About Services Fees Contact
Questions? [email protected]

Seacoast New Hampshire  ·  Licensed in NH & MA

Wells Family Medicine

Scott Wells, FNP-C  ·  Compassionate Care  ·  Focused on Your Wellness

Legal & Compliance

Privacy Policy &
Notice of Privacy Practices

Wells Family Medicine is committed to protecting the privacy of your health information. This notice describes how we collect, use, and safeguard your protected health information (PHI) in accordance with HIPAA and applicable state law.

📅 Effective Date: January 1, 2025  ·  Revised: March 2025
01

About This Notice

Who We Are

Wells Family Medicine is a private healthcare practice operated by Scott Wells, FNP-C, a licensed Family Nurse Practitioner practicing in New Hampshire and Massachusetts. We are a covered entity under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations, including the HIPAA Privacy Rule (45 CFR Part 164).

This Notice of Privacy Practices describes the legal obligations of Wells Family Medicine and your rights with respect to your Protected Health Information (PHI). We are required by law to maintain the privacy of your PHI, provide you with this notice, and follow the terms of this notice currently in effect.

This notice applies to all health information created or received by Wells Family Medicine in connection with your care, whether delivered in person, at your home or workplace, or via telehealth.

02

Protected Health Information

What is PHI?

Protected Health Information (PHI) is any individually identifiable health information that relates to your past, present, or future physical or mental health condition; the provision of healthcare to you; or payment for healthcare services. PHI includes information in any format — written, electronic, or oral.

Examples of PHI we may collect and maintain include:

  • Your name, address, date of birth, phone number, and email address
  • Medical history, diagnoses, medications, and treatment plans
  • Lab results, imaging reports, and clinical notes
  • Insurance information and billing records
  • Information you provide during telehealth or in-person consultations
  • Records received from other providers or specialists
03

Use of Your Information

How We Use Your PHI

Wells Family Medicine uses your PHI for the following primary purposes without requiring additional authorization from you:

Treatment. We use and disclose your PHI to provide, coordinate, and manage your medical care — including sharing information with specialists, hospitals, pharmacies, or other providers involved in your treatment.

Payment. We may use or disclose your PHI to obtain payment for services rendered, including billing, claims submission, and coordination of benefits with your insurance company.

Healthcare Operations. We may use your PHI for internal operations such as quality assessment, training, licensing, accreditation, compliance activities, and improving care delivery.

For any use or disclosure beyond Treatment, Payment, and Healthcare Operations — such as marketing, research, or sale of PHI — we will obtain your written authorization before proceeding. You may revoke any such authorization in writing at any time.

04

Disclosures

Permitted Disclosures Without Authorization

In certain circumstances, HIPAA permits or requires us to disclose your PHI without your written authorization. These include:

  • As required by law — court orders, subpoenas, or mandatory reporting requirements
  • Public health activities — reporting communicable diseases, adverse events, or child/elder abuse to authorized agencies
  • Health oversight — audits, investigations, or inspections by government agencies (e.g., CMS, state health boards)
  • Serious threats to health or safety — to prevent or lessen a serious and imminent threat to a person or the public
  • Workers' compensation — to comply with applicable workers' compensation laws
  • Law enforcement — in limited circumstances as permitted or required by law
  • Coroners, medical examiners, and funeral directors — as authorized by law following a patient death
  • Business Associates — third-party vendors who perform services on our behalf under a signed HIPAA Business Associate Agreement (BAA), such as billing services or telehealth platforms

We will not sell your PHI, and we will not use or disclose PHI for purposes unrelated to your healthcare without your explicit written authorization.

05

Patient Rights

Your Privacy Rights

HIPAA grants you important rights regarding your PHI. You may exercise any of these rights by submitting a written request to our Privacy Officer (contact information below).

Right to Access

You have the right to inspect and obtain a copy of your medical records and PHI in a designated record set. We will respond within 30 days of your request.

Right to Amend

You may request that we amend inaccurate or incomplete PHI. We may deny your request in limited circumstances and will notify you in writing of our decision.

Right to an Accounting

You may request a list of certain disclosures of your PHI we have made in the past six years, other than disclosures for treatment, payment, or healthcare operations.

Right to Restrict Use

You may request restrictions on how we use or disclose your PHI. We are not required to agree to all restrictions, but we will comply with any restriction we do accept in writing.

Right to Confidential Communications

You may request that we communicate with you in a specific way or at a specific location (e.g., call your cell phone instead of your home number).

Right to a Paper Copy

You have the right to receive a paper copy of this Notice of Privacy Practices upon request, even if you have previously agreed to receive it electronically.

To exercise any of these rights, please contact our Privacy Officer in writing. We will not retaliate against you for exercising any right afforded to you under HIPAA.

06

Security & Safeguards

How We Protect Your Information

Wells Family Medicine implements administrative, physical, and technical safeguards in compliance with the HIPAA Security Rule (45 CFR Part 164, Subparts A and C) to protect the confidentiality, integrity, and availability of your electronic PHI (ePHI).

  • Encrypted, HIPAA-compliant electronic health records and communication platforms
  • Secure, password-protected devices with multi-factor authentication
  • HIPAA-compliant telehealth platform for all virtual visits
  • Business Associate Agreements (BAAs) in place with all applicable vendors
  • Regular security risk assessments and workforce training
  • Physical safeguards for any paper-based records
  • Breach notification procedures in compliance with the HIPAA Breach Notification Rule

In the event of a breach of unsecured PHI, we will notify affected individuals and, where required, the Secretary of the U.S. Department of Health and Human Services (HHS) in accordance with 45 CFR Part 164, Subpart D.

07

Digital Privacy

Website & Digital Privacy

This website (wellsfamilymedicine.com) is informational in nature. We may collect limited non-PHI data to improve user experience, including:

  • General browsing data via standard web analytics (e.g., pages visited, time on site)
  • Contact form submissions (name, email, phone, and message content)
  • Appointment request information submitted voluntarily

Any health-related information you voluntarily submit via contact or appointment request forms is treated as PHI and protected accordingly under this notice. We do not sell, rent, or share website visitor data with third parties for marketing purposes.

This website does not use tracking cookies for advertising and does not participate in third-party ad networks. We may use privacy-compliant analytics tools to understand site usage in aggregate form.

Do not send sensitive health information via standard email or unencrypted web forms. For secure communications, please call us at (603) 828-3232 or use our HIPAA-compliant patient messaging platform.

08

Minor Patients

Minors

For patients under the age of 18, a parent or legal guardian generally has the right to access the minor's PHI and act as their personal representative, unless otherwise restricted by applicable state law (including New Hampshire RSA 141-C and RSA 318-B regarding certain sensitive services).

In situations where a minor has the legal right to consent to their own care under state law (e.g., substance abuse treatment, certain reproductive health services), we will treat the minor's PHI as confidential in those specific areas and will not disclose such information to a parent or guardian without the minor's consent, except as required by law or to avert a serious safety threat.

09

Updates

Changes to This Notice

Wells Family Medicine reserves the right to amend this Notice of Privacy Practices at any time. Any revised notice will be effective for all PHI we maintain, including information created or received prior to the effective date of the change.

We will post the current version of this notice on our website with the updated effective date. You may request a paper copy of the current notice at any time by contacting us.

10

Contact & Complaints

Complaints & Contact

If you believe your privacy rights have been violated, or if you have questions about this notice or your PHI, please contact our Privacy Officer:

Scott Wells, FNP-C — Privacy Officer
Wells Family Medicine
Seacoast New Hampshire
Phone: (603) 828-3232
Email: [email protected]

You also have the right to file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR):

  • Online: hhs.gov/ocr/complaints
  • Phone: 1-800-368-1019 (TDD: 1-800-537-7697)
  • Mail: 200 Independence Avenue SW, Washington, D.C. 20201

We will not retaliate against you in any way for filing a complaint with us or with HHS OCR.