notice to obtain this notice in written form.
Questions and Complaints
If you have questions, concerns, or complaints about our privacy practices, or believe your privacy rights have been violated, you may contact us using the information below.
You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights. We support your right to protect the privacy of your protected health information. We will not retaliate in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.
Cookies and GDPR Compliance
We use cookies to enhance your browsing experience and to analyze site traffic. Cookies are small data files stored on your device. We use several types of cookies, including necessary cookies required for website functionality, and non-essential cookies for analytics and advertising purposes.
For visitors located in the European Union, we comply with the General Data Protection Regulation (GDPR). Under GDPR, before placing non-essential cookies on your device, we obtain your explicit consent. You will see a cookie consent banner when you first visit our site, allowing you to accept or reject optional cookies. Consent is given through affirmative action and is freely given and specific to the cookie categories you select.
You may withdraw or change your cookie preferences at any time by accessing the cookie settings on our website. We store your consent securely and renew consent requests at least once every 12 months.
Strictly necessary cookies do not require your consent but are necessary for core website functions.
For visitors outside the EU, cookie usage may be governed by other privacy laws but generally does not require cookie consent as per GDPR.
You can control or disable cookies through your browser settings. Please note that disabling cookies may affect your experience on this site.
Contact Information
Patients:
Contact us using our Patient Portal (best method of contact). In the event of an urgent medical matter, or if requested by the Company, you may contact your Provider outside of the Patient Portal.
Others:
Contact us via email at ml@captainmd.com.
Please do not email us sensitive, personal, or private health information.