Website Privacy Policy

Bernadette Spencer Family Health NP PLLC · d/b/a Raven Metabolic & Hormone Health · ravenmhh.com

Effective Date: May 1, 2026
Last Updated: May 2026
Contact: bspencer@ravenmhh.com  |  585-201-8874
Mailing Address: 4027 Sodom Road, Gainesville, NY 14066

Introduction

This Website Privacy Policy ("Policy") describes how Bernadette Spencer Family Health NP PLLC, doing business as Raven Metabolic & Hormone Health ("the Practice," "we," "us," or "our"), collects, uses, and protects information gathered through this website, ravenmhh.com ("the Site"). This Policy applies to website visitors and individuals who submit inquiries through this Site.

This Policy is separate from and supplements our HIPAA Notice of Privacy Practices, which governs the use and disclosure of Protected Health Information (PHI) for established patients. If you are an established patient, please refer to the HIPAA Notice of Privacy Practices for information about how your clinical health information is handled.

1. Information We Collect

Information You Provide Directly
When you click "Begin Your Inquiry" on this Site, you are directed to a secure Google Form hosted by Google LLC. Through that form, we collect your full name, email address, and a description of your health concerns or questions as you choose to provide. Submission is entirely voluntary.

Important Note Regarding the Inquiry Form: The inquiry form is intended for initial administrative inquiries only. It is not a secure clinical portal, a substitute for an established patient health record, and does not constitute the establishment of a provider-patient relationship. Do not submit urgent medical questions, emergency health information, or detailed clinical history through this form. If you are experiencing a medical emergency, call 911.

Automatically Collected Information
This Site does not currently use Google Analytics, advertising pixels, or third-party behavioral tracking technologies. We use Google Search Console solely as a webmaster tool to monitor site indexing and search performance. Google Search Console does not collect personally identifiable information about website visitors. We may collect standard server log information, including your IP address, browser type, referring pages, and pages visited, for purposes of site security and performance monitoring.

Cookies
This Site uses only essential functional cookies necessary for the operation of the website. We do not use tracking, advertising, or analytics cookies at this time. If our cookie practices change materially, this Policy will be updated prior to implementation.

2. How We Use Your Information

Information collected through the inquiry form is used solely for the following purposes:

  • To evaluate whether your health goals and clinical needs are consistent with the services provided by this Practice
  • To contact you regarding your inquiry and, if appropriate, to schedule a discovery call
  • To comply with applicable legal obligations

We do not use your information for marketing purposes without your explicit consent. We do not sell, rent, trade, or otherwise disclose your personal information to third-party marketing organizations.

3. How We Share Your Information

We do not sell or rent your personal information. We may share your information in the following limited circumstances:

Service Providers: We use the following third-party service providers who may process your information on our behalf:

  • Google Workspace & Google Forms (Google LLC): Email, calendar, video conferencing, voice communications, and inquiry form processing. We maintain a HIPAA Business Associate Agreement (BAA) with Google for Workspace services, which covers Google Forms submissions routed to our Workspace account. Google's privacy policy is available at policies.google.com.
  • Practice Fusion (Veracuity, Inc.): Electronic Health Record platform used for clinical records of established patients. We maintain a HIPAA BAA with Practice Fusion. Practice Fusion's privacy policy is available at practicefusion.com.
  • Bluehost (Endurance International Group): Website hosting provider. General website traffic passes through Bluehost's servers. The inquiry form itself is hosted by Google and does not route through Bluehost.

Legal Requirements: We may disclose your information when required by law, including in response to a valid court order, subpoena, or legal process, or to protect the rights, property, or safety of the Practice, our patients, or others.

Business Transfers: In the unlikely event of a practice acquisition, merger, or dissolution, your information may be transferred as part of that transaction, subject to applicable legal requirements including HIPAA.

4. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your personal information against unauthorized access, disclosure, alteration, or destruction, consistent with the requirements of the New York SHIELD Act (NY General Business Law § 899-bb) and HIPAA where applicable. These measures include:

  • Encrypted email communications through Google Workspace
  • HIPAA-compliant clinical recordkeeping through Practice Fusion
  • Secure website hosting with SSL/TLS encryption (HTTPS)
  • Inquiry form processing through Google Forms under a HIPAA BAA
  • Access controls limiting information access to authorized personnel

No method of electronic transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

5. Data Retention

Inquiry form submissions are retained for a period sufficient to evaluate and respond to your inquiry. If you do not become a patient, your inquiry information is retained for no longer than two years unless a longer retention period is required by law.

Clinical records for established patients are retained in accordance with New York State law, which generally requires retention of patient records for six years from the date of the last entry, or three years after a minor patient reaches the age of 18, whichever is longer.

6. Breach Notification

In the event of a security breach involving your personal information, we will notify you in accordance with the requirements of the New York SHIELD Act and, where applicable, the HIPAA Breach Notification Rule. Notification will be provided without unreasonable delay and in no case later than:

  • 60 days after discovery, for breaches subject to HIPAA
  • In the most expedient time possible and without unreasonable delay, for breaches subject to the New York SHIELD Act

7. Children's Privacy

This Site is not directed to individuals under the age of 18, and we do not knowingly collect personal information from minors through this Site. This Practice accepts patients 18 years of age and older. If you believe we have inadvertently collected information from a minor, please contact us immediately.

8. New York State Residents

If you are a New York State resident, you have the following additional rights regarding your personal information:

  • The right to know what personal information we collect, use, and disclose
  • The right to request deletion of your personal information, subject to applicable legal retention requirements
  • The right to receive notification in the event of a breach of your personal information, as described in Section 6 above

To exercise these rights, contact us at bspencer@ravenmhh.com.

9. Third-Party Links

This Site may contain links to third-party websites, including external resources referenced in The Raven Brief publications. We are not responsible for the privacy practices or content of those websites. We encourage you to review the privacy policies of any third-party sites you visit.

10. Changes to This Policy

We reserve the right to update this Policy at any time. When we make material changes, we will update the "Last Updated" date at the top of this Policy and post the revised Policy on this Site. Your continued use of this Site following the posting of changes constitutes your acceptance of the revised Policy.

11. Contact Us

If you have questions about this Privacy Policy, wish to exercise any rights described herein, or wish to file a privacy complaint, please contact:

Bernadette Spencer, RN, MSN, FNP-C, FMACP Privacy Officer — Bernadette Spencer Family Health NP PLLC
d/b/a Raven Metabolic & Hormone Health
4027 Sodom Road, Gainesville, NY 14066
bspencer@ravenmhh.com  |  585-201-8874

This Policy was last reviewed and updated: May 2026

This document was prepared as a substantive drafting framework and reflects applicable federal HIPAA requirements, New York SHIELD Act requirements, and general best practices for healthcare practice websites as of May 2026.