Privacy Policy

Effective Date: July 6, 2025

Updated: August 23, 2025

This Privacy Policy describes how Jerald Cook, MD, PC dba Med Fit Culture ("we," "our," or "us") collects, uses, and protects any information that you provide when you visit our website, use our services, or engage with our content. The terms "you" or "your" refer to users of this website and related services. By using this website, you consent to the practices described in this Privacy Policy.

1. Information We Collect

We may collect the following types of information:

a. Personal Information

This includes your name, email address, phone number, and other details you voluntarily submit when filling out forms, scheduling appointments, or subscribing to newsletters.

b. Usage Data

We collect non-personal information such as your browser type, IP address, pages visited, and referring website. This helps us analyze trends and improve our site’s performance.

2. How We Use Your Information

We use the information collected to:

• Respond to inquiries or service requests

• Provide educational content and coaching services

• Schedule consultations and manage appointments

• Send email communications or updates (with opt-out options)

• Improve our website, services, and user experience

• Comply with legal obligations

3. Medical Disclaimer

This website is primarily for education, marketing, and booking. Clinical care (telehealth visits, forms, messages, records, prescriptions) is handled in our HIPAA-compliant patient portal/EHR (Practice Better) and, when prescribing is appropriate, via DrFirst. We do not collect or store Protected Health Information (PHI) on our marketing website. PHI is exchanged and stored within our secure clinical systems; website interactions (cookies, analytics, contact forms without medical details) are governed by this Privacy Policy.

3A. Clinical vs. Website Data (PHI vs. non-PHI)

Med Fit Culture offers non-clinical health coaching and educational services, as well as clinical lifestyle medicine consultations through a separate process. Engaging with this website or booking a free consultation does not establish a physician–patient relationship.

Clinical services are available only in states where Dr. Jerald Cook is licensed (currently California and Nevada) and are conducted through HIPAA-compliant platforms when applicable.

4. Data Storage and Security

We protect your information using administrative, technical, and physical safeguards appropriate to the data type.

• Clinical data (PHI): Maintained in Practice Better (EHR/portal). When required, e-prescribing is performed through DrFirst. • We maintain Business Associate Agreements with PHI-handling vendors, use least-privilege, role-based access, and multi-factor authentication, and avoid unencrypted email/SMS for PHI.

• Website data (non-PHI): Stored in our website and marketing systems with access controls and encryption in transit.

• Payments: Payments may be processed via Stripe and/or QuickBooks Online (Intuit). We do not store full card numbers on our servers. These processors maintain PCI-DSS compliance.

No method of transmission or storage is 100% secure; you use this site at your own risk.

5. Cookies and Analytics

We may use cookies and third-party analytics tools to monitor user behavior and enhance your experience. You may disable cookies in your browser settings, although doing so may limit your access to some website features.

6. Third-Party Access and Sharing

We do not sell or rent your personal information. We may share data with trusted service providers who assist in operating our business, so long as they agree to keep the information confidential.

Information may also be disclosed when required by law, to protect our rights or property, or in the case of a security incident.

6A. Third-Party Processors (Healthcare Operations & Payments)

We share information with trusted vendors to operate our services. For PHI, we share only the minimum necessary for treatment, payment, or healthcare operations.

• Practice Better (EHR/Portal): Clinical scheduling, forms, secure messaging, records.

• DrFirst (E-Prescribing/EPCS): Electronic prescriptions, including controlled substances when clinically appropriate.

• Stripe / QuickBooks Online: Payment processing and invoicing (card data not stored on our servers).

Because third-party practices can change, please refer to those vendors’ current security statements for details. We review vendor security pages periodically and update our references as needed.

7. Use by Children

This website is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

8. Access, Updates, and Opt-Out

You may request to:

• View or correct your personal information

• Unsubscribe from email communications

• Delete your information from our records

To do so, please email: [email protected]

9. Changes to This Policy

We may update this Privacy Policy at any time without prior notice. The "Effective Date" above reflects the most recent changes. Continued use of this website after changes indicates your acceptance of the updated policy.

10. Your Rights Under GDPR (If Applicable)

If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR), including the right to access, correct, or delete your personal data. Please contact us if you wish to exercise these rights.

10A. Your California Privacy Rights (CPRA) (If Applicable)

If you are a California resident, you may have additional rights regarding personal information collected on this website (non-PHI), including rights to know, delete, correct, and opt out of certain sharing. To exercise these rights, contact [email protected]. These rights do not apply to PHI governed by HIPAA, which is covered by our HIPAA Notice of Privacy Practices.

11. Contact Us

For questions or concerns about this policy, contact:

Jerald Cook, MD

Med Fit Culture

[email protected]

By using this site or booking services, you agree to our Privacy Policy and Terms of Use.