Everything you need to know about how your private data is handled
Healthcare depends on trust. Protecting your personal information is not simply a legal requirement—it is a core part of how care is delivered at Sage Root Health.
You should feel confident that the information you share is treated with respect and discretion. Personal health details, medical history, and communication with this practice are handled with strict confidentiality.
Sage Root Health uses secure systems and HIPAA-compliant services to protect your information. Email communications, records, and data storage are handled through platforms designed to meet healthcare privacy standards.
Your health story belongs to you. Information is only used for purposes related to your care, communication, or required legal obligations. It is never sold or used for unrelated marketing purposes.
Notice of Privacy Practices
Sage Root Health
Spokane, WA
Effective Date: April 17, 2026
This Notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
Sage Root Health is committed to protecting the privacy of your health information. I follow federal (HIPAA) and Washington state (RCW 70.02) privacy laws. I am required by law to maintain the privacy of your protected health information (PHI), to provide you with this Notice, and to follow the practices described here.
Your Information. Your Rights. My Responsibilities.
1. Uses and Disclosures of Your Protected Health Information
I may use and disclose your PHI for the following purposes without your written authorization: Treatment, Payment, and Health Care Operations (TPO)
Treatment: To provide, coordinate, or manage your health care, including consultations, referrals, laboratory testing, or coordination with other providers.
Payment: To bill you for services (we are direct-pay and do not file insurance claims).
Health Care Operations: For administrative activities such as quality improvement, staff training, and compliance with legal requirements.
Other Permitted or Required Disclosures (without authorization)
To comply with legal obligations, including public health reporting, abuse/neglect reporting, judicial/administrative proceedings, law enforcement (as required or permitted), workers’ compensation, or coroner/medical examiner requests.
For certain specialized records (e.g., substance use disorder records under 42 CFR Part 2, where applicable), I follow additional federal protections.
To business associates (e.g., our EMR system OptiMantra, secure email services like Hushmail, or payment processors) who have signed agreements to protect your information.
For other uses required or permitted by law, always limited to the minimum necessary information.
I will obtain your written authorization for any other uses or disclosures (e.g., marketing or most research). You may revoke authorization in writing at any time, except to the extent action has already been taken.
2. Your Rights Regarding Your Health Information
You have the following rights (requests must be made in writing):
Access and Copies: Request to inspect or obtain copies of your PHI (I will respond promptly, consistent with Washington law).
Amendments: Request corrections to inaccurate or incomplete information.
Accounting of Disclosures: Receive an accounting of certain disclosures made in the past six years (some exceptions apply).
Restrictions: Request restrictions on certain uses or disclosures (I am not required to agree to all requests).
Confidential Communications: Request communications by alternative means or locations (e.g., secure portal only).
Complaints: File a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your rights have been violated. We will not retaliate against you.
3. My Legal Duties
I am required to protect the privacy of your PHI, provide this Notice, and follow its terms.
I must notify you of any breach of your unsecured PHI.
I reserve the right to change my privacy practices and this Notice. Any material changes will be posted on website and made available upon request. The revised Notice will apply to all PHI we maintain.
4. Washington-Specific Information (My Health My Data Act and RCW 70.02)
In addition to federal HIPAA rules, Washington law (RCW 70.02 and the My Health My Data Act) provides additional protections for your health information. I limit collection and sharing to what is necessary for your care and comply with state requirements for access, amendments, and secure handling of consumer health data.
5. How I Protect Your Information
I use secure, HIPAA-compliant tools, including:
OptiMantra (EMR and patient portal) for established patients.
Hushmail for initial secure inquiries.
Access is limited to authorized to myself only. I do not sell your health information.
6. Contact Information
If you have questions about this Notice, your rights, or how we handle your information, contact:
info@sageroothealth.com
To file a complaint:
U.S. Department of Health and Human Services
Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
