π PRIVACY POLICY FOR COSI SPINE
Effective Date: 1 March, 2026
Last Updated: 1 March, 2026
Website: https://www.cosispine.com
Practice: COSI Spine | the Comprehensive Orthopaedic & Spine Institute
Locations: New York & New Jersey
1. HOW WE COLLECT YOUR PERSONAL INFORMATION
We collect personal information through the following methods:
β Direct Interactions:
- When you submit contact forms, appointment requests, or newsletter signups on our website
- When you contact us by phone, email, or in person
- When you sign up for SMS notifications or appointment reminders
β Automated Technologies:
- When you interact with our site through cookies, web beacons, and similar tracking technologies
- When our servers automatically log your IP address, browser type, and device information
β Third-Party Sources (limited):
- When you engage with our Google Ads or social media campaigns (anonymous interaction data only)
- When insurance verification services confirm coverage eligibility (with your authorization)
2. WHAT PERSONAL INFORMATION WE COLLECT
The personal information we collect may include:
| Category | Specific Data Points | Purpose |
|---|---|---|
| Identity & Contact | Name, phone number, email address, mailing address | Respond to inquiries, schedule appointments, send updates |
| Location Preference | Preferred office location (New York or New Jersey) | Route inquiry to appropriate clinical team |
| Communication Preferences | Preferred contact method, SMS/email consent | Honor your communication choices |
| Technical Data | IP address, browser type, device ID, pages visited | Improve website performance, security, and user experience |
| Optional Insurance Info | Insurance provider name (not policy numbers) | Pre-visit coverage verification |
β We do NOT collect via website forms:
Full medical records, diagnosis codes, prescription details, or treatment history.
Social Security numbers, financial account information, or government IDs.
Sensitive health conditions for advertising or remarketing purposes.
3. HOW WE USE YOUR PERSONAL INFORMATION
We use your information solely for legitimate practice purposes:
β Service Delivery: Provide services, respond to inquiries, schedule appointments, send appointment confirmations/reminders, verify insurance eligibility.
β Practice Improvement: Analyze website usage, measure marketing effectiveness, conduct internal research on anonymized data.
β Communication: Send service updates, practice news, or educational content (with your consent).
β Legal & Security Compliance: Comply with NY/NJ healthcare regulations, fraud prevention, and legal obligations.
β We do NOT: Use your information for unrelated marketing without explicit consent, share health-condition-based data with advertising platforms, or sell/rent/trade your personal information to third parties.
4. HOW AND WHY WE SHARE DATA
A. Trusted Service Providers
We may share information with vetted partners who assist us in operating our business, under strict confidentiality agreements:
| Provider Type | Purpose | Safeguards |
|---|---|---|
| Website Hosting & IT Support | Maintain Site security, performance, backups | U.S.-based servers; access limited to authorized personnel |
| Email/SMS Platforms | Send appointment reminders, newsletters (with consent) | Business Associate Agreement (BAA) if PHI ever included |
| Analytics Tools (Google Analytics 4) | Measure site traffic, optimize user experience | HIPAA-safe configuration: no PHI, 2-month data retention, Google Signals disabled |
| Advertising Platforms (Google Ads) | Share practice awareness ads with NY/NJ audiences | No PHI transmitted; no condition-based targeting or remarketing |
B. Legal & Regulatory Disclosures
We may disclose information when required by law (subpoenas, court orders), to protect rights/safety, or to investigate fraud.
C. Business Transfers
In the event of a merger, acquisition, or sale of assets, patient information may be transferred as a business asset. We will provide notice and honor existing privacy commitments.
D. We Do NOT:
β Sell personal information to data brokers, advertisers, or third parties.
β Share PHI with advertising platforms (Google, Meta, etc.).
β Allow third parties to use our Site to collect your PHI without consent.
5. SMS CONSENT & DATA SHARING (MANDATORY)
Your phone number and SMS consent will never be shared or sold to third parties or affiliates for marketing purposes.
By providing your phone number and consenting to SMS communications, you agree to receive text messages from COSI Spine regarding appointment reminders, service updates, and billing notifications. Message frequency may vary. Message and data rates may apply.
For full details on our texting practices, please review our dedicated SMS Terms & Conditions.
6. DATA RETENTION
| Data Type | Retention Period | Reason |
|---|---|---|
| Website inquiries | 24 months from last interaction | Follow-up opportunities; legal compliance |
| SMS/email marketing lists | Until unsubscribe + 30 days | Honor opt-out; prevent accidental re-addition |
| Google Analytics data | 2 months maximum | Minimize exposure; HIPAA-safe configuration |
| Appointment request data | Transferred to secure EMR; website copy deleted | Clinical records governed by HIPAA retention laws |
After retention periods expire, data is securely deleted or irreversibly anonymized.
7. YOUR RIGHTS & CHOICES
Regarding Website & Marketing Data:
- Access/Correct: Email info@cosispine.com with subject “Data Request”
- Delete: Same as above; exceptions apply for legal/clinical records
- Opt-out of marketing: Click “Unsubscribe” or text STOP; email info@cosispine.com
- Manage cookies: Use cookie preference banner or browser settings
- Do Not Track: Our Site respects browser DNT signals
Regarding Protected Health Information (PHI):
Your rights to access, amend, or restrict use of medical records are governed by our separate HIPAA Notice of Privacy Practices. Call 9732003136 or email info@cosispine.com.
For NY/NJ/CA Residents: You have the right to know, delete, and non-discrimination. Submit verifiable requests to privacy@cosispine.com.
8. SECURITY MEASURES
We implement safeguards aligned with HIPAA Security Rule standards including SSL/TLS encryption, HIPAA-configured analytics, staff training, role-based access controls, and secure U.S.-based hosting.
9. THIRD-PARTY LINKS & EMBEDDED CONTENT
Our Site may contain links to external websites or embedded content (Google Maps, YouTube). We are not responsible for the privacy practices of third-party sites.
10. GOOGLE ADS & ANALYTICS COMPLIANCE DISCLOSURE
We use Google Ads to share information about our services in NY/NJ. We do NOT target ads based on sensitive health conditions or transmit PHI to Google. Tracking is limited to anonymous conversion events and aggregate data.
11. CHILDREN’S PRIVACY
Our services are intended for adults. We do not knowingly collect personal information from children under 18.
12. INTERNATIONAL USERS
Our practice and website are intended for patients in the United States. Data provided from outside the U.S. will be transferred to and processed in the U.S.
13. CHANGES TO THIS POLICY
We may update this Privacy Policy periodically. Updates will be posted here with a revised “Last Updated” date.
14. CONTACT US
Email: info@cosispine.com
Phone: 9732003136
Mail: COSI Spine β Privacy Officer, 576 Central Ave suite 202, East Orange, NJ 07018
File a Complaint: U.S. HHS Office for Civil Rights, NY State Dept of Health, or NJ Dept of Health.