MPT PRIVACY POLICY

Last updated: 2/4/2026

Midwest Physical Therapy (“MPT,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, share, and protect information when you visit our website, contact us, or receive care in our clinic. It also summarizes your rights related to Protected Health Information (PHI) under HIPAA. For our full HIPAA Notice of Privacy Practices (NPP)—which governs how we use and disclose PHI for treatment, payment, and healthcare operations—please request a copy in-clinic or via the contact details below. This website policy is separate from the HIPAA NPP.

  • Website content is for information only and is not medical advice. Always consult a licensed clinician for diagnosis or treatment.

1) What we collect

Information you provide: contact details, appointment/intake info, insurance and billing details, forms you submit (including uploads like insurance cards/referrals), and communications (calls, texts, emails, messages).

Information we collect automatically: IP address, device/browser type, pages viewed, timestamps, referring/exit pages, and similar usage data via cookies, pixel tags, and web beacons for site performance, security, and service improvement. You can control cookies through your browser; some features may not function without them.

Information from third parties: referring providers, insurers, EHR/scheduling vendors, payment processors, and other service partners may share information with us as allowed by law and your plan.

2) How we use information

Care, payment, operations (HIPAA-permitted):

  • Treatment: coordinating your PT care and communicating with you and other providers.

  • Payment: verifying benefits, submitting claims, obtaining pre-authorizations, and processing patient responsibility.

  • Operations: quality improvement, staff training, auditing, compliance, and secure IT support. We may use business associates (e.g., billing, EHR, secure messaging) under agreements that require safeguarding of PHI.

Website & customer service: responding to inquiries, scheduling visits, sending reminders, improving website performance, and personalizing communications. We may use analytics and service providers to operate and enhance the site.

Marketing & education: with your consent where required. You can opt out anytime (see “Your choices”).

3) When we share information

We share information as permitted/required by law and as needed to deliver services:

  • Service providers/vendors: EHR/portal, scheduling, secure messaging, analytics, web hosting, payment processing, and support. These parties may access only what’s needed to perform their services and are restricted from other uses.

  • Treatment, payment, healthcare operations: insurers, clearinghouses, and providers involved in your care.

  • Legal compliance & safety: public health reporting, law enforcement, court orders/subpoenas, and serious threat prevention, as allowed by law.

We do not sell your personal information.

4) Your HIPAA rights (summary)

Under HIPAA, you can: access/copy your medical record, request corrections, receive an accounting of certain disclosures, request restrictions on use/disclosure, request confidential communications, and obtain a copy of our NPP. You may also file a privacy complaint. We will respond within required timeframes and explain any denials.

5) Your choices

  • Texts/emails: opt in or out anytime (reply STOP to texts or use email unsubscribe). Some clinical or billing notices may still be sent where permitted/required.

  • Cookies/analytics: manage via your browser/device settings; blocking cookies may affect site functionality.

  • Testimonials/photos: used only with your written authorization.

6) Children & minors

Our website is not directed to children under 13. Pediatric care is provided with parent/guardian involvement and in accordance with applicable law. If you believe a child provided personal information online without consent, contact us to request removal.

7) Data security

We use administrative, technical, and physical safeguards to protect information (e.g., access controls, encryption in transit where applicable, staff training). No method is 100% secure; if a breach affects your information, we will notify you per law.

8) Data retention

We keep records as required by law and for legitimate business purposes. When no longer needed, information is disposed of securely. Website-related personal information is retained consistent with the purposes described or as required by law.

9) Out-of-network, self-pay, workers’ comp & auto claims

Where applicable, we can bill out-of-network or offer self-pay rates. For work injuries and motor-vehicle accidents, we coordinate necessary documentation and billing with your adjuster/attorney.

10) State-specific rights

Depending on your state, you may have additional privacy rights (e.g., access, deletion, correction, portability, and limits on sensitive data use). To submit a request, use the contact info below. We’ll verify your identity and respond within the required timeframe. (This section is provided as a general notice; we’ll honor applicable state laws.)

11) Changes to this policy

We may update this policy periodically. Changes will be posted with a new “Last updated” date. Material changes will be highlighted for a reasonable period.