Privacy Policy
Grace Dermatology | Effective Date: April 22, 2024 | Last Updated: June 2025
Grace Dermatology ("we," "our," or "us") is committed to protecting your privacy and the confidentiality of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website at gracedermatologyclinic.com, contact our office, schedule appointments, purchase products, or receive care at our practice.
By using our website or services, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of our website.
1. Information We Collect
A. Information You Provide Directly
We collect personal information that you voluntarily provide to us, including when you:
Fill out our website contact form (name, email address, phone number, and your message)
Book an appointment online (name, date of birth, contact information, reason for visit, and insurance details)
Purchase products through our online store (name, billing and shipping address, email, and phone)
Pay a bill through our Square payment link (payment card information, name, and email)
Call or text our office at 562-502-7144
Submit reviews or testimonials
Communicate with us by email, text message, or other means
B. Information Collected Automatically
When you visit our website, we may collect certain information automatically through cookies and similar technologies, including:
IP address and approximate geographic location
Browser type, device type, and operating system
Pages visited, time spent on site, and referring URL
Interactions with website content
We may use tools such as Google Analytics to understand how visitors interact with our website. This data is aggregated and does not personally identify you. Our website is hosted on Squarespace, which may also collect usage data on our behalf in accordance with its own privacy policy.
C. Information from Third Parties
We may receive information about you from referring physicians, other healthcare providers, or our electronic health records (EHR) system in connection with your care.
D. Health and Medical Information
When you schedule appointments or communicate with us about your skin care needs, you may share health-related information such as skin conditions, symptoms, medical history, current medications, allergies, and insurance details. Health information is classified as Sensitive Personal Information under California law and is subject to enhanced protections described in Section 9 of this policy.
2. How We Use Your Information
We use the information we collect for the following purposes:
To schedule appointments and provide medical and cosmetic dermatology services
To process payments and verify insurance coverage
To communicate with you about your care, including appointment reminders and follow-up instructions
To respond to your inquiries submitted through our website or by phone
To send newsletters, promotions, or practice updates (only with your consent; you may opt out at any time)
To improve our website functionality and patient experience
To prevent fraud, unauthorized activity, and security threats
To maintain business records and comply with applicable legal obligations, including HIPAA
3. HIPAA and Your Health Information
As a healthcare provider, we are subject to the Health Insurance Portability and Accountability Act (HIPAA). Your Protected Health Information (PHI) is governed by our separate Notice of Privacy Practices (NPP), which is provided to all patients at the time of their first visit and is available upon request.
Our Notice of Privacy Practices describes in detail:
How your PHI may be used and disclosed for treatment, payment, and healthcare operations
Your rights regarding your health information, including the right to access, amend, and restrict certain disclosures
How to file a complaint if you believe your privacy rights have been violated
This Privacy Policy supplements — but does not replace — our Notice of Privacy Practices.
4. How We Share Your Information
We do not sell your personal information. We may share your information in the following limited circumstances:
A. With Your Consent
We may share your information with your authorization for purposes not covered by this policy or our Notice of Privacy Practices.
B. Healthcare Operations
We may share your information with physicians, specialists, laboratories, pharmacies, or other healthcare providers directly involved in your care, to the extent permitted or required by HIPAA and applicable law.
C. Service Providers
We work with trusted third-party vendors who access your information only as necessary to perform services on our behalf and are contractually required to maintain confidentiality. These include:
Squarespace, Inc. — website hosting, analytics, and content management
Square, Inc. — payment processing and bill payment
Weave — appointment scheduling, patient communications, and SMS messaging
Google — Google Analytics (website analytics) and Google Maps (location services)
Email and SMS service providers — appointment reminders and patient communications
D. Insurance and Billing
We may share relevant information with your health insurance company or payer as necessary for billing, claims processing, and reimbursement.
E. Legal Requirements
We may disclose your information if required by law, such as in response to a court order, subpoena, or to comply with reporting obligations under applicable state or federal law, or if we believe disclosure is necessary to protect the rights, property, or safety of Grace Dermatology, our patients, or the public.
F. Business Transfers
In the event of a merger, acquisition, or sale of the practice, your information may be transferred as part of that transaction, subject to continued privacy protections. We will notify you of any such change in ownership or control.
5. Cookies and Tracking Technologies
Our website may use cookies, pixels, and similar technologies to enhance your experience, analyze site traffic, and support marketing efforts. The cookies on our site generally fall into three categories:
Essential / Functional Cookies: Required for the site to operate properly, such as shopping cart and session management.
Analytics Cookies: Used to understand how visitors interact with our site. This data is aggregated and does not personally identify you.
Preference Cookies: Remember your settings and preferences to improve your experience on return visits.
You may adjust your browser settings to refuse cookies; however, some features of our website may not function properly as a result. To learn more about cookies, visit www.allaboutcookies.org.
6. Social Media
Grace Dermatology maintains a presence on Instagram (@linakennedy_md) and may be present on other social media platforms including Yelp. If you interact with us on social media, please be aware that those platforms operate under their own privacy policies and terms of service. We encourage you to review them.
We will never share identifiable patient information on social media. Any before-and-after photos or patient testimonials are shared only with explicit written patient consent obtained in advance.
7. Data Security
We implement administrative, technical, and physical safeguards to protect your personal and health information from unauthorized access, disclosure, alteration, or destruction. These measures include:
Secure, encrypted connections (HTTPS/TLS) on our website
Payment processing through PCI-DSS compliant providers (Square)
Secure electronic health records (EHR) systems
Access controls limiting who within our practice can access patient information
Staff training on privacy and security practices
No data transmission over the internet or electronic storage system can be guaranteed to be 100% secure. If you have reason to believe that your information has been compromised, please contact us immediately.
8. Data Retention
We retain personal and health information for as long as necessary to fulfill the purposes described in this policy, to provide ongoing care, and to comply with applicable legal obligations. Specific retention periods include:
Medical and patient records: California law requires healthcare providers to retain adult patient records for a minimum of seven (7) years from the date of service; minor patient records must be retained until the patient reaches age 19, or seven (7) years, whichever is later.
Financial and billing records: Retained for a minimum of seven (7) years in accordance with California tax and business law requirements.
Website analytics data: Retained by Squarespace and Google Analytics in accordance with their respective data retention policies.
Marketing communications: Contact information used for marketing is retained until you opt out or request deletion.
9. Your Rights and Choices
A. HIPAA Rights
As a patient, you have rights under HIPAA regarding your Protected Health Information, including the right to access, amend, and in some cases restrict the use of your medical records. Please refer to our Notice of Privacy Practices for a full description of these rights, or contact our office directly.
B. California Residents — CCPA and CPRA Rights
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:
Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, our purpose for collecting it, and the categories of third parties with whom we share it.
Right to Delete: You may request that we delete personal information we have collected from you, subject to certain exceptions (such as information we are legally required to retain).
Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
Right to Opt-Out of Sale or Sharing: We do not sell your personal information to third parties, and we do not share it for cross-context behavioral advertising. No action is needed to opt out of a sale, but you may contact us to confirm at any time.
Right to Limit Use of Sensitive Personal Information: Health and medical information is classified as Sensitive Personal Information under the CPRA. You have the right to direct us to limit the use and disclosure of your sensitive personal information to only what is necessary to provide our services.
Right to Non-Discrimination: We will not deny you services, charge different prices, or provide a lower quality of service because you exercised your privacy rights.
Important Note: Personal information collected and used for healthcare purposes is generally exempt from the CCPA/CPRA, as it is governed by HIPAA. For non-medical personal information, you may submit a request using the contact information in Section 14. We will respond to verifiable requests within 45 days.
C. Marketing Communications
You may opt out of receiving promotional emails or newsletters at any time by clicking the "Unsubscribe" link in any marketing email, or by contacting us directly. You may opt out of SMS marketing messages by replying STOP to any text message (see Section 13). Opting out of marketing communications will not affect appointment reminders, billing notices, or other communications related to your care.
10. Children's Privacy
Our website is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 without verified parental or guardian consent. If you believe we have inadvertently collected information from a child under 13, please contact us immediately and we will promptly delete it.
For minor patients receiving care at our practice, we collect and handle health information in accordance with HIPAA and California law. A parent or legal guardian must provide consent for treatment and may exercise applicable privacy rights on the minor's behalf.
11. Third-Party Links
Our website contains links to third-party websites and services, including Instagram, Yelp, Google Maps, Square (bill payment), and media outlets where Dr. Kennedy has been featured. We are not responsible for the privacy practices or content of those websites. We encourage you to review the privacy policies of any third-party sites you visit.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we do, we will post the revised policy on our website with an updated effective date. For material changes, we may also provide additional notice, such as a prominent notice on our website or a direct communication to you. We encourage you to review this policy periodically. Your continued use of our website or services after any changes constitutes your acceptance of the updated policy.
13. Text Messaging
Grace Dermatology respects your privacy and is committed to protecting your personal information. This section explains how we collect, use, and protect information in connection with our SMS (text message) communications.
When you provide your mobile phone number and consent to receive SMS messages from Grace Dermatology, the messages we send will depend on the services you receive and the consent you provide. These may include:
Appointment confirmations, reminders, and scheduling updates
Links to intake forms and medical questionnaires
Lab, pathology, and test result notifications
Prescription and refill notifications
Billing and payment notifications and reminders
Patient care notes and updates
Requests for reviews or feedback about your experience
Where you have separately opted in, we may also send marketing or promotional messages about our practice and services.
Some message types require separate consent, and you may opt in to or out of different categories of messages independently where that option is offered. Marketing and promotional messages are sent only to patients who have separately consented to receive them, and consenting to those messages is never a condition of treatment.
SMS message frequency varies based on your appointment schedule and the types of messages you have consented to receive. Message and data rates may apply.
You may opt out of receiving SMS messages at any time by replying STOP to any message. You may reply START to resubscribe or HELP for assistance.
Your mobile phone number and SMS consent information are used to provide the text-message communications you have consented to receive and related patient services. SMS consent is not a condition of treatment.
We do not sell, rent, or share your mobile phone number or SMS consent information with third parties or affiliates for marketing purposes. SMS consent is not shared with third parties or affiliates for marketing purposes. Text messaging originator opt-in data and consent will not be shared with any third parties, except the service providers described in Section 4C above who help us deliver these messages.
We may use service providers that assist in delivering SMS messages on our behalf. These providers are contractually required to protect your information and use it only for the services they provide to us.
Security Notice: SMS is not a secure or encrypted method of communication. Standard text messages are not encrypted, and anyone with access to your mobile device may be able to view them. Please do not include sensitive medical or financial information in your replies to our text messages. To provide medical or financial information, use the secure links in our messages — such as intake forms, payment notifications, or questionnaires — or contact our office directly.
You are responsible for notifying us if your mobile phone number changes or is reassigned.
By opting in to receive SMS communications, you acknowledge and agree to these SMS terms and privacy practices.
If you have questions about our SMS communications or this Privacy Policy, please contact us using the contact information provided in Section 14 below.
14. Contact Us
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a privacy concern, please contact us:
Grace Dermatology
Privacy Inquiries
5122 Katella Ave., Suite 307
Los Alamitos, CA 90720
Phone / Text: 562-502-7144
Website: gracedermatologyclinic.com
Hours: Monday – Friday, 9 AM – 4 PM