Grove Wellness Kids ("we," "us," or "our"), a functional and integrative pediatrics practice founded by Jacqueline Machado, MD, operating under Plant MD LLC, a limited liability company registered in Florida, doing business as (DBA) Grove Wellness Kids is committed to protecting the privacy and security of your personal information.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information, including Protected Health Information (PHI), when you visit our website, grovewellnesskids.com (the "Site"), use our patient portal, schedule appointments, engage in online transactions, or interact with linked third-party services.

 

By using the Site, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Site.

 

1. Information We Collect

We collect information from you in the following ways:

• Personal Information: Information that identifies you or your child, such as:
  Name, email address, phone number, and postal address (e.g., provided via contact forms, appointment scheduling, or patient portal registration).
  Payment information (e.g., credit card details for online transactions).
  Account login credentials for the patient portal.
• Protected Health Information (PHI): Health-related information covered under HIPAA, such as:
  Medical history, appointment details, or treatment plans shared through the patient portal or secure forms.
  Information provided during appointment scheduling (e.g., reason for visit).
• Non-Personal Information: Information that does not directly identify you, such as:
  Browser type, IP address, device type, and usage data collected via cookies or analytics tools.
  Aggregate data about Site visitors.

 

2. How We Collect Information

We collect information:

• Directly from You: When you submit forms, register for the patient portal, schedule appointments, or make purchases on the Site.
• Automatically: Through cookies, web beacons, and similar technologies that track your interaction with the Site (e.g., pages visited, time spent).
• From Third Parties: When you interact with linked services like Fullscript or Rupa Health, we may receive limited information (e.g., confirmation of a purchase or lab order) as permitted by their policies.

 

3. How We Use Your Information

We use your information to:

• Provide and improve our services (e.g., process appointments, manage the patient portal, fulfill online orders).
• Communicate with you (e.g., appointment reminders, responses to inquiries, newsletters if you opt in).
• Comply with legal obligations, including HIPAA, for handling PHI.
• Process payments and prevent fraud in online transactions.
• Analyze Site usage to enhance functionality and user experience.
• Personalize content or recommendations (e.g., health tips based on your interests, where permitted).

 

4. How We Share Your Information

We do not sell your personal information or PHI. We may share your information only as follows:

• With Service Providers: Third-party vendors (e.g., payment processors, hosting services, analytics providers) who assist us, bound by confidentiality and HIPAA compliance where applicable.
• With Third-Party Partners: Limited data may be shared with platforms like Fullscript or Rupa Health to facilitate your orders or lab testing, subject to their privacy policies.
• For Legal Reasons: To comply with laws, court orders, or government requests, or to protect our rights, safety, or property.
• With Your Consent: If you authorize us to share your information (e.g., with another healthcare provider)
• Website Development & Design: Our website was designed by Addelise Branding Studio and developed by Cetaya Digital. These partners do not process your booking or personal information, but may maintain technical access to ensure the site functions properly.

 

5. HIPAA-Specific Information

As a covered entity under the Health Insurance Portability and Accountability Act (HIPAA), we are legally obligated to protect your Protected Health Information (PHI). This section outlines our HIPAA compliance practices and your rights:

• Definition of PHI: PHI includes any information that identifies you or your child and relates to health status, healthcare services, or payment for healthcare (e.g., medical records, appointment details).
• Safeguards: We use physical, technical, and administrative measures to protect PHI, including:
  • Encryption for data transmitted through the patient portal or secure forms.
  • Restricted access to PHI, limited to authorized personnel trained in HIPAA compliance.
  • Secure storage of electronic and paper records.
• Permitted Uses and Disclosures: We may use or disclose PHI:
  • For treatment (e.g., sharing with a specialist with your consent).
  • For payment (e.g., billing your insurance).
  • For healthcare operations (e.g., quality improvement or staff training).
  • As required by law (e.g., reporting to public health authorities).
• Your HIPAA Rights: You have the right to:
• Access: Request a copy of your PHI (fees may apply for excessive requests).
• Amend: Request corrections to inaccurate or incomplete PHI.
  • Accounting: Request a list of certain disclosures of your PHI over the past six years.
• Restriction: Request limits on how we use or disclose your PHI (though we are not always required to agree).
• Confidential Communications: Request alternative methods of communication (e.g., a different phone number).
• Notice: Obtain our full HIPAA Notice of Privacy Practices, available upon request.
• Breach Notification: If a breach of unsecured PHI occurs, we will notify you as required by HIPAA, detailing the incident and steps to mitigate harm.
• Electronic Health Records (EHR):
  • We maintain your PHI in an EHR system, accessible through the patient portal on the Site. This allows you to view, download, or transmit certain health information (e.g., visit summaries, lab results).
  • EHR data is encrypted during transmission and storage, and access is logged to ensure security.
  • You may request an electronic copy of your EHR records in a format we support, subject to verification and reasonable processing time.
  • Third-party EHR vendors (e.g., Practice Better) may process your data under a Business Associate Agreement (BAA), ensuring HIPAA compliance.

 

6. Patient Portal

The patient portal allows secure access to your health information. Your login credentials and PHI are encrypted, and you are responsible for keeping your account details confidential. Notify us immediately if you suspect unauthorized access.

 

7. Appointment Scheduling

Information provided during scheduling (e.g., name, contact details, health concerns) is used solely to facilitate your appointment and is protected as PHI where applicable.

 

8. Online Commerce and Transactions

For purchases made through the Site:

• Payment details are processed via secure third-party processors (e.g., Square) and are not stored on our servers beyond what is necessary for transaction completion.
• Billing and shipping information is used to fulfill your order and is protected under our security protocols, including HIPAA where it overlaps with PHI.

 

9. Third-Party Links (e.g., Fullscript, Rupa Health)

The Site links to third-party services like Fullscript and Rupa Health. When you use these services:

• Your interactions are governed by their privacy policies, which we encourage you to review.
• We may receive limited data (e.g., order confirmation) but do not control or access your full account details with these providers.

 

10. Cookies and Tracking Technologies

We use cookies and similar tools to:

• Enhance Site functionality (e.g., remembering login details).
• Analyze usage patterns (e.g., via Google Analytics).
• You can manage cookie preferences through your browser settings, though disabling them may affect Site performance.

 

11. Your Rights and Choices

• Access and Correction: You may request access to or correction of your personal information or PHI by contacting us, subject to verification and legal limits.
• Opt-Out: You can opt out of marketing emails by clicking "unsubscribe" or contacting us. Note that transactional emails (e.g., appointment confirmations) cannot be opted out of while using our services.
• HIPAA Rights: See Section 5 for your specific HIPAA rights regarding PHI.

 

12. Data Security

We implement reasonable measures (e.g., encryption, firewalls, access controls) to protect your information. However, no online system is 100% secure, and we cannot guarantee absolute protection against breaches or unauthorized access.

 

13. Data Retention

We retain your information only as long as necessary for the purposes outlined here, or as required by law (e.g., medical records retention under HIPAA, typically 7 years for pediatric records or longer per state law). Non-essential data (e.g., analytics) may be anonymized or deleted periodically.

 

14. Changes to This Privacy Policy

We may update this Privacy Policy as needed. Changes will be posted here with an updated "Last Updated" date. Your continued use of the Site after changes indicates your acceptance of the revised policy.

 

15. Contact Us

If you have questions, please contact us at:

Email: hello@grovewellnesskids.com

Phone: 786-574-4014

Address: 1501 Venera Avenue, Suite 220, Coral Gables, Florida, 33146

 

Privacy Policy for GroveWellnessKids.Com

Last Updated: April 2, 2026