Privacy Policy

1. Introduction

5D Cancer Services is a radiation-oncology practice located in St. George, Utah, providing adaptive radiotherapy and related medical services. We operate the Site to share information about our practice, our clinicians, the Akesis Gemini 360 adaptive radiotherapy system, the conditions we treat, insurance, and patient education resources. This Privacy Policy describes our online information practices and is intended to be read alongside our HIPAA Notice of Privacy Practices and our Terms of Service.

2. Scope of This Policy

This Policy applies to information collected through the Site and related digital channels, including telephone calls initiated through the Site, email correspondence, and analytics or advertising activity tied to the Site. We do not collect appointment requests or other personal information through any form on this Site. It does not cover:

• Information collected in person at our clinic, which is governed by our HIPAA Notice of Privacy Practices.
• Information collected by third-party websites linked from our Site (those sites have their own policies).
• Employer/employee or vendor data collected outside the public-facing Site.

3. Information We Collect

We collect information in three broad ways:

3.1 Information You Provide Directly

• Email correspondence and call notes when you contact us by phone at (435) 900-7060 or by email at info@5dcancerservices.com — including any name, contact details, insurance information, or medical history you voluntarily share. We do not collect this information through any form on this Site.

3.2 Information Collected Automatically

• Device & technical data: IP address, browser type and version, operating system, screen size, language, time zone, referring URL.
• Usage data: pages viewed, links clicked, time on page, scroll depth, and the path you take through the Site.
• Approximate location: derived from your IP address (typically city/region level, not GPS).
• Cookies and similar technologies as described in Section 6.

3.3 Information from Third Parties

• Referring physicians or hospitals who share your contact details to coordinate your care.
• Advertising and analytics partners that may report aggregated audience data back to us.
• Public sources (such as Google Business Profile reviews you choose to publish about our practice).

4. How We Use Your Information

We use the information described above for the following purposes:

• Responding to phone calls, emails, questions, or other communications you initiate.
• Coordinating treatment, scheduling, and follow-up with you and your referring providers.
• Verifying insurance coverage and obtaining pre-authorization where applicable.
• Improving the Site, our clinical content, and the patient experience.
• Administering, securing, and troubleshooting the Site.
• Complying with applicable federal and state law, accreditation standards, and our legal obligations.
• Detecting, investigating, and preventing fraud, abuse, or violations of our Terms of Service.

5. Protected Health Information & HIPAA

When information you share with us by phone or email is "individually identifiable health information" that we receive, create, maintain, or transmit as a HIPAA-covered health-care provider, it is "Protected Health Information" (PHI) and is subject to the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), as amended by the HITECH Act, and their implementing regulations at 45 C.F.R. Parts 160 and 164.

Our use and disclosure of PHI is described in our Notice of Privacy Practices (NPP). In the event of a conflict between this Privacy Policy and the NPP with respect to PHI, the NPP controls. Standard internet email is not fully secure; please do not include sensitive medical details in email messages unless you are willing to accept the inherent transmission risk. If you would like to share PHI securely, please call us at (435) 900-7060 to arrange a secure channel.

Please do not send Protected Health Information (PHI) by email or voicemail. Standard email is not secure — call us and we will arrange a secure channel.

6. Cookies, Pixels & Analytics

We and our service providers use cookies, web beacons, pixels, and similar technologies ("cookies") to operate the Site and understand how it is used. We use the following categories:

• Strictly necessary – required for the Site to function (security, load balancing, form submission).
• Performance & analytics – measure traffic, page popularity, errors, and conversion (e.g., privacy-respecting analytics tools).
• Functional – remember preferences such as locale, accessibility settings, or whether a notice has been dismissed.
• Advertising/marketing – measure the effectiveness of awareness campaigns; we do not use cookies to advertise based on a person's diagnosis or specific condition information.

You may control cookies through your browser settings, your device settings, or our cookie preferences interface where available. Blocking some cookies may limit the functionality of the Site.

7. Third-Party Services & Service Providers

We engage third-party service providers to help us operate the Site and our practice — for example, web hosting, analytics, email delivery, electronic medical records, scheduling systems, telephone systems, cloud storage, billing, payment processors, and IT security. These providers are contractually limited to using information only to provide their services to us, and where they create, receive, maintain, or transmit PHI on our behalf, they sign HIPAA Business Associate Agreements.

8. How We Share Information

We may share information in the following circumstances:

• With your providers and care team to coordinate diagnosis, treatment, and follow-up.
• With our service providers and Business Associates to operate the Site and our practice.
• With your insurer or payor to obtain authorization or process claims.
• To comply with law, respond to lawful requests from regulators or law-enforcement agencies, or as otherwise required by HIPAA or state law.
• To protect rights, safety, and property, including investigating violations of our Terms of Service.
• In connection with a corporate transaction (e.g., merger, acquisition, or sale of assets), subject to applicable law.
• With your consent for any other purpose disclosed at the time of collection.

We do not sell your personal information for monetary consideration, and we do not knowingly use or disclose PHI for marketing purposes that would require an authorization under HIPAA without first obtaining that authorization.

9. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, to comply with our legal, regulatory, and accreditation obligations (including the medical-records retention requirements under Utah law), to resolve disputes, and to enforce our agreements. Medical records are typically retained for the period required by Utah law and applicable federal regulations. After the applicable retention period expires, information is securely destroyed, deleted, or de-identified.

10. Information Security

We maintain administrative, physical, and technical safeguards designed to protect personal information and PHI against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access — consistent with the HIPAA Security Rule (45 C.F.R. Part 164, Subpart C) where PHI is involved. Examples include: encryption in transit (TLS), access controls and role-based permissions, audit logging, workforce training, multi-factor authentication for sensitive systems, secure backup procedures, and incident-response planning. No method of transmission over the internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.

11. Your Privacy Rights

Subject to applicable law and to our HIPAA obligations, you may have the right to:

• Request access to the personal information we hold about you.
• Request correction of inaccurate or incomplete personal information.
• Request deletion of personal information, subject to legal retention obligations (note: we generally cannot delete PHI required to be retained by law).
• Object to or restrict certain processing.
• Request portability of certain information.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with a regulator (see Section 19).

Patients also have specific rights under HIPAA — see our Notice of Privacy Practices.

12. State-Specific Rights

Residents of certain U.S. states (including California, Virginia, Colorado, Connecticut, and Utah) may have additional rights under their state privacy laws — for example, the California Consumer Privacy Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), and the Utah Consumer Privacy Act (UCPA). PHI handled by a HIPAA-covered entity is generally exempt from these statutes, but information collected through the Site that is not PHI may be covered. To exercise state-law rights, contact us using the information in Section 19 and identify your state of residence and the right you wish to exercise. We do not "sell" or "share" personal information for cross-context behavioral advertising as those terms are defined under the CCPA.

13. International Visitors (GDPR/UK)

Our Site is operated from the United States and is intended for an audience in the United States, particularly Utah and the surrounding region. If you access the Site from outside the U.S., you understand that your information will be transferred to and processed in the U.S., where data-protection laws may differ from those of your home country. To the extent the EU/UK GDPR applies, our legal bases for processing include consent, performance of a contract or pre-contractual steps you request, our legitimate interests in operating the Site, and compliance with legal obligations.

14. Children's Privacy

The Site is not directed to children under 13, and we do not knowingly collect personal information online from children under 13 (or 16 where local law requires) other than as a parent or legal guardian providing information about a child as part of a treatment request. If you believe a child has provided us information through the Site, please contact us so that we can delete it.

15. Do Not Track & Global Privacy Controls

Some browsers transmit a "Do Not Track" (DNT) signal. There is currently no industry standard for responding to DNT signals; we do not currently respond to them. Where required by law, we honor opt-out preference signals such as the Global Privacy Control (GPC) for sales/sharing of personal information.

16. Links to Third-Party Websites

The Site may contain links to third-party websites (for example, the U.S. Food and Drug Administration, the National Cancer Institute, manufacturer pages, or partner organizations). We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policy of any third-party site you visit.

17. Accessibility

We are committed to maintaining a Site that is accessible to people with disabilities, consistent with the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA where reasonably feasible. If you encounter an accessibility barrier, please contact us so we can address it.

18. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will revise the "Last Updated" date at the top of this Policy and, where appropriate, provide a more prominent notice. Your continued use of the Site after such changes become effective constitutes acceptance of the updated Policy.

19. How to Contact Us

Questions, complaints, or requests regarding this Privacy Policy or your information may be directed to our Privacy Officer:

For HIPAA-specific complaints, you may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights — see our HIPAA Notice of Privacy Practices for instructions. You will not be retaliated against for filing a complaint.