top of page

Privacy Policy

Last Updated: March 13, 2026

1. Introduction

Welcome to Second Arrow (“Company,” “we,” “our,” or “us”). We are committed to protecting the privacy and security of our users and patients. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit www.secondarrowrva.com.

If we collect or process Protected Health Information (PHI), we do so in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and applicable U.S. privacy laws.

By using our website, you agree to the terms of this Privacy Policy.

2. Information We Collect

Personal Information

We may collect personal information such as:

  • Name

  • Email address

  • Phone number

  • Mailing address

  • Date of birth

Health Information (Protected Health Information – PHI)

If you submit medical or health information through our website (e.g., appointment requests, patient portals, intake forms), we may collect:

  • Medical history

  • Health conditions

  • Treatment information

  • Insurance information

This information may be considered Protected Health Information (PHI) under HIPAA.

Automatically Collected Information

When you visit our website, we may automatically collect:

  • IP address

  • Browser type

  • Device information

  • Pages visited

  • Date and time of visits

3. How We Use Your Information

We use collected information to:

  • Provide healthcare services

  • Schedule appointments

  • Communicate with patients

  • Process billing and insurance claims

  • Improve website functionality

  • Comply with legal and regulatory requirements

PHI will only be used or disclosed as permitted under HIPAA.

4. HIPAA Compliance and Safeguards

We maintain administrative, technical, and physical safeguards to protect Protected Health Information, including:

  • Secure servers and encrypted connections

  • Access controls and authentication systems

  • Staff training on HIPAA compliance

  • Monitoring and security audits

We only allow access to PHI to authorized personnel who require it to perform their job duties.

5. How We Share Information

We do not sell your personal or health information.

We may share information with:

Healthcare Providers

To coordinate treatment or care.

Business Associates

Third-party service providers who assist in operations (e.g., hosting providers, billing companies) and who have signed HIPAA-compliant Business Associate Agreements (BAAs).

Legal Requirements

We may disclose information when required by law, including:

  • Court orders

  • Law enforcement requests

  • Public health reporting

6. Cookies and Tracking Technologies

Our website may use cookies or similar technologies to:

  • Improve website functionality

  • Analyze website traffic

  • Enhance user experience

These tools do not intentionally collect PHI unless explicitly submitted by the user.

7. Data Security

We implement industry-standard security measures including:

  • SSL/TLS encryption

  • Secure data storage

  • Access restrictions

  • Regular system monitoring

While we strive to protect information, no online transmission is completely secure.

8. Patient Rights Under HIPAA

If we maintain your Protected Health Information, you may have the right to:

  • Request access to your medical records

  • Request corrections to inaccurate information

  • Request restrictions on certain uses or disclosures

  • Receive an accounting of disclosures

  • Request confidential communications

  • File a privacy complaint

To exercise these rights, contact us using the information below.

9. Third-Party Services

Our website may contain links to third-party websites or services. We are not responsible for their privacy practices.

If third-party vendors process PHI on our behalf, they must comply with HIPAA and sign a Business Associate Agreement (BAA).

10. Data Retention

We retain personal and health information only as long as necessary to:

  • Provide healthcare services

  • Comply with legal obligations

  • Maintain medical records as required by law

11. Children's Privacy

Our services are not intended for children under the age of 13 unless authorized by a parent or legal guardian.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised “Last Updated” date.

13. Contact Information

If you have questions about this Privacy Policy or our privacy practices, please contact:

Second Arrow

Privacy Officer: Leah Johnson
Address: 2200 Carrington St, Unit 100, Richmond, VA 23223
Email: admin@secondarrowrva.com
Phone: 804-217-1929

You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your privacy rights have been violated.

bottom of page