PRIVACY POLICY

Fusella Family Medicine collects, uses, and is responsible for certain personal information about you.

This website and any products and services offered herein are not intended for persons under the age of 13. Fusella Family Medicine does not knowingly collect information from anyone under 13 years of age. Fusella Family Medicine prohibits children under the age of 13 from using all interactive portions of this website, including leaving any comments, filling out forms, or otherwise submitting information. Fusella Family Medicine will not knowingly collect personally identifiable information from children under 13. If Fusella Family Medicine learns it has any information or content from anyone under the age of 13, it will delete that information.

a. Information Collected by Us

Fusella Family Medicine may collect, use, and is responsible for certain personal information that you provide when you voluntarily sign up for our newsletter through our linked newsletter service on drmarissa.com. The information collected through the newsletter signup includes your first name and email address only. You are not required to provide any personally identifiable information to merely access or visit this website.

Fusella Family Medicine may collect domain information and “cookies” (small files saved on your hard drive by your web browser) to analyze website performance, track user patterns, save information from your previous visits, and customize your experience.

If your browser sends a “Do Not Track” signal, because there is no common understanding about what a “Do Not Track” signal is supposed to mean, our website platform does not respond to those signals in any particular way and does not alter our website’s data collection and use practices when it sees a Do Not Track signal from your browser.

We will ask for your consent to allow us to use cookies. Fusella Family Medicine or its third-party vendors may collect nonpersonal information through the use of these technologies. Nonpersonal information might include the browser you use, the type of computer you use, and technical information about your means of connection to this website such as the operating systems and the Internet service providers utilized and other similar information. Fusella Family Medicine’s systems may also automatically gather information about the areas you visit and search terms you use on this website and about the links you may select from within this website to other areas of the Internet.

If you are located in the European Economic Area (EEA), we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as controller of that personal information for the purposes of those laws.

If you are located in the United Kingdom (“UK”), we are regulated under UK data regulations known as “UK GDPR.”

b. Information Collected from Other Sources

We also obtain information from other sources, such as:

• Google Search Console for basic session analytics
• Newsletter service on drmarissa.com which collects first name and email address
• SigmaMD (Sigmoid Health, Inc.) – Our Electronic Medical Records and care management platform where membership signup, patient onboarding, login, and data collection takes place. Please note that any information you provide through the SigmaMD platform is subject to their separate privacy policy and terms of service. SigmaMD’s privacy policy can be found at their website.

Important Note About SigmaMD: When you sign up for membership with Fusella Family Medicine through the SigmaMD platform, you will be creating an account directly with SigmaMD. The protected health information (PHI) and personal information you provide through SigmaMD is collected and processed by SigmaMD in accordance with their privacy policy and Business Associate Agreement with our practice. While we use SigmaMD to manage patient care and maintain medical records, SigmaMD may also use de-identified and aggregated data for their own purposes as permitted under HIPAA regulations.

The information collected through our newsletter signup may include your first name and email address.

c. How We Use Your Personal Information

Fusella Family Medicine collects such information in order to send information and newsletter communications, improve website performance, and provide information about our direct primary care services.

d. Who We Share Your Personal Information With

Fusella Family Medicine respects your privacy and will never sell, trade, or transfer your personally identifiable information to third parties (beyond what is necessary for the basic functionality of an online service) without your consent.

We do, however, share information with our third-party service providers. Our current third-party suppliers include:

• Google Search Console for website analytics
• Mailchimp for email communications
• SigmaMD (Sigmoid Health, Inc.) for care management platform, membership signup, patient management, telehealth services, and medical records management. SigmaMD acts as a Business Associate under HIPAA and processes protected health information on our behalf. SigmaMD may also use de-identified data for their own business purposes as permitted under their agreement with us and HIPAA regulations.
• Five Towers Media for Web Hosting services

This data sharing enables us to provide our services, communicate with prospective and current members, and maintain our website. Those third-party recipients may be based outside the European Economic Area — for further information including on how we safeguard your personal data when this occurs, see Transfer of Your Information Out of the EEA, UK below.

Fusella Family Medicine may release personal information to enforce its Website Terms and Conditions of Use, manage its business, protect users or the general public, or to otherwise comply with legal obligations.

We reserve the right to transfer personal information in the event that we merge with or are acquired by a third party. We also may disclose your personal information for any other purpose permitted by law or to which you consent.

We will not share your personal information with any other third party.

e. Whether Information Has to Be Provided by You and Why

The provision of personal data (e.g., first name, email address) is voluntary and enables us to send you newsletter communications and information about our direct primary care services. However, we do not require you to provide any personal data in order to view this website. Please note that membership signup and patient information is collected through our separate EMR platform and is subject to their privacy policy.

f. How Long Your Personal Information Will Be Kept

We will hold newsletter subscriber personal data until you let us know you would like us to delete it or unsubscribe from our newsletter communications, which you are free to do at any time. We reserve the right to maintain certain personal data even if you unsubscribe in an internal “do not contact” list in order to ensure compliance with laws and regulations.

g. Reasons We Can Collect and Use Your Personal Information

Fusella Family Medicine collects and uses your personal information for the following lawful bases: to send newsletter communications, provide information about our services, and improve website performance and user experience.

This website is operated in the United States and the third parties with whom we might share your personal information as explained above are also located in the United States or other countries located outside the EU. If you are located in the EEA, the UK, or elsewhere outside of the United States, please be aware that any information you provide will be transferred to the United States. By using this website, participating in any of its services and/or providing your information, you consent to this transfer.

These countries do not have the same data protection laws as the United Kingdom and EEA. While the European Commission has not given a formal decision that such countries provide an adequate level of data protection similar to those which apply in the United Kingdom and EEA, any transfer of your personal information will be subject to the derogation in Article 49 permitting non-repetitive transfers that concern only a limited number of data subjects, as permitted by Article 49 of the General Data Protection Regulation that is designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information.

If you would like further information, see “How to Contact Us” below. We will not otherwise transfer your personal data outside of the EEA or UK or to any organization (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.

If you want to unsubscribe from receiving emails from Fusella Family Medicine, you may do so at any time. Each email from Fusella Family Medicine includes instructions for unsubscribing from these email communications.

If you are covered by the General Data Protection Regulation, or other relevant privacy regulations, you have a number of important rights free of charge. In summary, those include rights to:

• Fair processing of information and transparency over how we use your personal information
• Access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
• Require us to correct any mistakes in your information which we hold
• Require the erasure of personal information concerning you in certain situations
• Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
• Object at any time to processing of personal information concerning you for direct marketing
• Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
• Object in certain other situations to our continued processing of your personal information
• Otherwise restrict our processing of your personal information in certain circumstances

You may also have the right to claim compensation for damages caused by our breach of any data protection laws.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation, available at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/; www.gdpr.eu; or https://www.priv.gc.ca/en.

If you would like to exercise any of those rights, please:

• Email, call, or write to us
• Provide us enough information to identify you (e.g., name, email address)
• Provide us proof of your identity and address (a copy of your driver’s license or passport and a recent utility or credit card bill)
• Provide us with the information to which your request relates

We have appropriate security measures in place to prevent personal information from being accidentally lost, used, or accessed in an unauthorized way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable authorities of a suspected data security breach where we are legally required to do so.

It is important to understand that no security measures are absolute. We cannot guarantee the safety of any information you provide to us.

You may see content on this website that links to the sites and services of our partners, suppliers, or other third parties, including our SigmaMD care management platform and newsletter service. Any products or services reached through a third-party link are subject to separate privacy policies. Fusella Family Medicine is not responsible for or liable for any content on or actions taken by such third-party websites.

Please note that membership signup and patient data collection occurs on our separate SigmaMD platform and is governed by their privacy policy, not this website’s privacy policy.

Protected Health Information (PHI): When you become a patient of Fusella Family Medicine, your protected health information (PHI) is collected, stored, and processed through our care management platform provided by SigmaMD (Sigmoid Health, Inc.).

HIPAA Business Associate Agreement: SigmaMD acts as our Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). This means that SigmaMD is required to:

• Protect the privacy and security of your PHI
• Use and disclose your PHI only as permitted by law and our agreement with them
• Implement appropriate safeguards to protect your electronic PHI
• Report any breaches of your unsecured PHI

Your HIPAA Rights: As our patient, you have important rights under HIPAA, including:

• The right to access your medical records
• The right to request amendments to your medical records
• The right to an accounting of disclosures of your PHI
• The right to request restrictions on certain uses and disclosures of your PHI

For more information about how we protect your health information, please request a copy of our Notice of Privacy Practices.

De-identified Data: Please be aware that SigmaMD may create de-identified data from PHI in accordance with HIPAA regulations (45 C.F.R. § 164.514(b)). Once information is de-identified, it is no longer considered PHI and may be used by SigmaMD for their own business purposes, including data analysis, research, and improving their services. De-identified data cannot be traced back to you as an individual.

We hope that we can resolve any question or concern you raise about our use of your information.

If you are covered by the General Data Protection Regulation or UK GDPR, you may lodge a complaint with a supervisory authority, in particular in the UK or European Union (or European Economic Area) state where you work, normally live, or where any alleged infringement of data protection laws occurred.

This policy is effective as of November 6, 2025. We may change, modify, or update this Privacy Policy at any time and will notify you of any such changes by email if you have provided your email address to us through our newsletter signup. Otherwise, we will reflect any such modifications to this Privacy Policy on our website. We suggest that you periodically consult this Privacy Policy. Your continued use of our website after any such changes constitutes your acceptance of this Privacy Policy, as revised.

If you have any questions or concerns about this Privacy Policy, the information we hold about you, or you wish to change your personal information in our records, please contact:

Fusella Family Medicine
Dr. Marissa Fusella
info@fusellafamilymedicine.com