Book online in about two minutes, or call and we'll find a time that fits your week.
Or call us at (646) 707-3500
Policy
Effective
This Privacy Policy and Notice of Privacy Practices ("Notice") describes how Allergy Asthma NYC (legally Asthma Allergy Care & Treatment) may collect, use, disclose, store, and protect information obtained through our practice, including through our website, appointment requests, patient communications, telehealth, and patient-care operations. It also describes your rights regarding medical information.
Please review this Notice carefully.
Allergy Asthma NYC ("Allergy Asthma NYC," "we," "us," or "our"), operating under the legal name Asthma Allergy Care & Treatment, operates this website.
Mailing Address: 311 Audubon Ave, 2nd Floor, New York, NY 10033.
This Notice applies to:
Depending on how you interact with us, we may collect:
We collect information:
We may use information to:
When your information is protected health information under HIPAA, we may use or disclose it as permitted or required by law, including:
Except as otherwise permitted or required by law, we will obtain your written authorization before using or disclosing your protected health information for uses that require authorization. This includes most marketing uses of PHI and the sale of PHI, and most disclosures of psychotherapy notes if applicable. You may revoke an authorization in writing at any time, except to the extent we have already relied on it.
We are required by law to:
We may use third-party vendors to host services, provide patient portals, telehealth, secure messaging, scheduling, billing, analytics, IT support, and related services. When a vendor creates, receives, maintains, or transmits PHI on our behalf and is not acting only as a conduit, we require an appropriate business associate agreement or other legally required contractual protection. Current key vendors, if any, include:
We use reasonable efforts to structure our Site to protect privacy. We do not intentionally permit third-party tracking technologies to collect or receive PHI in violation of law. Pages or tools that involve appointment requests, symptom details, patient portals, log-ins, or other health-related inputs may involve sensitive data. For website analytics we deliberately use a privacy-first, cookieless tool (Plausible Analytics) that anonymizes IP addresses and collects only aggregate usage data — it sets no cookies and collects no personal data or PHI. We do not use Google Analytics or advertising/retargeting trackers, and we do not sell or share usage data. If we adopt any additional analytics, advertising, or similar technologies, we will seek to configure them to avoid impermissible disclosures and will disclose those uses in our Cookie Policy.
We use administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of information, including PHI, as appropriate to the risks involved. No security measure is perfect, and internet-based communications always involve some risk. Where we offer a portal or supported telehealth tool, we aim to use vendors and workflows designed for healthcare privacy and security requirements.
We keep medical and related records for the periods required by federal and New York law and longer when reasonably necessary for care, legal, audit, compliance, or operational purposes. HIPAA requires retention of certain privacy and security documentation for at least six years. New York generally requires patient records to be retained at least six years, and records for minors generally at least six years and until one year after age 21, unless another law requires longer retention. Website or communications records that are not part of the legal medical record may be retained according to operational need and legal requirements.
When it comes to your health information, you have important rights.
You may ask to inspect or receive a copy of your medical and billing records and other health information we maintain for you, with limited exceptions. We generally will act on a valid access request within 30 calendar days. If we cannot do so within that period, we may extend once for up to 30 additional days by providing a written reason and expected completion date. We may charge only a reasonable, cost-based fee where permitted by law.
You may ask us to amend health information you believe is inaccurate or incomplete. We may require the request to be in writing and to include a reason. We generally will respond within 60 days and may take one additional 30-day extension if necessary. If we deny the request, we will explain the reason in writing and explain your further rights.
You may request that we contact you in a particular way or at a particular location, such as by cell phone, work number, secure portal, or alternative mailing address. We will accommodate reasonable requests.
You may request restrictions on certain uses or disclosures of your information. We are not required to agree in all cases. However, if you pay out of pocket in full for a service or item and request that we not disclose related information to your health plan for payment or healthcare operations, we will honor that request to the extent required by law and if no law requires disclosure.
You may request a list of certain disclosures of your health information made during the six years before your request, excluding disclosures that do not have to be included by law, such as many treatment, payment, healthcare operations, and authorization-based disclosures.
You may request a paper copy of this Notice at any time, even if you agreed to receive it electronically.
If a person has legal authority to act for you regarding healthcare decisions or records, we may treat that person as your personal representative, subject to applicable law and exceptions.
You may complain to us if you believe your privacy rights have been violated. You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights. We will not retaliate against you for filing a complaint.
Where a fee is permitted for copies of records, we will charge no more than allowed by applicable law. For HIPAA access requests, any fee will be limited to a reasonable, cost-based amount allowed by law. For paper copies under New York law, the paper-copy fee will not exceed the lawful cap where applicable.
If a reportable breach of unsecured PHI occurs, we will provide notice as required by HIPAA. If a breach involving New York private information triggers state law, we will provide any required New York notices as well.
If the patient is a minor, a parent, guardian, or other person with legal authority to make healthcare decisions typically may act for the minor with respect to health information, unless an exception under federal or state law applies. Our website is not directed to children under 13. We do not knowingly collect personal information online from a child under 13 except through a parent, guardian, or authorized representative, or as otherwise permitted by law.
If you choose to communicate with us electronically, you acknowledge that electronic communications may involve risk, especially if you use unsecured email or text. Where available, we encourage use of the secure Zocdoc patient messaging system for protected communications. We may send appointment reminders, follow-up messages, portal invitations, and related patient communications as described in our SMS/Text Messaging Policy and Telehealth/Virtual Care Consent.
To the extent Allergy Asthma NYC maintains substance use disorder patient records subject to 42 CFR Part 2, we will apply the protections and notice requirements required for those records and will not use or disclose those records for investigations or legal proceedings against you except as permitted by law.
We may change this Notice from time to time. We reserve the right to apply a revised Notice to information we already maintain, to the extent permitted by law. The updated Notice will be posted on our Site and made available upon request, and the revised version will carry a new effective date.
For questions, requests, or complaints about privacy practices or your rights under this Notice, contact us.