Privacy Policy

Last updated: June 26, 2025

Table of Contents

  1. Who We Are
  2. Scope of This Policy
  3. Information We Collect
  4. How We Use Your Information
  5. Disclosure of Information
  6. Cookies, Pixels & Online Advertising
  7. HIPAA & Protected Health Information
  8. Your Privacy Rights
  9. Data Security
  10. Data Retention
  11. Children’s Privacy
  12. Contact Us
  13. Changes to This Policy

1. Who We Are

Creekside Physical Medicine (“CPM,” “we,” “us,” or “our”) is a pain-management and migraine clinic located at 5387 Manhattan Cir, Ste 201, Boulder, CO 80303. Our website is creeksidephysicalmedicine.com (the “Site”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit the Site, complete our online intake form, engage with our digital advertising, or otherwise interact with us.

2. Scope of This Policy

  • Healthcare Privacy (HIPAA). We provide each patient with a separate Notice of Privacy Practices (NPP) at the time of their office visit. That document governs our use and disclosure of protected health information (PHI) under HIPAA.

  • Website & Marketing Data. This Policy covers all other personal information collected online or through marketing channels.

  • Additional Laws. We also follow requirements set by the Colorado Privacy Act (CPA), the California Consumer Privacy Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (CDPA), the EU General Data Protection Regulation (GDPR), and similar statutes.

3. Information We Collect

We may collect the following categories of information:

Information you provide directly

  • Name, mailing address, email address, and phone number

  • Details entered into the secure online intake form

  • Appointment requests, messages, or feedback you send us

Payment and insurance details

  • Limited information needed to verify coverage or process a payment (handled through HIPAA-compliant partners; never stored on the public-facing Site)

Device and usage data

  • IP address, browser type, pages viewed, session duration, referring URL, clicks, and similar analytics captured by cookies and pixels

Marketing and advertising data

  • Ad impressions, clicks, conversion data, and retargeting identifiers collected by Google Ads, Meta Ads (Facebook & Instagram), Google Tag Manager, and Google Analytics

4. How We Use Your Information

We use personal information to:

  1. Provide services—schedule appointments, respond to inquiries, deliver treatment or telehealth services.

  2. Process intake forms—create or update your patient record in our HIPAA-compliant EHR.

  3. Improve the Site—monitor performance, debug, and enhance usability.

  4. Market our clinic—show relevant ads on Google, Facebook, and Instagram and measure campaign success.

  5. Comply with legal obligations—meet HIPAA, CPA, IRS, or other regulatory requirements.

  6. Prevent fraud and maintain security.

5. Disclosure of Information

We do not sell PHI or personal data. We share information only in these situations:

  • Service providers such as our web host, EHR vendor, payment processor, or email provider, all bound by strict confidentiality and, where required, HIPAA Business Associate Agreements.

  • Advertising platforms (Google, Meta) solely to measure campaign performance or create pseudonymous audience segments; data shared is hashed or otherwise limited.

  • Legal or regulatory authorities when compelled by subpoena, court order, or audit.

  • Business successors in the event of a merger, acquisition, or asset sale, provided they assume the same confidentiality obligations.

6. Cookies, Pixels & Online Advertising

We rely on cookies and similar technologies to gather analytics and deliver ads. Key tools include:

  • Google Analytics 4 for site analytics and performance metrics.

  • Google Tag Manager to manage measurement tags.

  • Google Ads (including remarketing) for contextual and interest-based advertising.

  • Meta Pixel to create ad audiences and track conversions on Facebook and Instagram.

How to control cookies: You can clear or block cookies in your browser settings, use private-browsing modes, install the Google Analytics Opt-Out Browser Add-On, or adjust your ad preferences on Google and Meta. We currently do not respond to “Do Not Track” signals.

7. HIPAA & Protected Health Information

  • Separate NPP. Our in-clinic Notice of Privacy Practices explains exactly how we create, use, and share PHI for treatment, payment, and healthcare operations.

  • Secure intake form. Information you submit online is encrypted during transmission (TLS) and stored in our HIPAA-compliant EHR.

  • Email caution. Standard email is not fully secure; please avoid sending sensitive medical details via unencrypted email.

8. Your Privacy Rights

Depending on where you live, you may have rights to access, correct, delete, or restrict the personal information we hold about you, to receive a portable copy of that information, or to opt out of targeted advertising.

  • Colorado residents (CPA)—access, correction, deletion, portability, opt out of targeted ads.

  • California residents (CCPA/CPRA)—same rights plus the ability to opt out of “sales” or “sharing” of data.

  • EU/EEA visitors (GDPR)—access, rectification, erasure, restriction, objection, portability.

To exercise any of these rights, email us at info@creeksidemedical.com with the subject line “Privacy Request.” We will verify your identity and respond within the time frames required by law. All users may unsubscribe from marketing emails at any time by using the link contained in each marketing message.

9. Data Security

We protect personal information with industry-standard safeguards, including:

  • TLS encryption for data in transit.

  • HIPAA-compliant hosting for forms and EHR data.

  • Strict access controls and regular vulnerability scans.

No website or email transmission is completely secure, so please use discretion when sharing information online.

10. Data Retention

  • Patient records and PHI are retained for at least seven years or longer if Colorado law requires.

  • Marketing and analytics data are generally retained for up to 26 months unless you request earlier deletion.

  • Backup archives may persist for a limited period before being overwritten or anonymized.

11. Children’s Privacy

The Site is not directed at children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, please contact us so we can delete it.

12. Contact Us

Creekside Physical Medicine
5387 Manhattan Cir, Ste 201
Boulder, CO 80303, USA
Phone: (303) 494-2705
Email: info@creeksidemedical.com

For any privacy-related question or request, please include “Privacy Request” in your subject line.

13. Changes to This Policy

We may update this Privacy Policy periodically. The “Last updated” date at the top reflects the most recent revisions. If we make material changes, we will post a prominent notice on the Site or notify you by email when required.

By using our Site or services, you acknowledge that you have read and understood this Privacy Policy.