# Privacy Policy

**Effective Date:** July 1, 2026
**Last Updated:** July 1, 2026

Root Causes Medical Consultants PLC (“Root Causes,” “we,” “us,” or “our”) respects your privacy and is committed to protecting the personal and health-related information entrusted to us.

This Privacy Policy explains how we collect, use, disclose, store, and protect information obtained through **myrootcauses.com** (the “Website”), our electronic medical record system, email, text messaging, telephone communications, and related services.

By using the Website or communicating with us, you acknowledge the practices described in this Privacy Policy.

## 1. Important Notice Regarding HIPAA

Root Causes has determined that it is not currently a covered entity under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) because it does not electronically transmit health information in connection with insurance claims, government healthcare programs, or other standard transactions that would make the practice subject to HIPAA.

However, Root Causes recognizes the sensitive nature of health information and voluntarily maintains administrative, technical, and physical safeguards designed to provide a level of privacy and security comparable to generally recognized HIPAA security practices.

Our voluntary use of HIPAA-level safeguards does not mean that Root Causes is a HIPAA-covered entity, and this Privacy Policy is not intended to serve as a HIPAA Notice of Privacy Practices.

## 2. Information We Collect

Depending on how you interact with us, we may collect the following categories of information:

### Information You Provide Directly

This may include:

* Your name, mailing address, email address, and telephone number;
* Date of birth and other identifying information;
* Appointment requests and scheduling information;
* Medical history, symptoms, diagnoses, medications, laboratory information, treatment information, and other health-related information;
* Information included in intake forms, questionnaires, messages, or documents;
* Payment and transaction information;
* Communications sent by email, text message, patient portal, Website form, or telephone; and
* Any other information you voluntarily provide.

### Information Collected Automatically

When you use the Website, we or our service providers may automatically collect information such as:

* Internet Protocol address;
* Browser type and device type;
* Operating system;
* Pages viewed and links selected;
* Dates, times, and duration of Website visits;
* Referring website or source; and
* Cookie, analytics, and similar technical information.

This information may be used to operate, secure, maintain, and improve the Website.

## 3. How We Use Information

We may use personal and health-related information to:

* Provide medical consultation and related services;
* Create and maintain patient records;
* Review health information and communicate about care;
* Schedule, confirm, change, or cancel appointments;
* Send forms, instructions, reminders, and follow-up communications;
* Respond to questions and requests;
* Process payments and maintain business records;
* Operate, maintain, troubleshoot, and secure the Website and our systems;
* Improve our services and patient experience;
* Comply with applicable laws, court orders, and regulatory obligations;
* Detect or prevent fraud, misuse, security incidents, or unlawful activity;
* Establish, exercise, or defend legal claims; and
* Carry out other purposes disclosed when information is collected or authorized by you.

## 4. Electronic Medical Records

We use an electronic medical record system (“EMR”) to create, receive, store, organize, and access patient information.

Information maintained in the EMR may include identifying information, medical history, consultation notes, test results, treatment information, communications, uploaded records, appointment information, and other information relevant to your care.

Access to the EMR is limited to authorized individuals who require access for legitimate clinical, administrative, security, legal, or operational purposes. Our EMR provider and other technology vendors may process or store information on our behalf under contractual privacy and security obligations.

Although we use safeguards intended to protect information in the EMR, no electronic storage or transmission system can be guaranteed to be completely secure.

## 5. Email Privacy

Email may be used for administrative communications, appointment coordination, forms, educational information, follow-up messages, and other communications.

Standard email may not be encrypted and may be accessed, intercepted, misdirected, or disclosed during transmission or while stored on an email provider’s systems. Email may also be visible to anyone with access to your email account or device.

You should avoid sending highly sensitive medical information through ordinary email unless specifically directed to do so. When available, we may encourage you to use a secure patient portal or another secure communication method.

By providing your email address and communicating with us by email, you authorize us to respond using email. You may request a different reasonable communication method by contacting us at **[[email protected]](mailto:[email protected])**.

Email is not continuously monitored and must not be used for emergencies or urgent medical concerns.

## 6. SMS and Text-Message Privacy

When you provide a mobile telephone number, you may consent to receive text messages relating to appointments, forms, scheduling, administrative matters, service updates, and other communications you request or authorize.

Text messages may include limited health-related or appointment information. Standard SMS messages are generally not encrypted. They may be viewed by anyone with access to your telephone, mobile account, notification screen, or text-message backups.

Message frequency will vary. Message and data rates may apply depending on your mobile service plan.

You may opt out of nonessential text messages at any time by replying **STOP**. You may reply **HELP** for assistance or contact **[[email protected]](mailto:[email protected])**. Opting out of text messages will not prevent communications that are required by law or communications sent through another method when reasonably necessary.

Consent to receive text messages is not a condition of purchasing services. Mobile information and text-message consent will not be sold or shared with third parties for their independent marketing purposes.

Mobile carriers are not responsible for delayed or undelivered messages.

Text messaging must not be used for emergencies or urgent medical concerns.

## 7. Telephone and Voicemail Privacy

We may use the telephone number you provide to contact you about appointments, consultations, forms, administrative issues, follow-up matters, and other services.

Unless you instruct us otherwise, we may leave a voicemail that includes our name, callback information, and limited information concerning the purpose of the call. We generally seek to avoid including detailed medical information in voicemail messages.

Telephone conversations may be overheard or accessed by other individuals who use or answer your telephone. It is your responsibility to provide a telephone number and voicemail account through which you are comfortable receiving communications.

We will not record telephone calls without providing notice or obtaining consent when required by applicable law.

You may request reasonable restrictions on telephone or voicemail communications by contacting **[[email protected]](mailto:[email protected])**.

## 8. Patient Portal and Online Forms

Information submitted through a patient portal, secure intake platform, scheduling service, or online form may be transmitted to and stored by third-party service providers operating on our behalf.

You should not use general Website contact forms to send urgent messages or highly sensitive medical information unless the form is specifically identified as secure.

Portal access credentials must be kept confidential. Notify us promptly if you believe your portal account or credentials have been compromised.

## 9. Cookies and Analytics

The Website may use cookies, pixels, server logs, analytics tools, and similar technologies to operate properly, remember preferences, understand Website use, measure performance, and improve functionality.

Third-party analytics or hosting providers may collect technical information about your device and Website activity. We do not intend to use Website tracking technologies to collect the contents of medical records or confidential patient communications.

You can adjust your browser settings to reject or delete certain cookies. Disabling cookies may affect Website functionality.

## 10. How We Disclose Information

We may disclose information:

* To personnel and contractors who need it to perform authorized duties;
* To EMR, hosting, scheduling, payment, communications, security, and other service providers working on our behalf;
* To healthcare providers or others involved in your care when authorized or legally permitted;
* At your direction or with your consent;
* To comply with applicable laws, subpoenas, court orders, regulatory requests, or legal processes;
* When reasonably necessary to protect the rights, safety, property, or security of Root Causes, our patients, or others;
* To investigate or prevent fraud, misuse, or security incidents;
* In connection with a merger, reorganization, financing, sale, or transfer of some or all of the practice’s assets, subject to appropriate confidentiality protections; or
* For other purposes disclosed when information is collected.

We do not sell personal health information. We do not disclose personal health information to third parties for their independent advertising purposes without authorization.

## 11. Payment Information

Payments may be processed by third-party payment service providers. Root Causes may receive limited payment-related information, such as transaction status, payment amount, payment date, and limited card details.

Payment processors maintain and use payment information according to their own privacy policies and security practices.

## 12. Data Security

We use reasonable administrative, technical, and physical safeguards designed to protect personal and health-related information. These measures may include access controls, authentication measures, encryption where appropriate, workforce confidentiality requirements, secure vendors, system monitoring, backups, and security procedures.

Despite these safeguards, no website, email system, text-message service, telephone system, database, EMR, or internet transmission is completely secure. We therefore cannot guarantee absolute security.

## 13. Data Retention

We retain personal and health-related information for as long as reasonably necessary to provide services, maintain clinical and business records, satisfy legal and regulatory obligations, resolve disputes, enforce agreements, and protect legitimate business interests.

Medical records may be retained for the period required by applicable law and professional recordkeeping standards.

## 14. Data Breach Notification

If we discover unauthorized access to or disclosure of information, we will investigate and take reasonable responsive measures. When required by applicable law, we will notify affected individuals, government authorities, or other parties.

Because Root Causes is not currently a HIPAA-covered entity, a security incident may be governed by other federal or state privacy and breach-notification laws rather than HIPAA.

## 15. Your Choices and Requests

Subject to applicable law and appropriate identity verification, you may contact us to:

* Request access to information we maintain about you;
* Request correction of inaccurate information;
* Update your contact information;
* Ask questions about our privacy practices;
* Request a reasonable communication method;
* Withdraw consent for certain optional communications; or
* Request deletion of information that we are not legally or operationally required to retain.

Some requests may be limited by applicable law, recordkeeping obligations, patient-safety considerations, legal claims, or the rights of others.

Send privacy requests to **[[email protected]](mailto:[email protected])**. Please do not include unnecessary sensitive medical information in an ordinary email.

## 16. Children’s Privacy

The Website is not directed to children under 13, and we do not knowingly collect personal information directly from children under 13 through the Website without authorization from a parent or legal guardian.

Information concerning a minor patient may be collected as necessary to provide services and in accordance with applicable law.

## 17. Third-Party Websites

The Website may contain links to websites or services operated by third parties. We are not responsible for the privacy, security, availability, or content of third-party websites. You should review their privacy policies before providing information.

## 18. Emergencies

The Website, email, text messaging, voicemail, and patient portal are not emergency services and are not continuously monitored.

**For a medical emergency, call 911 or go to the nearest emergency department.**

Do not rely on electronic communications for urgent or time-sensitive medical needs.

## 19. Changes to This Privacy Policy

We may revise this Privacy Policy periodically. Changes will be posted on the Website with an updated “Last Updated” date.

Your continued use of the Website after an updated policy is posted constitutes acknowledgment of the revised policy, to the extent permitted by law.

## 20. Contact Us

Questions, concerns, or requests relating to this Privacy Policy may be submitted to:

**Root Causes Medical Consultants PLC**
**Website:** myrootcauses.com
**Email:** [[email protected]](mailto:[email protected])
**Mailing Address:** 835 Mason St, Ste A250, Dearborn, MI 48124
**Telephone:** 313-355-8657