Website Privacy Policy

Sunshine Pediatric & Family Clinic (“Sunshine,” “Clinic,” “we,” “our,” or “us”) respects your privacy and is committed to protecting the personal and health information entrusted to us.

This Website Privacy Policy explains how we collect, use, disclose, retain and protect information when you:

* Visit sunshineacadiana.com or any webpage operated by us;
* Submit a contact, appointment or other online form;
* Communicate with us by email, telephone or text message;
* Use an online scheduling, payment, patient portal or telemedicine service made available through our Website;
* Apply for employment;
* Interact with our social-media pages; or
* Otherwise use a digital service that links to this Policy.

Please read this Policy carefully. By using our Website, you acknowledge that you have reviewed this Policy.

1. Important distinction between this Policy and our HIPAA Notice

This Website Privacy Policy primarily describes information collected through our Website and other public-facing digital services.

Some information we receive, create or maintain while providing healthcare may constitute Protected Health Information, or “PHI,” under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, collectively referred to as “HIPAA.”

Our uses and disclosures of PHI are governed by HIPAA, applicable state law and our separate Notice of Privacy Practices. The Notice of Privacy Practices explains:

* How medical information about you or your child may be used and disclosed;
* Our responsibilities regarding that information;
* Your rights regarding medical records and other PHI; and
* How to submit a privacy complaint.

This Website Privacy Policy does not replace, modify or limit the Notice of Privacy Practices. When information is protected by HIPAA, the Notice of Privacy Practices and applicable law will control if there is a conflict with this Website Privacy Policy.

2. Information we collect

The information we collect depends on how you interact with us.

A. Information you provide directly

You may provide information such as:

* Your name;
* A patient’s or child’s name;
* Parent, guardian or caregiver information;
* Mailing address;
* Email address;
* Telephone or mobile number;
* Date of birth;
* Preferred language;
* Appointment preferences;
* Provider preferences;
* Insurance-related information;
* Reason for contacting us;
* Information entered into a contact or appointment-request form;
* Messages, questions or feedback sent to us;
* Employment application and résumé information;
* Information submitted through a patient portal;
* Information provided during telemedicine registration or care;
* Billing and payment-related information; and
* Any other information you voluntarily provide.

Please do not submit sensitive medical information through a general Website contact form, ordinary email, public social-media comment or social-media direct message unless we specifically instruct you to use that method.

B. Health and medical information

When you seek or receive care from us, we may collect or create health information, including:

* Medical history;
* Symptoms and health concerns;
* Diagnoses;
* Treatment plans;
* Clinical notes;
* Medication and prescription information;
* Allergy information;
* Immunization records;
* Growth and developmental information;
* Laboratory orders and results;
* Imaging and diagnostic reports;
* Referrals and consultation records;
* Behavioral-health information;
* Telemedicine records;
* Patient portal communications;
* Photographs or other clinical media, when appropriate;
* Insurance, claims and billing information; and
* Other information included in the medical record.

Health information created or maintained as part of patient care is handled in accordance with HIPAA, applicable law and our Notice of Privacy Practices.

C. Information collected automatically

When you use our Website, we or our service providers may automatically collect information such as:

* Internet Protocol address;
* Browser type and version;
* Device type;
* Operating system;
* Approximate geographic area derived from an IP address;
* Date and time of access;
* Pages viewed;
* Links selected;
* Referring website;
* Time spent on pages;
* Website navigation and interaction information;
* Error and performance information;
* Cookie identifiers; and
* Security and access logs.

We use this information to operate, secure, troubleshoot and improve our Website and digital services.

3. Cookies and similar technologies

Our Website may use cookies, pixels, tags, scripts, software development kits, local storage and similar technologies.

These technologies may be used to:

* Remember user preferences;
* Enable Website functions;
* Maintain security;
* Detect fraud or misuse;
* Measure Website performance;
* Understand how visitors use the Website;
* Improve content and usability;
* Determine whether advertising or outreach campaigns are effective; and
* Support permitted communications and marketing activities.

Cookies may be classified as:

* Strictly necessary cookies, required for security or Website operation;
* Functional cookies, used to remember preferences;
* Analytics cookies, used to understand Website traffic and performance; and
* Advertising or measurement cookies, used to measure outreach or advertising, where legally permitted.

You may be able to block or delete cookies through your browser settings. Blocking cookies may affect the availability or functionality of certain Website features.

We do not knowingly configure advertising or analytics technologies to collect medical-record information, patient portal content, telemedicine communications or other PHI for advertising purposes. We evaluate technologies used on health-related webpages and restrict, remove or contractually control them when required by applicable law.

4. Analytics and digital marketing

We may use carefully selected analytics, search, advertising or campaign-measurement services to understand general Website traffic, improve public education, and evaluate outreach efforts.

Depending on our Website configuration, these services may include technologies provided by search engines, social-media platforms, website-hosting providers or analytics companies.

We do not sell PHI. We do not use or disclose PHI for marketing except as permitted by law or with a valid authorization when one is required.

We do not intend for third-party advertising providers to receive:

* Medical-record contents;
* Laboratory results;
* Diagnoses;
* Prescription information;
* Patient portal messages;
* Telemedicine content;
* Appointment notes;
* Information entered into secure clinical systems; or
* Other PHI not lawfully permitted to be disclosed.

General information about a visitor’s interaction with a public webpage may not always constitute PHI. However, we assess the nature of the webpage, the information collected, the reason for collection and the recipient before using tracking or advertising technology.

Where required, we may:

* Disable tracking on sensitive pages;
* Limit the information transmitted;
* Obtain consent;
* Use a HIPAA-compliant service;
* Enter into an appropriate Business Associate Agreement; or
* Avoid using the technology.

5. How we use information

We may use information for purposes including:

* Responding to questions and requests;
* Scheduling, confirming, changing or cancelling appointments;
* Registering patients;
* Providing medical care;
* Providing telemedicine services;
* Ordering, receiving and communicating laboratory or diagnostic information;
* Managing referrals;
* Providing patient portal access;
* Communicating care instructions;
* Processing insurance and billing information;
* Collecting payments;
* Sending appointment reminders and clinic updates;
* Providing customer or technical support;
* Improving patient experience;
* Operating and improving our Website;
* Measuring Website and outreach performance;
* Maintaining security and preventing fraud;
* Recruiting and evaluating employment candidates;
* Meeting legal, regulatory, licensing and accreditation requirements;
* Conducting healthcare operations permitted under HIPAA;
* Protecting patients, employees and the public; and
* Establishing, exercising or defending legal rights.

When information constitutes PHI, we use it only as permitted by HIPAA, applicable law and our Notice of Privacy Practices.

6. Telemedicine

We may offer video, audio-only, portal-based or other remote healthcare services.

Information collected or created during telemedicine may include:

* Identity and contact information;
* Patient location at the time of service;
* Consent information;
* Audio or video communications;
* Chat or portal messages;
* Clinical observations;
* Medical history;
* Diagnoses;
* Treatment and follow-up instructions;
* Prescriptions;
* Orders and referrals; and
* Billing and insurance information.

Telemedicine information may become part of the patient’s medical record and is protected in the same manner as comparable information created during an in-person visit.

We use telemedicine vendors and communication technologies that we determine are appropriate for the services being provided. When required by HIPAA, we enter into Business Associate Agreements with vendors that create, receive, maintain or transmit PHI on our behalf.

Telemedicine sessions will not be recorded unless:

* Recording is necessary and legally permitted;
* The patient or authorized representative is informed; and
* Any required consent or authorization has been obtained.

Patients should participate in telemedicine from a reasonably private location and use a secure device and internet connection where possible. We cannot control people, devices or networks present in the patient’s location.

Telemedicine is not suitable for every condition. If you are experiencing an emergency, call 911 or go to the nearest emergency department.

7. Laboratory results and medical records

Laboratory results, diagnostic reports, visit notes, prescriptions, immunization records and other clinical information may be:

* Maintained in our electronic health record;
* Communicated through a patient portal;
* Discussed by an authorized member of the care team;
* Shared with laboratories, specialists, pharmacies, insurers or other participants in care as permitted by law; and
* Retained according to applicable medical-record requirements.

Patients and legally authorized representatives may have rights to access, inspect, obtain copies of, or request amendments to medical records. These rights and any applicable limitations are described in our Notice of Privacy Practices.

General Website forms and social-media platforms should not be used to request urgent laboratory interpretations or transmit detailed medical records.

8. Patient portals and online scheduling

Our Website may link to or integrate with a patient portal, electronic health record, online scheduling platform or similar service.

These systems may collect information necessary to:

* Verify identity;
* Register a patient;
* Schedule an appointment;
* Review health information;
* Send or receive secure messages;
* Complete forms;
* Request medication refills;
* Review laboratory results;
* Make payments; or
* Access telemedicine services.

A third-party platform may have its own privacy policy, terms and security practices. When the platform acts as our Business Associate, its handling of PHI is also governed by HIPAA and its agreement with us.

Patients are responsible for protecting portal credentials and should notify us promptly if they believe their account has been accessed without authorization.

9. Text messages and mobile communications

When you provide a mobile number or opt in to receive text messages, we may send communications such as:

* Appointment confirmations and reminders;
* Scheduling communications;
* Check-in instructions;
* Clinic-hour or closure notices;
* General health or service information;
* Follow-up requests;
* Patient portal notifications;
* Billing-related communications; and
* Other communications you request or authorize.

Message frequency may vary. Message and data rates may apply.

You may opt out of nonessential text messages by replying STOP, where supported, or by contacting the Clinic. You may request assistance by replying HELP, where supported, or by calling us.

Opting out of text messages does not prevent you from receiving healthcare. It may require us to communicate through another method.

Mobile information and text-message consent will not be sold, rented or shared with third parties or affiliates for their own marketing or promotional purposes.

Text-message originator opt-in data and consent will not be shared with third parties for unrelated marketing. We may share limited information with telecommunications providers, messaging platforms and other vendors only as necessary to deliver, secure or support the messaging service, comply with law or protect rights and safety.

Standard SMS is not always encrypted. By choosing to communicate by text message, you acknowledge that messages may be viewed by anyone with access to your device or mobile account. Contact us if you would prefer another communication method.

10. Email communications

We may use email for administrative, educational or care-related communications.

Ordinary email may not be fully secure. Please avoid sending highly sensitive medical information through standard email unless we have specifically instructed you to do so or have provided a secure method.

You may unsubscribe from promotional emails by using the unsubscribe mechanism included in the message. You may continue to receive non-promotional communications concerning appointments, care, billing, safety or legal obligations.

11. Social media

We may maintain pages or profiles on social-media platforms. Those platforms are operated by third parties and have their own privacy policies, terms, advertising practices and data-collection technologies.

Information posted publicly on social media may be viewed, copied, stored or shared by other people. You should not post medical information, laboratory results, photographs, identifying details or urgent health concerns in public comments.

Social-media comments and direct messages:

* Are not intended for emergencies;
* May not be continuously monitored;
* Should not be relied upon for diagnosis or treatment;
* May not provide an appropriate or secure channel for PHI; and
* May be moved to a telephone, patient portal or other appropriate channel.

To protect privacy, we may be unable to confirm publicly whether a person is a patient or respond to the details of a review, complaint or comment.

A person’s decision to identify themselves publicly as a patient does not authorize us to disclose their PHI in response.

We may hide, remove or report content that includes:

* Another person’s private information;
* Threats, harassment or discriminatory content;
* Spam or unrelated advertising;
* Dangerous medical misinformation;
* Obscene content; or
* Material that violates platform rules or applicable law.

Removal from our page does not guarantee deletion from the social-media platform or from copies controlled by other users.

We will not use identifiable patient photographs, videos, testimonials or stories for promotional purposes without a valid written authorization when required by law.

12. Photographs, recordings and testimonials

We may request permission to use a patient’s or family’s photograph, video, voice, testimonial or story for educational, community or promotional purposes.

When HIPAA or other law requires authorization, we will obtain a separate written authorization describing the intended use and disclosure.

Refusing such an authorization will not affect eligibility for treatment, payment, enrollment or benefits, except where otherwise permitted by law.

An authorization may generally be revoked in writing for future uses, subject to actions already taken in reliance on it and other legal limitations.

13. Information concerning children

Sunshine provides pediatric healthcare. Our public Website is primarily intended for parents, legal guardians, caregivers and other adults.

Children should not submit personal or health information through the public Website without involvement from a parent or legally authorized representative.

Information about a minor patient may be provided by:

* A parent;
* A legal guardian;
* Another legally authorized personal representative;
* The minor, where permitted by law; or
* Another person involved in the child’s care, as permitted by law.

Access to a child’s medical information depends on HIPAA, Louisiana law, consent rules, custody arrangements, court orders and the circumstances of the child’s care.

Being a parent does not automatically determine access in every situation. We may request identification, custody documents, guardianship records or other proof of legal authority before providing records or portal access.

In circumstances where a minor may lawfully consent to care or where disclosure to a parent or guardian is restricted, we will follow applicable law.

Our public Website is not designed to collect personal information directly from children under 13 for commercial purposes.

14. Online payments

We may offer online payment options through a third-party payment processor.

Payment processors may collect:

* Cardholder name;
* Billing address;
* Payment-card information;
* Transaction amount; and
* Other information required to complete the payment.

We may receive transaction confirmations and limited payment details but may not directly receive or store complete payment-card credentials.

Payment processors operate under their own terms and privacy practices and are required to handle payment information in accordance with applicable contractual and legal requirements.

15. Employment applications

If you submit an employment inquiry, résumé or application, we may use the information to:

* Review qualifications;
* Communicate about employment;
* Conduct interviews;
* Verify information;
* Perform background or reference checks when legally permitted;
* Meet recordkeeping requirements; and
* Consider you for current or future opportunities.

Submitting an application does not create an employment relationship or guarantee consideration or employment.

16. When we disclose information

We do not sell medical records or PHI.

We may disclose personal information to:

Service providers

Vendors that support:

* Website hosting;
* Cybersecurity;
* Electronic health records;
* Patient portals;
* Telemedicine;
* Appointment scheduling;
* Text messaging;
* Email delivery;
* Telephone services;
* Laboratory services;
* Payment processing;
* Billing and claims;
* Analytics;
* Document storage;
* IT support; and
* Other Clinic operations.

These providers are permitted to use information only as necessary to perform services, comply with law or as otherwise authorized.

When a vendor is a Business Associate under HIPAA, we require an appropriate Business Associate Agreement.

Healthcare participants

As permitted by law, information may be shared with healthcare professionals, pharmacies, laboratories, hospitals, specialists, insurers, health plans, clearinghouses and others involved in treatment, payment or healthcare operations.

Legal, regulatory and safety recipients

We may disclose information:

* As required by federal, state or local law;
* In response to a lawful court order, subpoena or legal process;
* For public-health reporting;
* For health-oversight activities;
* To report suspected abuse, neglect or exploitation;
* To avert a serious threat to health or safety;
* For workers’ compensation purposes;
* To law-enforcement authorities where permitted or required;
* To licensing, accreditation or regulatory bodies;
* To investigate fraud, security incidents or unlawful conduct; or
* To establish, exercise or defend legal rights.

Disclosures of PHI are subject to HIPAA, applicable state law and our Notice of Privacy Practices.

Organizational transactions

If the Clinic undergoes a merger, acquisition, restructuring, financing, sale of assets or similar transaction, information may be disclosed as part of the transaction, subject to applicable privacy and confidentiality obligations.

17. Sale and sharing of information

We do not sell PHI.

We do not sell mobile numbers or SMS consent information.

We do not sell personal information in exchange for money.

Certain privacy laws may define “sale,” “sharing” or “targeted advertising” more broadly than an exchange for money. To the extent an applicable law gives you a right to opt out of a covered advertising or data-sharing activity, we will provide a legally required method for submitting that request.

18. De-identified and aggregated information

We may create or use information that has been aggregated or de-identified so that it does not reasonably identify an individual.

We may use or disclose de-identified or aggregated information for:

* Quality improvement;
* Operational planning;
* Research where legally permitted;
* Public-health purposes;
* Statistical analysis;
* Education; and
* Other lawful purposes.

We do not attempt to re-identify properly de-identified information except where permitted by law for testing or validating de-identification methods.

19. Data security

We use reasonable administrative, physical and technical safeguards designed to protect personal information and PHI.

Depending on the information and system, safeguards may include:

* Access controls;
* Role-based permissions;
* Authentication;
* Encryption where appropriate;
* Secure hosting;
* Audit logging;
* Device and network security;
* Vendor assessment;
* Employee training;
* Confidentiality requirements;
* Backup and recovery procedures;
* Incident-response processes; and
* Physical protections.

No website, email, text message, wireless network, device, storage platform or internet transmission can be guaranteed to be completely secure. We therefore cannot promise absolute security.

You should use caution when submitting information online and protect your passwords, devices and accounts.

20. Security incidents and breach notification

We maintain processes for identifying, investigating, containing and responding to suspected privacy or security incidents.

When notification is required, we will notify affected individuals, government agencies or other parties in accordance with HIPAA, the Louisiana Database Security Breach Notification Law and other applicable laws.

21. Data retention

We retain information for as long as reasonably necessary to:

* Provide healthcare and related services;
* Maintain medical and business records;
* Complete transactions;
* Meet legal, regulatory, tax, insurance and accreditation obligations;
* Resolve disputes;
* Investigate security incidents;
* Enforce agreements; and
* Protect legal rights.

Medical records are retained according to applicable medical-record retention requirements and Clinic policy.

Retention periods vary according to the type of record, patient age, purpose of collection, legal requirements and operational needs.

When information is no longer required, we may securely delete, destroy, de-identify or anonymize it, subject to applicable law and technical limitations.

22. Your privacy choices and rights

Depending on the information involved and applicable law, you may have the right to:

* Ask what personal information we maintain about you;
* Request access to certain information;
* Request correction of inaccurate personal information;
* Request deletion of certain non-medical information;
* Withdraw consent where processing is based on consent;
* Opt out of promotional emails or nonessential text messages;
* Request an alternative communication method;
* Manage cookies through browser settings;
* Submit a complaint concerning our privacy practices; and
* Exercise additional rights regarding PHI under HIPAA.

HIPAA rights regarding medical information may include rights to:

* Inspect or obtain a copy of records;
* Request an amendment;
* Request confidential communications;
* Request restrictions;
* Receive an accounting of certain disclosures;
* Obtain a paper copy of the Notice of Privacy Practices; and
* File a complaint without retaliation.

Not every request can be granted. We may retain or use information where required or permitted for healthcare, legal, security, recordkeeping or other legitimate purposes.

We may need to verify your identity and authority before processing a request.

23. Do Not Track and browser signals

Some browsers provide “Do Not Track” or similar signals. There is not one universally accepted technical standard for responding to all such signals.

Where an applicable law requires recognition of a particular browser-based opt-out preference signal, we will process the signal as required.

You may also manage cookies and similar technologies through your browser or any consent-management controls made available on our Website.

24. Third-party websites and services

Our Website may link to services not owned or controlled by Sunshine, including:

* Patient portals;
* Scheduling platforms;
* Payment services;
* Telemedicine platforms;
* Maps;
* Videos;
* Social-media sites;
* Laboratories;
* Pharmacies; and
* Educational resources.

A link does not necessarily mean that we endorse or control the third party’s privacy, security or content practices.

This Policy does not govern a third party’s independent collection or use of information. Review the third party’s privacy policy before providing information.

25. Website content is not medical advice

Website content is provided for general educational and informational purposes.

It is not a substitute for professional medical advice, diagnosis or treatment and does not establish a clinician-patient relationship merely because a person views or uses the Website.

Always consult a qualified healthcare professional regarding medical concerns.

Do not disregard professional medical advice or delay seeking care because of information found on the Website or social media.

26. Emergencies and urgent medical needs

The Website, general email, contact forms, text messaging and social media are not emergency services and may not be monitored continuously.

If you believe you or another person is experiencing a medical emergency:

Call 911 or go to the nearest emergency department immediately.

Do not submit emergency information through the Website, patient portal, email, SMS or social media.

For urgent but non-emergency concerns, contact the Clinic using the telephone number provided by your care team.

27. Visitors from outside the United States

Our Website and services are intended primarily for patients and families receiving care in the United States.

If you access the Website from another country, information may be transferred to, processed in or stored in the United States, where privacy laws may differ from those in your country.

28. Changes to this Policy

We may update this Policy to reflect changes in:

* Our services;
* Technology;
* Website functions;
* Vendors;
* Privacy or security practices; or
* Applicable law.

When we make changes, we will update the “Last Updated” date at the top of the Policy.

Material changes will apply prospectively unless otherwise required or permitted by law. We may provide additional notice of material changes where appropriate.

29. Contact us

Questions, privacy requests or concerns regarding this Website Privacy Policy may be directed to:

Sunshine Pediatric & Family Clinic
555 Lakes Boulevard
Breaux Bridge, Louisiana 70517

Telephone: (337) 332-3971
Website: sunshineacadiana.com

Please include sufficient information for us to understand and respond to your request. Do not include detailed medical information in an ordinary email or public message.

For questions or requests involving medical records or HIPAA rights, contact the Clinic and ask for the Privacy Officer or the person responsible for health-information privacy.

30. Complaints and non-retaliation

You may submit a complaint to Sunshine if you believe your privacy rights have been violated.

You may also have the right to submit a complaint to the U.S. Department of Health and Human Services Office for Civil Rights.

We will not retaliate against you for submitting a good-faith privacy complaint or exercising a legal privacy right.

Sunshine Pediatric & Family Clinic
Effective Date: July 14, 2026

Search Anything! Here