Now Accepting New Patients  —  Concierge OB/GYN Care in Santa Barbara & Montecito

Notice of HIPAA Privacy Practices

Notice of HIPAA Privacy Practices

Last updated: April 2026

THIS NOTICE DESCRIBES HOW YOUR HEALTH INFORMATION MAY BE USED AND DISCLOSED BY DR. MELISSA DRAKE, MD, PC AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Our Responsibilities

The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) requires us to protect the privacy of your Protected Health Information (“PHI”). PHI includes information we create or receive regarding your health or payment for your care — including your medical records, name, address, phone number, financial information, and other personal identifiers.

We are required by law to:

  • Protect the privacy of your PHI
  • Provide you with this Notice explaining our privacy practices
  • Notify you in the event of a breach of your unsecured PHI
  • Follow the practices described in this Notice

How We Use and Disclose Your Health Information

The following are ways we may use or disclose your PHI without your written authorization:

Treatment

We may use your PHI to provide, coordinate, and manage your medical care. For example, we may share information with physicians, nurses, specialists, and other providers involved in your care — including labs, imaging centers, or emergency providers — to ensure you receive appropriate treatment.

Payment

We may use or disclose your PHI to process membership fees, bill for services rendered, and handle payment-related activities. This may include sharing information with payment processors such as Stripe.

Healthcare Operations

We may use your PHI for internal operations including quality review, training, and improving the care we deliver. We may share PHI with consultants, attorneys, or business associates who assist us, provided they agree to protect your privacy.

Other Permitted Uses

We may also use or disclose your PHI without authorization in the following circumstances, as permitted or required by law:

  • As required by law — including workers’ compensation and mandatory reporting requirements
  • Public health and safety — to authorized public health authorities to prevent or control disease, report vital statistics, or track issues with drugs or medical devices
  • Abuse or neglect — to government entities authorized to receive reports of abuse, neglect, or domestic violence
  • Legal proceedings — in response to a court order, subpoena, or other lawful legal process
  • Law enforcement — to law enforcement officials in specific circumstances permitted by law
  • Oversight agencies — to health oversight agencies for audits, inspections, and licensure activities
  • Serious threats to health or safety — to prevent a serious and imminent threat to you or others
  • Coroners, funeral directors, and organ donation — as authorized by law
  • Research — under strict confidentiality protections and, in most cases, only with your written authorization
  • Family and friends — to individuals directly involved in your care when you are present and consent, or when we determine disclosure is in your best interest and you are unable to consent
  • Appointment reminders — we may contact you by phone, email, or text to remind you of appointments or share information about treatment alternatives or health-related services

Uses That Require Your Written Authorization

In all other situations, we will use or disclose your PHI only with your written authorization. This includes:

  • Marketing purposes (beyond what HIPAA permits without authorization)
  • Sale of your health information
  • Sharing PHI with your employer or school
  • Most sharing of psychotherapy notes

You may revoke a written authorization at any time, except where we have already acted in reliance on it.

Your Rights Regarding Your Health Information

You have the right to:

  • Request restrictions on how we use or disclose your PHI for treatment, payment, or healthcare operations. We are not required to agree to all requests, but will honor agreed-upon restrictions unless it is an emergency.
  • Request alternative communication — for example, to be contacted at a different address or by a different method. We will accommodate reasonable requests.
  • Access or receive a copy of your PHI — electronic or paper. We may charge a reasonable fee and will respond within 30 days. In limited circumstances we may deny your request and explain why.
  • Request an amendment to PHI you believe is inaccurate or incomplete. We may deny the request in certain cases and will do so in writing.
  • Receive an accounting of disclosures — a list of certain disclosures of your PHI made in the past six years (not including treatment, payment, or operations disclosures).
  • Designate a representative — if you have given someone medical power of attorney or they are your legal guardian, they may exercise these rights on your behalf.
  • Request a paper copy of this Notice at any time.
  • Receive notification of any breach of your unsecured PHI.
  • File a complaint if you believe your privacy rights have been violated (see below).

Electronic and Digital Communications

If you choose to communicate with us via email, text, or through our patient portal, you acknowledge that these channels may not be fully secure. By communicating with us electronically, you accept the associated privacy risks. If you prefer not to exchange PHI electronically, please notify us and we will accommodate alternative communication methods.

Changes to This Notice

We reserve the right to modify this Notice at any time. Any revised Notice will apply to all PHI we maintain. Changes will be posted to this page with an updated effective date. We encourage you to review this Notice periodically.

How to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with us directly or with the U.S. Department of Health and Human Services Office for Civil Rights:

We will not retaliate against you for filing a complaint.

Contact Us

For questions about this Notice or to request a copy, please contact us:
Dr. Melissa Drake, MD, PC — Privacy Officer
427 W Pueblo St, Suite B/C
Santa Barbara, CA 93105
hello@melissadrakeobgyn.com
805.265.0313