Specialty Medical Equipment ("we," "us," or "our") operates the website at specialty-medical-equipment.polsia.app and related services. This Privacy Policy explains how we collect, use, disclose, and protect personal information about you when you use our website or services.
This policy applies to all visitors, patients, healthcare partners, and other individuals whose information we collect through our website, enrollment forms, and related services.
By using our website or submitting information through our enrollment or contact forms, you acknowledge you have read and understand this policy.
2. Information We Collect
We collect the following categories of personal information:
Health-related information: Diagnosis type, equipment needs, physician information, insurance carrier and policy details — collected solely to process Medicare equipment requests
Payment information: Not stored directly; billing handled through Medicare/insurance
Account credentials: Email and passkey data for patient portal accounts
Communications: Messages and inquiries submitted through contact forms
B. Information Collected Automatically
Usage data: Pages visited, time on site, referring URLs, browser type, device type
IP address and approximate location
Session identifiers (httpOnly cookies used for authentication)
Assessment responses: Answers to our equipment needs quiz and sleep apnea assessment (anonymized unless you provide contact info)
C. Information from Healthcare Partners
Referral information from physicians, hospitals, and insurance networks
We do not receive PHI (Protected Health Information) through our website — PHI transmissions occur through HIPAA-compliant channels
3. How We Use Your Information
We use collected information for the following purposes:
Service delivery: Process enrollment and insurance verification, arrange delivery of medical equipment
Patient communication: Appointment reminders, order status, supply replenishment
Healthcare coordination: Coordinating with physicians and insurance companies on your behalf
Website improvement: Analyzing usage patterns to improve content and navigation (analytics cookies, only with your consent)
Legal compliance: Meeting Medicare documentation and record-keeping requirements
Security: Preventing fraud and unauthorized access
Partner support: Managing DME provider partners and referral networks
We do not use health information for marketing purposes, and we do not sell or rent your personal information to third parties.
4. How We Share Information
We may share your personal information with:
Healthcare providers and physicians — to coordinate care as directed by you or your provider
Insurance companies — to verify coverage and process claims on your behalf
Service providers — companies that host our website, send emails on our behalf, or provide technical support (under data processing agreements)
Legal authorities — when required by law, court order, or to protect our legal rights
Business successors — in the event of a merger, acquisition, or sale of assets (you will be notified)
We do not sell your personal information. We do not share your personal information with third parties for cross-context behavioral advertising.
5. Cookies & Tracking Technologies
We use the following types of cookies and similar technologies:
Essential Cookies (Always Active)
Session cookies (SME_AUTH): Authenticate patient portal and partner sessions. httpOnly, secure, 7-day TTL.
Consent preference cookie: Stores your cookie consent choice in localStorage so we don't show the banner on every visit.
Analytics Cookies (Consent Required)
Anonymous usage analytics to understand how visitors use our site — which pages are most helpful, where people get confused, and what content is most valuable to patients. No personal information is included in analytics events.
Marketing/Tracking Cookies (Consent Required)
We do not currently use advertising or cross-site tracking cookies. If we introduce them in the future, we will ask for your explicit consent before activating them.
We honor the Global Privacy Control (GPC) browser signal. If your browser sends a GPC signal, we automatically treat it as an opt-out of non-essential cookies and data sharing.
6. Your Privacy Rights (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:
Your California Privacy Rights
Right to Know: You may request information about the categories of personal information we have collected about you, the purposes for collection, and the categories of third parties with whom we share it.
Right to Access: You may request a copy of the specific personal information we have collected about you in the past 12 months.
Right to Delete: You may request that we delete personal information we have collected about you, subject to certain exceptions (e.g., completing a transaction, legal obligations).
Right to Opt Out of Sale/Sharing: You may opt out of the "sale" or "sharing" of your personal information. Note: We do not currently sell your personal information. You can submit an opt-out request at any time using our opt-out form.
Right to Correct: You may request that we correct inaccurate personal information.
Right to Limit Use of Sensitive Personal Information: You may request that we limit use of sensitive personal information (such as health data) to what is necessary to provide our services.
Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights. See Section 8.
Residents of other states (Colorado, Connecticut, Virginia, Texas, etc.) may have similar rights under applicable state law. We process requests from all U.S. residents.
7. How to Submit a Privacy Request
To exercise any of your privacy rights, you may:
Submit a Privacy Request
Use our online form to submit a data access, deletion, or opt-out request. We will respond within 45 days.
We will take reasonable steps to verify your identity before fulfilling a request. For patient records, we may require matching information such as name, email, and the last four digits of your SSN or date of birth, consistent with HIPAA requirements.
Authorized Agents
You may designate an authorized agent to submit requests on your behalf. The agent must provide written authorization, and we may verify the agent's identity and your authorization.
Response Timeline
We will acknowledge your request within 10 business days and provide a substantive response within 45 calendar days (extendable to 90 days with notice if reasonably necessary).
8. Non-Discrimination
We will not discriminate against you for exercising your privacy rights. This means we will not:
Deny you goods or services
Charge you different prices or provide a different level of service
Suggest that you will receive a different price or quality of service
Your access to medical equipment and Medicare enrollment assistance is not affected by any privacy rights request you submit.
9. Children's Privacy
Our services are directed at adults 18 years and older. We do not knowingly collect personal information from individuals under 13. If you believe a minor has submitted information through our website, please contact us at privacy@specialtyhme.com and we will promptly delete it.
10. Data Security
We implement reasonable technical and organizational measures to protect your personal information, including:
HTTPS encryption for all data in transit
Encrypted storage of authentication tokens
Access controls limiting employee access to personal information
Session management with secure, httpOnly cookies
No data transmission over the Internet can be guaranteed 100% secure. If you believe your information has been compromised, please contact us immediately.
11. Data Retention
We retain personal information for as long as necessary to fulfill the purposes outlined in this policy, or as required by law:
Patient enrollment data: 7 years (Medicare audit requirements)
Contact form submissions: 2 years
Assessment quiz results: 12 months (anonymized after 30 days unless contact info provided)
Website analytics: 13 months (analytics are anonymized)
Session tokens: 7 days (auto-expiring)
Upon a valid deletion request, we will delete or anonymize your information within 45 days, except where retention is required by law or necessary to complete ongoing transactions.
12. Contact Us
For privacy-related questions, requests, or concerns, contact us through any of the following:
Mail: Specialty Medical Equipment — Privacy Office, United States
We may update this Privacy Policy from time to time. Material changes will be communicated via a notice on our website. The "Last Updated" date at the top reflects the most recent revision.