«No matter where you are, we will always be connected!» – Gianna Binshteyn

Privacy Policy and HIPAA Notice of Privacy Practices


THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

NY Best Medical

Effective Date: 11.25.2025

NY Best Medical (“NY Best Medical,” “we,” “us,” or “our”) respects your privacy and is committed to protecting your personal and health information. This Privacy Policy and Notice of Privacy Practices explains how we collect, use, disclose, and safeguard information when you visit our website nybestmedical.com, communicate with us, or receive services from us in the United States.

By using our website or providing information to us, you agree to the terms of this Policy, as updated from time to time.


1. Who We Are

NY Best Medical

2965 Ocean Parkway, Suite 2B
Brooklyn, NY 11235
United States

Email: contact@nybestmedical.com

Phone: (718) 972 3693

NY Best Medical is a healthcare provider and a “covered entity” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  



2. Scope of This Policy

This Policy applies to:

  • Information collected through nybestmedical.com, including contact and intake forms.
  • Information collected by phone, email, in person, or through other offline methods related to our services.
  • Protected Health Information (“PHI”) we create or receive in connection with your care, as defined by HIPAA.  


This Policy does not apply to third-party websites, services, or platforms that may be linked from our site.



3. Information We Collect

Depending on how you interact with us, we may collect the following categories of information:


3.1 Information You Provide Directly

When you fill out forms on our website, contact us, or become our patient, we may collect:

  • Full Name
  • Phone Number
  • Email Address
  • Agency Name (if applicable)
  • Date of Birth
  • Social Security Number (where necessary for billing, insurance, or identity verification)
  • Address Information (street address, city, state, ZIP code, and related contact details)
  • Insurance Information (insurance carrier, member ID, group number, policy details, and related coverage information)
  • Medical and health-related information you choose to provide (symptoms, medical history, medications, treatment preferences, etc.)
  • Any other information you choose to share with us in forms, emails, calls, or during visits.


You should avoid sending sensitive information such as Social Security Numbers or detailed medical information via unencrypted email whenever possible.


3.2 Information Collected Automatically (Website/Online Use)

When you use our website, we and our service providers may automatically collect:

  • IP address and approximate location
  • Browser type, device identifiers, and operating system
  • Pages viewed and links clicked
  • Date and time of visits
  • Referring website or URL


We may use cookies and similar technologies for basic site functionality, security, and analytics. See Section 10 (Online Tracking and Cookies) for more details.



4. How We Use Your Information

We may use your personal information and PHI for the following purposes, as permitted by applicable law, including HIPAA:  

  • To provide and coordinate care (Treatment)
    • Scheduling appointments
    • Communicating with you and other healthcare providers involved in your care
    • Reviewing your medical history, test results, and treatment plans
  • To obtain payment for services (Payment)
    • Verifying insurance eligibility and coverage
    • Billing you or your insurance plan
    • Processing claims, appeals, and collections
  • To manage our practice (Health Care Operations)
    • Quality assessment and improvement
    • Training staff and internal administration
    • Audits, compliance, and risk management
  • To respond to inquiries and requests
    • Responding to messages you send via forms, email, or phone
    • Providing information about our services
  • To comply with legal and regulatory obligations
    • Responding to court orders, subpoenas, and lawful requests
    • Complying with health, safety, and reporting requirements
  • For security, fraud prevention, and enforcement
    • Protecting our systems and preventing unauthorized access
    • Enforcing our terms, policies, and agreements


We will obtain your authorization when required by law before using or disclosing your information for other purposes.



5. How We Share Your Information

We may share your personal information and PHI in the following ways, as permitted or required by law:  


5.1 With Service Providers and Business Associates

We may share information with third parties that perform services on our behalf, such as:

  • IT and website hosting providers
  • Electronic health record (EHR) vendors
  • Billing and collection services
  • Insurance clearinghouses
  • Secure messaging and communication platforms


These parties are contractually required to protect your information and use it only for the services they provide to us, consistent with HIPAA business associate requirements.


5.2 With Other Healthcare Providers and Insurers

We may share PHI with:

  • Referring or consulting physicians and other providers involved in your care
  • Hospitals, labs, pharmacies, and other facilities
  • Your health plan and insurers for treatment, payment, and healthcare operations

5.3 For Legal, Safety, and Public Health Reasons

We may use or disclose information when required or allowed by law, such as:

  • Public health activities (for example, disease reporting)
  • Health oversight activities and audits
  • Responding to court orders, subpoenas, or other lawful processes
  • To prevent or reduce a serious and imminent threat to health or safety
  • As required by workers’ compensation or similar programs

5.4 No Sale of PHI

We do not sell your PHI. If we ever propose to sell or receive financial remuneration for your PHI beyond what HIPAA allows, we will first obtain your written authorization, as required by law.  



6. HIPAA Notice of Privacy Practices – How We Use and Disclose PHI

HIPAA permits us to use and disclose your PHI for specific purposes without your written authorization and requires authorization for other types of uses and disclosures.  


6.1 Uses and Disclosures for Treatment, Payment, and Health Care Operations

We may use and share your PHI for:

  • Treatment – Providing, coordinating, or managing your healthcare and related services.
  • Payment – Activities to obtain payment or reimbursement from you, your health plan, or a third party.
  • Health Care Operations – Running our practice and improving quality, including training, accreditation, licensing, and internal reviews.

6.2 Other Uses and Disclosures Without Your Authorization

We may also use or disclose your PHI, without your authorization, for purposes such as:

  • Public health and safety activities
  • Health oversight (audits, inspections, licensure)
  • Organ and tissue donation (where applicable)
  • Research under approved protocols and safeguards
  • Responding to law enforcement or national security requests, as allowed by law
  • Responding to coroners, medical examiners, and funeral directors
  • Addressing workers’ compensation and similar programs
  • Responding to lawsuits and legal actions (court orders, subpoenas)


We will limit the PHI used, disclosed, or requested to the minimum necessary to accomplish the intended purpose, as required by HIPAA.  


6.3 Uses and Disclosures That Require Your Authorization

For certain types of information and purposes, we will obtain your written authorization before using or disclosing PHI, including:

  • Most uses and disclosures of psychotherapy notes (if applicable)
  • Most uses and disclosures of PHI for marketing purposes
  • Sale of PHI, if applicable
  • Any other uses and disclosures not described in this Policy


You may revoke your authorization at any time in writing, except to the extent we have already relied on it.



7. Your Rights Regarding Your PHI

Under HIPAA and applicable law, you have important rights related to your PHI.  


7.1 Right to Access

You have the right to request to see or get a copy of the PHI we maintain about you, with limited exceptions. We may provide copies in paper or electronic form where feasible and may charge a reasonable, cost-based fee as allowed by law.


7.2 Right to Request an Amendment

If you believe information in your record is incorrect or incomplete, you may request that we correct or amend it. We may deny your request in certain circumstances, but you can submit a written statement of disagreement that we will include in your record.


7.3 Right to an Accounting of Disclosures

You may request a list (accounting) of certain disclosures of your PHI we have made over a specified period, up to six years prior to the date of your request, excluding disclosures for treatment, payment, healthcare operations, and certain other exceptions.


7.4 Right to Request Restrictions

You may request that we limit how we use or disclose your PHI for treatment, payment, or healthcare operations, or to certain individuals involved in your care. While we are not required to agree to all requested restrictions, we will comply with certain required restrictions (for example, in some situations when you pay out-of-pocket in full for a service and request that we do not disclose related information to your health plan).


7.5 Right to Request Confidential Communications

You may request that we communicate with you in a specific way (for example, at a particular phone number, by mail to a different address, or via another reasonable method).


7.6 Right to a Paper or Electronic Copy of This Policy

You may request a paper copy of this Policy at any time, even if you have agreed to receive it electronically. The current version will also be posted on our website, as required by HIPAA for providers that maintain a website.  


7.7 How to Exercise Your Rights

To exercise any of these rights, please contact us in writing using the information in Section 14 (Contact Us and Complaints). We may ask you to complete a form and will respond within the timeframes required by law.



8. Our Legal Duties

We are required by law to maintain the privacy of your protected health information, to provide you with this Notice of our legal duties and privacy practices, to notify you following a breach of unsecured protected health information, and to abide by the terms of the Notice currently in effect.



9. Data Security

We use administrative, technical, and physical safeguards designed to protect your personal information and PHI against unauthorized access, disclosure, alteration, and destruction, consistent with HIPAA’s Security Rule and applicable law.  

These safeguards may include:

  • Access controls and role-based permissions
  • Secure data storage and transmission (e.g., encryption where appropriate)
  • Staff training on privacy and security
  • Policies and procedures for handling and disposing of records


No system can be completely secure, and we cannot guarantee absolute security. However, we take reasonable and appropriate steps to protect the information we hold.



10. Data Retention

We retain personal information and PHI for as long as necessary to:

  • Provide services and maintain your medical record
  • Comply with legal, regulatory, and professional obligations (including record-keeping requirements under New York and federal law)
  • Resolve disputes and enforce our agreements


When records are no longer required, we will dispose of them securely in accordance with applicable law and our internal policies.



11. Online Tracking and Cookies

Our website may use cookies and similar technologies (such as pixels, tags, and scripts) to help the site function properly, remember your preferences, and understand how visitors use our website.

We use third-party analytics services, such as Google Analytics, to help us analyze and improve the performance and content of our website. These services may collect information such as your IP address, browser type, device identifiers, referring and exit pages, pages visited and links clicked, and the dates and times of your visits. Google Analytics and similar tools use cookies or similar technologies to recognize your browser or device and to collect this information.

We use these analytics tools only for general website statistics and performance insights and do not intentionally use them to collect or store protected health information (PHI) through our public website. However, because certain combinations of browsing information may be treated as personal information or PHI under applicable law and guidance, we take this into account when configuring and using online tracking technologies.

You can control cookies and certain tracking technologies through your browser settings, including by blocking, deleting, or limiting cookies. If you disable cookies, some features of our website may not function properly.

To learn more about how Google collects and processes data, you can visit “How Google uses information from sites or apps that use our services.” You can opt out of Google Analytics by using the Google Analytics opt-out browser add-on or by adjusting your cookie and privacy settings in your browser or device.ingly link browsing data collected on our public website with your medical record in a way that would create new PHI, except as necessary for security, operations, or as permitted by law and HIPAA guidance.  



12. Children’s Privacy

Our services are intended primarily for adults. We do not knowingly collect personal information online from children under 13 without appropriate parental or guardian consent, in accordance with the Children’s Online Privacy Protection Act (COPPA) and applicable law.

If you believe a child under 13 has provided us with personal information without proper consent, please contact us so we can take appropriate action.



13. International Visitors

Our services and website are intended for individuals located in the United States. If you access our website from outside the U.S., you understand that your information may be processed and stored in the United States, where privacy laws may differ from those in your country of residence.



14. Changes to This Policy

We may update or change this Policy from time to time to reflect changes in our practices, legal requirements, or technology. When we make material changes, we will:

  • Update the “Effective Date” at the top of this page, and
  • Post the revised Policy on our website, and
  • If required by law, notify you in other appropriate ways.


Your continued use of our website or services after changes are posted signifies your acceptance of the updated Policy.



15. Contact Us and Complaints

If you have questions about this Policy, our privacy practices, or your rights, or if you wish to exercise your rights, please contact:

Privacy Officer

NY Best Medical

2965 Ocean Parkway, Suite 2B
Brooklyn, NY 11235

Email: contact@nybestmedical.com

Phone: (718) 972 3693

You also have the right to file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) if you believe your privacy rights have been violated. Filing a complaint will not affect the care you receive from us.  


We use cookies to improve your experience and to show you the most relevant information. By continuing to use this site, you agree to our use of cookies.
Accept
Privacy Policy