Phone Facebook Twitter Instagram Linkedin Youtube
Fertility egg donor logo.
The lgbt flag in a circle does not directly relate to fertility treatment or in vitro fertilization (IVF).

Privacy Policy

Notice of Privacy Practices | SpringCreek Fertility
Home  /  Privacy Policy

Notice of Privacy Practices

How We Protect, Use, and Disclose Your Protected Health Information

Effective Date: February 16, 2026  •  Last Updated: March 29, 2026
Updated for 2026 Compliance — Substance Use Disorder Records: This notice has been updated to reflect the February 16, 2026 compliance requirements under the final rule aligning 42 CFR Part 2 (Confidentiality of Substance Use Disorder Patient Records) with HIPAA, as mandated by Section 3221 of the CARES Act. If you have any questions about how these changes affect your care, please contact our Privacy Officer.

Our Commitment to Your Privacy

SpringCreek Fertility ("we," "our," or "the Practice") is committed to protecting the privacy and security of your protected health information (PHI). This Notice of Privacy Practices ("Notice") describes how medical information about you may be used and disclosed and how you can access this information. Please review it carefully.

We are required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, 42 CFR Part 2 (as applicable to substance use disorder records), and their implementing regulations to:

  • Maintain the privacy of your PHI
  • Provide you with this notice of our legal duties and privacy practices
  • Abide by the terms of the notice currently in effect

This notice applies to all locations where SpringCreek Fertility provides care:

Dayton
Main Fertility Center
Columbus
Fertility Center
Cincinnati
Fertility Center

Protected Health Information

Protected Health Information (PHI) is individually identifiable health information that relates to your past, present, or future physical or mental health; the provision of healthcare to you; or the past, present, or future payment for healthcare. PHI includes information maintained in any form, including electronic (ePHI), paper, and oral communications.

How We May Use and Disclose Your PHI

The following describes the ways we may use and disclose your PHI without your written authorization (except where otherwise noted). For each category, we provide a brief explanation. Not every possible use or disclosure is listed, but all uses and disclosures will fall within one of the categories described.

Treatment

We may use or disclose your PHI to provide, coordinate, or manage your healthcare and related services. This includes consultations between healthcare providers regarding your care, referrals to other providers, and coordination with laboratories, pharmacies, and other facilities involved in your fertility treatment.

Payment

We may use or disclose your PHI to obtain payment for healthcare services we provide, including billing your health plan or insurance company, verifying coverage, collecting payment, and conducting utilization review and pre-authorization activities.

Healthcare Operations

We may use or disclose your PHI for our healthcare operations, which include quality assessment and improvement, reviewing the competence or qualifications of healthcare professionals, conducting training programs, accreditation, licensing, credentialing, and business management activities.

Required by Law

We may use or disclose your PHI when required to do so by federal, state, or local law. This includes reporting to public health authorities, complying with court orders or administrative proceedings, and other legally mandated disclosures.

Public Health Activities

We may disclose your PHI for public health activities and purposes, including reporting to a public health authority authorized to collect or receive such information for the purpose of preventing or controlling disease, injury, or disability.

Health Oversight Activities

We may disclose your PHI to a health oversight agency for activities authorized by law, such as audits, investigations, inspections, licensure, and other proceedings related to the oversight of the healthcare system.

Abuse or Neglect

We may disclose your PHI to appropriate authorities if we reasonably believe you are a victim of abuse, neglect, or domestic violence, as required or authorized by applicable law.

Research

Under certain circumstances, we may use or disclose your PHI for research purposes, provided the research has been approved by an Institutional Review Board (IRB) or a privacy board that has reviewed the research proposal and protocols to ensure the privacy of your information.

Serious Threats to Health or Safety

We may use or disclose your PHI when necessary to prevent or lessen a serious and imminent threat to the health and safety of a person or the public, consistent with applicable law and professional standards of ethical conduct.

Workers' Compensation

We may disclose your PHI as authorized by and to the extent necessary to comply with workers' compensation or similar programs established by law.

Decedents

We may disclose PHI of a deceased individual to a coroner, medical examiner, or funeral director as necessary, and to a personal representative of the deceased individual's estate as authorized by HIPAA.

Appointment Reminders and Health-Related Communications

We may use your PHI to contact you with appointment reminders, treatment alternatives, or other health-related benefits and services that may be of interest to you.

Reproductive Health Information

As a reproductive medicine practice, we are committed to providing the highest level of privacy protection for your reproductive health information. We apply additional administrative safeguards to protect information related to fertility treatments, diagnoses, medications, genetic testing results (including PGT-A and PGT-M), and donor or gestational carrier arrangements.

We handle all reproductive health information in strict accordance with HIPAA and applicable Ohio state law. This extends to all services offered across our Dayton, Columbus, and Cincinnati locations, including IVF, IUI, egg freezing, egg donation, gestational carrying, and LGBTQIA+ family-building services.

Substance Use Disorder (SUD) Records — 42 CFR Part 2

Effective February 16, 2026

In accordance with the final rule aligning 42 CFR Part 2 with HIPAA, this notice addresses the privacy of substance use disorder (SUD) treatment records. The protections described below apply to any SUD records we create, receive, maintain, or transmit that are subject to 42 CFR Part 2. These records receive additional protections beyond those provided under HIPAA alone.

Consent Required for Treatment, Payment, and Operations

Unlike other protected health information, the use or disclosure of Part 2 SUD records for treatment, payment, and healthcare operations requires your written consent. You may provide a single written consent authorizing all future uses and disclosures of your SUD records for treatment, payment, and healthcare operations purposes. You have the right to revoke this consent at any time in writing; however, revocation will not apply to any uses or disclosures made in reliance on your consent before it was revoked.

Prohibition on Use in Legal Proceedings

SUD treatment records protected under 42 CFR Part 2 may not be used or disclosed in any civil, criminal, administrative, or legislative proceeding conducted by any federal, state, or local authority against you, the patient, unless you have provided specific written consent or a court has issued an authorizing order under Part 2.

Notice of Potential Re-Disclosure

Protected health information that we disclose to authorized recipients may be re-disclosed by those recipients and may no longer be protected by HIPAA or Part 2 regulations. However, recipients of Part 2 records who are subject to HIPAA or Part 2 must continue to protect SUD records in accordance with applicable law.

Fundraising Communications

If we intend to use or disclose SUD records subject to Part 2 for fundraising purposes, you have the right to opt out before receiving any such communications. We will not use Part 2-protected SUD records for fundraising without providing you the opportunity to opt out.

More Stringent Protections Apply

Where Part 2 imposes requirements that are more stringent than HIPAA, we will follow the more protective standard. The descriptions of uses and disclosures in this notice are limited by the requirements of Part 2 and any other law that is more restrictive than HIPAA.

Uses and Disclosures Requiring Your Written Authorization

We will obtain your written authorization before using or disclosing your PHI for purposes other than those described in this notice. You may revoke your authorization at any time by submitting a written request to our Privacy Officer. Revocation will not affect any actions we took in reliance on the authorization before receiving your revocation.

Specific categories requiring authorization include:

  • Marketing communications, unless they are face-to-face or involve promotional gifts of nominal value
  • Sale of your PHI to any third party
  • Most uses of psychotherapy notes, if applicable
  • Uses and disclosures of SUD records not otherwise described in this notice or permitted by Part 2

Other Uses and Disclosures — Sensitive Health Information

Certain categories of health information may receive additional protections under state or federal law, including but not limited to:

  • HIV/AIDS-related information
  • Substance use disorder treatment records (as described in the SUD Records section above)
  • Mental health records
  • Genetic information (including PGT-A, PGT-M, and other genetic testing results)

Where applicable, we will comply with these additional protections and obtain any additional consent or authorization required by law before disclosing such information.

Your Rights

Under HIPAA and applicable state law, you have the following rights with respect to your protected health information. To exercise any of these rights, contact our Privacy Officer.

Right to Access

You have the right to inspect and obtain a copy of your PHI maintained in your designated record set, including medical and billing records. We will respond within 30 calendar days (15 days for electronic records once final rules take effect). You may also request that we transmit a copy directly to a person or entity of your choice.

Right to Amend

You may request an amendment to your PHI if you believe the information is incorrect or incomplete. We will act on your request within 60 calendar days. We may deny the request if the information was not created by us, is not part of the designated record set, is not available for inspection, or is accurate and complete.

Right to Restrict

You may request restrictions on certain uses and disclosures of your PHI. We are required to agree to a restriction on disclosure to a health plan for payment or healthcare operations purposes if you paid out of pocket in full for the service. For other restrictions, we will consider your request but are not required to agree.

Right to Breach Notification

You have the right to be notified without unreasonable delay, and no later than 60 days following discovery, in the event of a breach of your unsecured PHI. This includes breaches of SUD records subject to 42 CFR Part 2, which are enforced by HHS Office for Civil Rights.

Right to Confidential Communications

You may request that we communicate with you about your health information in a specific way or at a specific location — for example, sending correspondence to a P.O. Box rather than your home address, or contacting you only on your mobile phone. We will accommodate reasonable requests.

Right to an Accounting of Disclosures

You may request a list of certain disclosures of your PHI that we have made during the six years prior to the date of your request, or since March 22, 2026, whichever is shorter. This accounting does not include disclosures for treatment, payment, or healthcare operations, or disclosures you authorized in writing.

Right to a Paper Copy of This Notice

You have the right to obtain a paper copy of this notice upon request at any time, even if you have previously agreed to receive it electronically. Contact our Privacy Officer or request a copy at any of our office locations during your visit.

Right to Direct Electronic Access

You may request that we transmit your electronic PHI maintained in an electronic health record system to a personal health application or other electronic destination of your choice. We will provide electronic copies at no charge to you.

Information Security

We maintain comprehensive administrative, technical, and physical safeguards designed to protect your PHI from unauthorized access, use, or disclosure. Consistent with proposed HIPAA Security Rule updates and current cybersecurity best practices, our safeguards include:

  • Workforce training on HIPAA privacy and security requirements conducted upon hire and at least annually
  • Role-based access controls limiting PHI access to authorized personnel with a legitimate need
  • Encryption of electronic PHI both in transit and at rest across all systems
  • Multi-factor authentication (MFA) for all systems that store or transmit ePHI
  • Physical security measures at all locations including locked records storage and restricted access areas
  • Annual security risk assessments, compliance audits, and vulnerability scanning at least every six months
  • Written incident response and disaster recovery procedures including system restoration protocols
  • Asset inventories of all systems and devices that create, receive, maintain, or transmit ePHI
  • Business associate agreements with all third-party service providers, with annual verification of security measures
  • Network segmentation and monitoring to detect and prevent unauthorized access to ePHI

Breach Notification

In the event of a breach of your unsecured PHI, we will notify you in accordance with the HITECH Act and applicable state law. Our breach notification procedures include:

  • Individual notification to affected patients without unreasonable delay and no later than 60 calendar days following discovery of the breach
  • Notification to the U.S. Department of Health and Human Services (HHS) as required by law
  • Notification to prominent media outlets if a breach affects more than 500 residents of a state or jurisdiction
  • For breaches of SUD records protected under 42 CFR Part 2, notification in accordance with the Part 2 breach notification requirements enforced by HHS OCR
  • Documentation and investigation of all potential breaches, including mitigation steps taken

Additionally, under Ohio law (Ohio Rev. Code § 1349.19), we will notify affected individuals as required by the Ohio data breach notification statute when applicable.

Website and Electronic Communications

Our website may collect certain information through cookies, analytics, and contact forms. Information submitted through our website contact forms or patient portal is transmitted using encryption technology. However, standard email is not a secure method of communication. We recommend using our secure patient portal for transmitting sensitive health information.

We do not use tracking technologies to collect PHI. Any analytics data collected through our website is de-identified and used solely for improving the user experience and website functionality. We do not sell website visitor data or use it for targeted advertising.

Third-Party Services

We may engage third-party service providers (business associates) to perform functions on our behalf that involve access to your PHI. These include electronic health record systems, billing services, laboratory partners, cloud storage providers, and other healthcare technology vendors.

All business associates are contractually required to safeguard your PHI in accordance with HIPAA and, where applicable, 42 CFR Part 2 requirements. We verify business associate compliance with security requirements on an annual basis.

Data Retention

We retain your medical records and PHI in accordance with applicable federal and state record retention requirements. In Ohio, medical records are generally retained in accordance with the standards established by the State Medical Board of Ohio and applicable Ohio Administrative Code provisions, which typically require retention for a period following the last date of treatment. Records of minors are retained until the patient reaches the age of majority (18) plus the applicable retention period.

SUD treatment records subject to 42 CFR Part 2 are retained in accordance with the applicable Part 2 requirements. When records are no longer required to be retained, they are destroyed in a secure manner that prevents unauthorized access.

State-Specific Provisions

Where Ohio state law or other applicable state laws provide greater protection for your health information than HIPAA, we will comply with the more protective standard. This includes but is not limited to additional protections for:

  • Reproductive health information
  • Genetic testing results (including preimplantation genetic testing)
  • HIV/AIDS-related information under Ohio Rev. Code § 3701.243
  • Mental health records under Ohio Rev. Code Chapter 5122

Because SpringCreek Fertility serves patients across southwestern Ohio, eastern Indiana, and northern Kentucky, we also comply with applicable privacy protections in those jurisdictions when treating patients who reside there.

Changes to This Notice

We reserve the right to change this notice at any time. Any revised notice will be effective for all PHI we maintain at that time, including PHI created or received before the revision. We will make the revised notice available on our website, post a copy at our Dayton, Columbus, and Cincinnati offices, and provide a copy to you upon request. Material changes will be highlighted in a summary at the top of the revised notice.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with our Privacy Officer or with the U.S. Department of Health and Human Services, Office for Civil Rights. You will not be penalized or retaliated against in any way for filing a complaint. Complaints must be filed in writing within 180 days of the date you knew or should have known of the act or omission complained of.

U.S. Department of Health and Human Services

Office for Civil Rights — Region V, Chicago Regional Office

233 N. Michigan Ave., Suite 240, Chicago, IL 60601

www.hhs.gov/ocr/complaints  |  800-368-1019

Contact Our Privacy Officer

For questions about this notice, to exercise any of your rights, to request a copy of this notice, or to file a complaint, please contact:

Practice
SpringCreek Fertility
Attn: Privacy Officer
Phone
937-458-5084
Website
springcreekfertility.com/contact
Locations
Dayton  •  Columbus  •  Cincinnati
© 2026 SpringCreek Fertility. All rights reserved.

 

Health Insurance Portability and Accountability Act of 1996

Notice of Privacy Practices

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

If you have any questions about this Notice, please contact our Privacy Officer at the number listed at the end of this Notice.

Each time you visit a healthcare provider, a record of your visit is made. Typically, this record contains your symptoms, examination and test results, diagnoses, treatment, a plan for future care or treatment, and billing-related information. This Notice applies to all of the records of your care generated by your health care provider.

Our Responsibilities

SpringCreek Fertility is required by law to maintain the privacy of your health information and to provide you with a description of our legal duties and privacy practices regarding your health information. The current Notice will be posted in the reception area. The notice will include the effective date. In addition, we will make our best effort to provide you with a copy of this notice that we request you acknowledge with your signature.

We are required by law to abide by the terms of this Notice and notify you if we make changes to this Notice, which may be at any time. Changes to the Notice will apply to your medical information that we already maintain as well as new information received after the change occurs. If we change our Notice, it will be posted in the reception area. You may also request that a revised Notice be sent to you in the mail or you may ask for one at your next appointment or appropriate visit. This Notice will also serve to advise you as to your rights with regard to your medical information.

How We May Use and Disclose Medical Information About You.

The following categories describe examples of the way we use and disclose medical information:

For Treatment: We may use medical information about you to provide, coordinate and manage your treatment or services. We may disclose medical information about you to other doctors, nurses, technicians (e.g. clinical laboratories or imaging companies), medical students, or other personnel who are involved in your care. We may communicate your information either orally or in writing by mail or facsimile.

We may also provide a subsequent healthcare provider with copies of various reports that should assist him or her in treating you. For example, your medical information may be provided to a physician to whom you have been referred so as to ensure that the physician has appropriate information regarding your previous treatment and diagnosis.

For Payment: We may use and disclose medical information about your treatment and services to bill and collect payment from you, your insurance company or a third party payer. For example, we may need to give your insurance company information before it approves or pays for the health care services we recommend for you.

For Health Care Operations: We may use or disclose, as needed, your health information in order to support our business activities. These activities may include, but are not limited to quality assessment activities, employee review activities, licensing, legal advice, accounting support, information systems support and conducting or arranging for other business activities. In addition, we may also call you by name in the waiting room when your physician is ready to see you. We may use or disclose your protected health information, as necessary, to contact you to remind you of your appointment by telephone or reminder card. If you choose to send photos of your family to our office, we may display them in areas that have public access.

Business Associates: There are some services provided in our organization through contracts with business associates. Examples include billing, collections, software support and quality assurance. When these services are contracted, we may disclose your health information to our business associate so that they can perform the job that we have asked them to do and bill you or your third-party payer for services rendered. To protect your health information, however, we require the business associate to appropriately safeguard your information through a written contract. In addition, business associates are individually required to abide by the HIPAA rules.

Other Permitted and Required Uses and Disclosures That May Be Made With Your Consent, Authorization or Opportunity to Object

We also may use and disclose your health information as set forth below. You have the opportunity to agree or object to the use or disclosure of all or part of your health information in these instances. If you are not present or able to agree or object to the use or disclosure of the health information (such as in an emergency situation), then your clinician may, using professional judgment, determine whether the disclosure is in your best interest. In this case, only the information that is relevant to your health care will be disclosed.

Psychotherapy Notes: HIPAA-defined psychotherapy notes recorded by SpringCreek Fertility will only be used or disclosed with authorization by you.

Individuals Involved in Your Care or Payment for Your Care: Unless you object, we may release medical information about you to a friend or family member who is involved in your medical care or who helps to pay for your care. In addition, we may disclose medical information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status and location.

Future Communications: We may communicate with you regarding financial remuneration for services received at SpringCreek Fertility.

OTHER PERMITTED AND REQUIRED USES AND DISCLOSURES THAT MAY BE MADE WITHOUT YOUR AUTHORIZATION OR OPPORTUNITY TO OBJECT

We may use or disclose your health information in the following situations without your authorization or without providing you with an opportunity to object. These situations include:

As required by law: We may use and disclose health information to the following types of entities, including but not limited to:

  • Food and Drug Administration
  • Public Health or Legal Authorities charged with preventing or controlling disease, injury or disability
  • Correctional Institutions
  • Workers Compensation Agents
  • Organ and Tissue Donation Organizations
  • Military Command Authorities
  • Health Oversight Agencies
  • Funeral Directors, Coroners and Medical Directors
  • National Security and Intelligence Agencies
  • Protective Services for the President and Others
  • Authority that receives reports on abuse and neglect

Law Enforcement/Legal Proceedings: We may disclose health information for law enforcement purposes as required by law or in response to a valid subpoena.

State-Specific Requirements: Many states have requirements for reporting including population-based activities relating to improving health or reducing health care costs.

HITECH Reporting Requirements: Per the Health Information Technology for Economic and Clinical Health (HITECH) Act; a part of the American Reinvestment and Recovery Act (ARRA) of 2009; SpringCreek Fertility is required to, and abides by the requirement to, report suspected breaches of unsecured PHI to both the potentially affected individuals and the Secretary of the Health and Human Services Department.

YOUR HEALTH INFORMATION RIGHTS

Although your health record is the physical property of SpringCreek Fertility that compiled it, you have the right to:

Inspect and Copy: You have the right to inspect and copy medical information that may be used to make decisions about your care. We ask that you submit these requests in writing. Usually, this includes medical and billing records, but does not include psychotherapy notes or information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding. We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to medical information, you may request that the denial be reviewed. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review. Requests for access to and copies of your medical information must be submitted to SpringCreek Fertility in writing. The practice may charge $40 for additional requests for records after the first.

Amend: If you feel that medical information we have about you is incorrect or incomplete, you may ask us to amend the information by submitting a request in writing. You have the right to request an amendment for as long as we keep the information. We may deny your request for an amendment and if this occurs, you will be notified of the reason for the denial.

An Accounting of Disclosures: You have the right to request an accounting of our disclosures of medical information about you except for certain circumstances, including disclosures for treatment, payment, health care operations or where you specifically authorized a disclosure. SpringCreek Fertility will provide the first accounting to you in any 12-month period without charge. The cost for subsequent requests for an accounting within the 12-month period will be $10.00. We ask that you submit these requests in writing.

Request Restrictions: You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment or health care operations. You also have the right to request a limit on the medical information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. For example, you could ask that we not use or disclose information about a procedure that you had. You have the right to restrict certain disclosures of Protected Health information to a health plan where you pay out of pocket in full for the healthcare item or service. We ask that you submit these requests in writing.

We are not required to agree to your request. If we do agree, we will comply with your request unless the information is needed to provide you with emergency treatment.

Request Confidential Communications: You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. We will agree to the request to the extent that it is reasonable for us to do so. For example, you can ask that we use an alternative address for billing purposes. We ask that you submit these requests in writing.

Notification of Breach: Individuals will receive notifications of any breaches of unsecured Protected Health Information.

A Paper Copy of This Notice: You have the right to a paper copy of this notice. You may ask us to give you a copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.

To exercise any of your rights, please obtain the required forms from the Privacy Officer and submit your request in writing.

COMPLAINTS

If you believe your privacy rights have been violated, you may file a complaint with us by calling (937) 458-5084 and asking for the Privacy Officer or by contacting the Secretary of the Federal Department of Health and Human Services. All complaints must be also submitted in writing. You will not be penalized for filing a complaint.

OTHER USES OF MEDICAL INFORMATION

Other uses and disclosures of medical information not covered by this Notice or the laws that apply to us will be made only with your written permission. If you provide us permission to use or disclose medical information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose medical information about you for the reasons covered by your written authorization. However, we are unable to take back any disclosures we have already made with your permission and we are required to retain our records of the care that we provided to you.

Privacy Officer: Lorie Nowak x101

Telephone Number: (937) 458-5084

CLAIMS REGARDING COPYRIGHT INFRINGEMENTS

Pursuant to the Digital Millennium Copyright Act (17 U.S.C. § 512), SpringCreek Fertility has implemented procedures for receiving written notification of claimed copyright infringement. We also have designated an agent to receive notices of claimed copyright infringement. If you believe in good faith that your copyright has been infringed, you may submit a notice. To be effective, a notice must be a written communication provided to SpringCreek Fertility and must contain:

  1. An electronic or physical signature of the person authorized to act on behalf of the owner of the copyrighted work that allegedly infringed;
  2. A identifying description of the copyrighted work that you claim has been infringed;
  3. A description specifying the location of the material that you claim to be infringing the copyrighted work;
  4. Your telephone number and e-mail address;
  5. A statement by you that you have a good faith belief that the disputed use is not authorized by the copyright owner, its agent, or the law; and
  6. A statement by you, made under penalty of perjury, that the information in your notice is accurate and that you are the copyright owner or authorized to act on the copyright owner’s behalf.

Our designated copyright agent for notice of alleged copyright infringement appearing on the website is Lorie Nowak, Chief Operating Officer, SpringCreek Fertility, 7095 Clyo Road, Centerville, OH 45459, [email protected].

Grow your family with SpringCreek.

Let's Get Started
Scroll to Top