Expedient Medicolegal Services (“Expedient,” “we,” “us,” or “our”) prioritizes your privacy and is committed to safeguarding the personal and Protected Health Information (“PHI”) entrusted to us. This Privacy Policy outlines how we collect, use, share, and protect information, including PHI and sensitive personal information, in compliance with the Health Insurance Portability and Accountability Act (“HIPAA”) and the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”). 

This Privacy Policy applies to all users of our website, including patients, clients, referrers, and visitors. It describes:

• The categories of information we collect, including PHI and personal information protected by the CCPA/CPRA.

• How and why we use this information.

• Your rights regarding access, correction, and deletion of your personal information.

• Our practices for protecting your information from unauthorized access, disclosure, or misuse.

By using our website and services, you consent to the collection and use of information as described in this Privacy Policy. If you do not agree to this Privacy Policy, please refrain from using our website. 

1. The Categories of Information We Collect

Depending on why you use our website, such as requesting an evaluation, finding an expert, joining our team, or submitting a referral, we may collect the following categories of information from you: 

• Identifiers. This may include name, email address, phone number, signature, claim number, and SSN. 

• Personal Information Categories from Cal. Civ. Code § 1798.80(e). This may include employer information, AME/QME name, evaluation type, injury date, appointment date and time, location of evaluation, worker’s compensation carrier insurance claim number, ADJ/EAMS number, panel number, and referral information.  

• Professional or employment information. This may include employer information, AME/QME name, and specialty

• Personal information related to health or medical conditions. This may include evaluation type, injury date, appointment date and time, worker’s compensation carrier insurance claim number, ADJ/EAMS number, claim number, and panel number. 

• Internet or other electronic network activity. This may include your device IP address, user behavior, browser and device information, cookies and tracking information, timestamp and page interactions, and network activity.

• Geolocation information. The geographic address of your device obtained from the device IP address. 

• Sensitive personal information. This may include your SSN (Social Security Number), signature, and PHI. 

2. The Categories of Sources of Information

We collect information about you through various methods to provide, manage, and improve our services. The types of information we gather and how it is collected include:

• Directly from you. This may include when you use the forms on our website, including the “Join Our Team,” “Upload Records,” “Schedule an Evaluation,” “Contact Us,” or “Submit a Referral” forms. This includes personal details like your name, contact information, and specific case or evaluation information. For certain evaluations or services, we may collect additional information directly from you, including injury-related details, physician information, and appointment specifics, which you provide through our secure upload portal.

You are under no obligation to provide us with any information directly. However, we are unable to provide our services without access to necessary information (for example, we are unable to evaluate your claims without access to your records).  

• Automatically through website technologies. We may work with third-party providers (such as Google reCAPTCHA, Cloudflare, Calendly, and WordPress) who use cookies, pixel tags, and similar tracking technologies to enhance user experience, streamline scheduling, manage security, manage content, and support website functionality on our behalf. These technologies may collect information such as IP addresses, geolocation, browser and device information, and user interaction patterns.

• From referrers and third parties. If someone refers you to our services or submits your information via our “Submit a Referral” form, we may receive your contact details and relevant background information through this process. 

• Through communications. When you contact us through phone, email, or other means, we may collect the information you share during these interactions, including any personal details relevant to your case, scheduling requests, or service inquiries.

3. The Business Purposes for Collecting Your Information

We use the information we collect from you to provide and improve our services, ensure compliance with applicable laws, and manage the necessary administrative processes associated with our operations. The ways in which we use your information include, but are not limited to:

• To provide our services and facilitate evaluations. We use your personal information, including contact details, case information, and PHI, to schedule and conduct workers’ compensation evaluations, independent medical examinations (IMEs), and disability assessments. We also use this information to generate evaluation reports, communicate with you regarding appointment details, and address any inquiries related to our services.

• To assess applicants. If you submit a request to join our team, we will use your information for recruitment process, including to communicate with you and determine if you are fit to join us. 

• To process and manage referrals. If you submit a referral, we use the information provided to manage and process the referral, including contacting the referred individual and following up as needed.

• To communicate with you. We use your contact information to send important notifications and updates about your case, including appointment confirmations, evaluation results, and other relevant communications.

• To ensure legal and regulatory compliance. We use your information to comply with applicable laws, including workers’ compensation regulations, HIPAA, and other legal obligations related to medical evaluations, healthcare services, and reporting requirements.

• To improve our services. We may use your information to enhance the quality of our services, conduct internal assessments, and improve the overall experience of using our platform and services.

• For fraud prevention and security. We use your information, including device and location data, to help prevent fraudulent activities, protect the security of our website, and ensure safe use of our services.

• To respond to your requests and inquiries. We use your information to respond to any requests or inquiries you send us, whether through our “Join Our Team” form, “Submit a Referral” form, or other communication channels.

• For administrative purposes. We use your information for administrative tasks such as record-keeping, auditing, and ensuring the effective delivery of our services.

4. The Disclosure of Your Information

We prioritize the confidentiality and security of your personal information and disclose it only when necessary and in compliance with HIPAA, CCPA/CPRA, and other applicable laws. Below are the primary ways and situations in which we may share your information:

• Service Providers and Business Associates. We partner with trusted third-party service providers, including HIPAA-compliant Business Associates, to help us deliver our services, such as website hosting, secure data storage, scheduling, and website security. These third parties may only use or access your information, including PHI, to the extent necessary to perform their duties and are contractually required to protect your data in accordance with HIPAA, CCPA/CPRA, and our own privacy standards. For HIPAA-covered information, we enter into Business Associate Agreements (BAAs) to ensure strict adherence to HIPAA’s privacy and security rules. 

• Legal Compliance and Regulatory Disclosures. We may disclose personal information as required by law or in response to valid legal processes, such as subpoenas, court orders, or regulatory demands. In cases involving PHI, we comply with HIPAA’s standards for minimum necessary disclosure, limiting the information shared to only what is required. For California residents, we uphold CCPA/CPRA rights by ensuring such disclosures are necessary, specific, and made in compliance with lawful requests. We may also disclose information when it’s necessary to protect our rights, enforce our terms of service, or ensure the safety of our users and the public.

• Disclosures for Treatment and Healthcare Operations. For users seeking medical evaluations and related services, we may disclose PHI to authorized healthcare providers or insurers as part of treatment coordination or other operational needs in accordance with HIPAA guidelines. We ensure these disclosures are made only to the extent permitted or required by law and with appropriate privacy safeguards in place.

• Business Transfers. In the event of a business transaction, such as a merger, acquisition, consolidation, or sale of assets, we may transfer personal information as part of that process. If your personal information is transferred in such a transaction, we will ensure the receiving entity agrees to maintain its confidentiality and security. California residents will be notified of any such transfer, along with their options and rights, as provided under the CCPA/CPRA.

• With Your Explicit Consent. We may share specific information with third parties if you provide us with explicit consent to do so. This may include instances where you request us to share particular health records with a provider or authorize a disclosure to another entity involved in your care or case. In accordance with CCPA/CPRA, you have the right to know, limit, or revoke such disclosures unless the information is required by law.

For information covered under HIPAA, we take extra steps to protect PHI and ensure that any disclosures comply with HIPAA’s Privacy and Security Rules. For California residents, we honor all applicable rights under CCPA/CPRA, including the right to access, delete, and limit the use of personal information, as well as opt-out of certain disclosures. 

All entities with whom we share your information are required to sign confidentiality agreements and adhere to strict security protocols. Our Business Associates are bound by HIPAA-compliant BAAs, ensuring that PHI remains safeguarded, and we work with all partners to implement data protection measures consistent with HIPAA, CCPA/CPRA, and industry standards. We also limit third-party access to the minimum necessary information required to perform their designated roles.

5. Cookie Policy

Our website may contain cookies that are necessary for basic functions. Cookies are small pieces of text stored on your device when you access websites. They help us recognize you, maintain session consistency, and provide security features, ensuring a seamless experience. Our cookies are set by our trusted third parties, including WordPress, Calendly, and Google, to manage our website’s functionality, security, and usability.

All cookies used on our website are classified as “necessary cookies.” These cookies are essential for the operation of our website and cannot be turned off in our systems. They are typically set in response to actions you take, such as setting your privacy preferences or filling in forms. We use these cookies for the following purposes:

• To protect our website against bots, automated attacks, and spam. These cookies verify whether a user is human, ensuring a safer browsing experience. 

• To keep track of your browsing session to ensure session consistency across pages. This helps maintain your session and preferences as you navigate through the website, enhancing usability and improving the personalized experience.

• To manage content. These cookies ensure the smooth operation of the website’s content, allowing us to display information efficiently and consistently during your visit.

• To personalize your experience on our website. This enables us to improve user experience by remembering your preferences and optimizing the display of information on return visits.

How to manage cookies

Since the cookies used on our website are necessary for its functioning, they cannot be disabled without impacting the performance and security of the site. You may still choose to block or delete cookies by adjusting your browser settings. However, please note that doing so may affect the functionality of our website and degrade your user experience.

For information on how to manage or delete cookies, you can refer to the help section of your browser or visit https://www.allaboutcookies.org/. 

6. The Security of Your Information

Expedient is dedicated to safeguarding your personal and sensitive information, including PHI, which is stored securely on Google Workspace. Google Workspace uses encryption to protect your data during storage and transmission.

Access to PHI is restricted to authorized personnel, all of whom are required to sign a Business Associate Agreement (BAA) to ensure compliance with HIPAA guidelines.

We also work with trusted third-party service providers like Google Workspace, Calendly, and Cloudflare, who follow strict security measures to protect your information. These providers are contractually bound to maintain high security standards.

When we no longer need your information, we ensure it is securely deleted. 

However, be aware that no method of information security is 100 percent safe. If a data breach occurs, we will notify you within 60 days – as required by HIPAA – and take necessary steps to address the situation.

7. The Retention of Your Information

We retain your information only as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. The retention periods vary based on the type of information and applicable legal requirements:

• We retain medical records, evaluations, and related documentation for a minimum of 10 years after the last date of service or case closure, or longer if required by state laws or ongoing legal needs.

• We store medical and evaluation-related records, including any PHI, for a minimum of six years in compliance with HIPAA requirements, unless a longer retention period is required by state laws or for ongoing legal or operational needs.

• Client contact information, scheduling data, and general administrative records are retained for the duration necessary to support client services and may be securely disposed of after services are completed, subject to any applicable legal retention requirements.

Once the applicable retention period has expired, we securely dispose of client data to prevent unauthorized access. Disposal methods may include digital deletion, de-identification, or physical destruction, depending on the data format.

8. The International Transfer of Your Information

Expedient primarily works with US-based third-party service providers to manage and protect your information. However, to ensure the reliability, security, and efficiency of our services, your information may be processed or stored in data centers located outside of the US.

Our third-party service providers may use global networks of data centers, which means that your data could be transferred internationally. These transfers are conducted in compliance with applicable data protection laws and employ safeguards to maintain the security and privacy of your information. 

9. Your Privacy Rights 

Expedient is committed to respecting and protecting your privacy. As a user of our website, you have certain rights regarding your personal information. Below is a summary of your privacy rights and how you can exercise them.

• Right to access. You have the right to request access to the personal information we have collected about you in the past 12 months. This includes the (i) categories of personal information we have collected, (ii) specific pieces of personal information, (iii) purposes for which your personal information has been collected, used, and shared, and (iv) categories of third parties with whom we have shared your personal information. To make a request, please contact us using the contact information provided below.

• Right to correct. You have the right to request that we correct any inaccurate or incomplete personal information that we hold about you. If you believe that any of the personal information we have is incorrect or outdated, please inform us, and we will make the necessary corrections.

• Right to delete. You have the right to request that we delete your personal information that we have collected, subject to certain exceptions. We may not be able to delete all of your personal information if we are required to retain it for legal, regulatory, or operational purposes. We will notify you if any exception applies.

• Right to data portability. You have the right to request a copy of your personal information in a structured, machine-readable format. This allows you to transfer your information to another service provider, if desired. We will provide your information in a portable format, where possible, upon request.

• Right to opt-out of sale or sharing. While Expedient does not sell or share your personal information for commercial purposes, the CCPA/CPRA provides you with the right to opt out of the sale of your personal information. As we do not engage in the sale or targeting of ads using your personal data, you do not need to take any action to opt out. However, if we begin such practices in the future, we will provide you with an easy method to exercise your right to opt out.

• Right to limit the use of sensitive personal information. Under the CPRA/CPRA, you have the right to limit the use of certain sensitive personal information, such as SSN, health information, and similar data. We only use such sensitive information for necessary purposes, such as to provide services or comply with legal obligations.

• Right to non-discrimination. We will not discriminate against you for exercising any of your privacy rights, including requesting access to your data, deleting your information, or opting out of data sales or sharing. You will continue to receive equal treatment and access to our services regardless of whether you exercise your rights.

• Right to an accounting of disclosures. Under HIPAA, you have the right to request an accounting of disclosures of your PHI. This request provides you with a list of disclosures of your PHI made for purposes other than those related to your evaluation or the services provided by Expedient. We will provide you with this information within a reasonable time frame, in compliance with HIPAA regulations.

• Right to revoke authorization. You have the right to revoke any prior authorization you have provided for the use of your PHI, except to the extent that action has already been taken based on your previous consent. If you would like to revoke your consent, please contact us, and we will assist you in doing so.

• Right to opt out of automated decision-making. If Expedient uses automated decision-making that significantly affects you (such as eligibility or assessment purposes), you have the right to opt out of such practices. This right applies to automated decision-making that might involve profiling or decisions based solely on automated processing.

To exercise any of these rights, please Contact Us or call us at 855 855 0525. California residents may designate an authorized agent to make a privacy request on their behalf. To protect your information, we may require proof of your identity and the agent’s authority.

10. Children’s Privacy 

Expedient does not provide its services to individuals under the age of 18 unless they are being supervised by at least a parent or legal representative. Our website and services are intended solely for adults, and we do not knowingly collect or process any personal information from children.

In the unlikely event that we receive an inquiry regarding a minor, such as a request from an attorney seeking an evaluation, we will review the request in accordance with HIPAA and other applicable privacy laws to ensure that we handle any information appropriately. 

If you believe that we have inadvertently collected information from or about a minor, please contact us, and we will take immediate steps to address the matter in accordance with our privacy and data security protocols.

11. Do Not Track Signals 

Our website does not respond to Do Not Track (DNT) signals. “Do Not Track” is a browser feature that allows website users to set a preference in their web browsers to indicate that they do not wish certain information about their online activities to be tracked across websites. At this time, there is no consistent industry standard for recognizing and honoring DNT signals, and as such, our website does not alter its behavior or data collection practices when it receives a DNT signal from a visitor’s browser.

For more information on DNT signals, you may wish to consult your web browser’s settings or visit https://www.eff.org/issues/do-not-track.

12. Third-Party Services

Our website may contain links to third-party websites, plugins, and services that are not operated or controlled by Expedient. These links are provided solely for your convenience, and we do not endorse or make any representations about these external sites. Once you click a third-party link, you will be directed to a website that operates under its own privacy policy and terms of service, which may differ from ours. 

We encourage you to review the privacy policies and practices of any third-party sites you visit, as we are not responsible for their privacy practices, data collection, security measures, or content. Expedient disclaims any liability for the information collected, used, or shared by these third parties.

13. Changes To Privacy Policy 

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other operational, legal, or regulatory reasons. Any updates will be posted on this page, and the revised policy will indicate the date of the most recent update at the top of the page. 

If we make significant changes to how we handle your personal information, we will notify you through appropriate means, such as a prominent notice on our website or direct communication if applicable. We encourage you to review this Privacy Policy periodically to stay informed about our data handling practices and your privacy rights. 

Your continued use of our website and services after any changes to this Privacy Policy constitutes your acceptance of the revised policy.

14. Who We Are; Contact Us 

We are a California-based entity with our business address at 16060 Ventura Blvd. Ste. 110, PMB 715, Encino, CA 91436. We process and handle your information in accordance with the CCPA/CPRA and other applicable privacy laws. 

If you have any questions, inquiries, concerns, complaints, suggestions, or feedback regarding our data privacy practices as described in this Privacy Policy or any portion of our services, Contact Us or use the company information below: 

Expedient Medicolegal Services:

Toll-Free Number: 855 855 0525

Email address: info@expedientmedicolegal.com.