Legal

Privacy Policy

Effective Date: January 1, 2026 · Last Updated: January 1, 2026

This Privacy Policy describes how Essam Rashad, MD ("we," "us," or "Dr. Rashad") collects, uses, and protects information collected through the website rashadmd.com ("Site") and our consultation services ("Services"). Your privacy matters to us, and we are committed to handling your information responsibly and in accordance with applicable law.

1. Scope

This Privacy Policy applies to all information collected through the Site or in the course of providing Services. Protected Health Information ("PHI") created or maintained in connection with our medical Services is also governed by our HIPAA Notice of Privacy Practices, which describes your rights and our obligations under federal health-privacy law.

2. Information We Collect

2.1 Information You Provide

We collect information you submit through forms, intake materials, payment processes, or direct communication with us. This includes:

Identifying information: name, date of birth, state of residence, email, phone number
Health information: medical history, current medications, symptoms, diagnoses, lab results, imaging, prior records, and other clinical information you share
Consultation content: notes from your consultation and any written assessments we produce
Payment information: processed by our third-party payment processor (Stripe); we do not store full card numbers on our systems
Correspondence: emails, messages, or other communications with us

2.2 Information Collected Automatically

When you visit the Site, we and our service providers may automatically collect:

Device information: IP address, browser type, operating system, device type
Usage information: pages viewed, time on page, referring URLs, click data
Cookies and similar technologies (see Section 7 below)

2.3 Information from Third Parties

With your authorization, we may receive medical records or other health information from your other healthcare providers, hospitals, laboratories, or designated representatives.

3. How We Use Your Information

We use the information we collect to:

Provide, schedule, and deliver the consultation Services you request
Review your medical records and prepare written clinical assessments
Communicate with you about your consultation, scheduling, and follow-up
Process payments and issue refunds
Comply with legal, regulatory, and professional obligations (including medical record retention)
Improve the Site and our Services
Prevent fraud and protect the security of the Site
Send administrative communications (we do not send marketing emails without consent)

4. How We Share Your Information

We do not sell your personal information. We share information only as follows:

4.1 With Your Authorization

We share information with the people and entities you direct us to, such as your treating physicians, family members, or designated representatives, when authorized by you in writing.

4.2 With Service Providers

We use third-party service providers to operate our practice, including:

Payment processing (Stripe, Inc.)
Email and communication services
Cloud hosting and storage
Scheduling tools
Analytics providers

These providers may access your information only as needed to perform their functions and are contractually obligated to protect it. Where required by HIPAA, we maintain Business Associate Agreements with providers that handle PHI.

4.3 Legal Requirements

We may disclose information when required by law, including in response to subpoenas, court orders, government investigations, or to protect our rights, your safety, or the safety of others.

4.4 Business Transfers

In the event of a merger, acquisition, sale of practice assets, or similar event, your information may be transferred to the successor entity, subject to the same privacy protections.

5. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect the confidentiality, integrity, and availability of your information. These include encrypted transmission of data, access controls limiting who within our practice can view PHI, and secure storage. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

6. Data Retention

We retain medical records and consultation documentation for the period required by Texas Medical Board regulations and federal law — generally seven (7) years from the date of the encounter, or longer for minors. Other personal information is retained only as long as necessary for the purposes described in this Policy or as required by law.

7. Cookies & Tracking Technologies

The Site uses cookies and similar technologies to maintain functionality, analyze usage, and improve the user experience. You can control cookies through your browser settings; disabling cookies may affect Site functionality.

We may use analytics services (e.g., Google Analytics) to understand how visitors use the Site. These services collect information in an aggregated, non-identifying format. We do not use behavioral advertising trackers on pages where PHI may be entered.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

Request access to your personal information and medical records
Request correction of inaccurate information
Request deletion of certain information (subject to medical record retention requirements)
Withdraw consent for certain uses (where consent is the basis for processing)
Receive a copy of your medical records (governed by HIPAA — see HIPAA Notice)
Lodge a complaint with a regulatory authority

To exercise these rights, email hello@rashadmd.com. We may need to verify your identity before responding.

9. Children's Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13 without parental consent. Consultations on behalf of minor patients must be initiated by a parent or legal guardian.

10. Out-of-State and International Users

The Site is operated from the United States. If you access the Site from outside the U.S., your information will be transferred to and processed in the United States, which may have different data protection laws than your country of residence.

11. California Privacy Rights

California residents have specific rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to deletion, and the right not to be discriminated against for exercising these rights. Health information governed by HIPAA is generally exempt from CCPA. To exercise CCPA rights, contact us at hello@rashadmd.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this Policy periodically.

13. Contact Us

Questions or concerns about this Privacy Policy should be directed to:

Essam Rashad, MD
Email: hello@rashadmd.com