Privacy Policy

Vital Ops Group
Effective Date: March 2026  |  Last Updated: March 2026

Summary

Vital Ops Group is committed to protecting your privacy and handling your information with transparency and care. This Privacy Policy explains how we collect, use, store, and protect information when you visit our website, use our services, or interact with our team. We are fully HIPAA-compliant and sign Business Associate Agreements (BAAs) with all healthcare clients.

Privacy questions? Contact us at: vitalopsgroup@gmail.com

1. Who We Are

Vital Ops Group is a full-service medical marketing and practice operations agency. We provide healthcare practices with integrated solutions across three core pillars:

  • AI-Powered Digital Presence — SEO, Generative Engine Optimization (GEO), and AI search visibility
  • Back-End Support Services — Virtual medical assistants, billing, scribes, insurance verification, and patient care coordination
  • Strategic Marketing — PPC management, social media, review generation, website design, and patient acquisition campaigns

Website: vitalopsgroup.com  |  Contact: 200 Pier Ave Ste 129, Hermosa Beach, CA, 90254, (213) 429-7104, vitalopsgroup@gmail.com

2. Information We Collect

We collect information in three ways: directly from you, automatically through your use of our website, and from third-party platforms that support our services.

2.1 Information You Provide Directly

  • Name, email address, phone number, and practice information submitted through contact or inquiry forms
  • Business details provided during onboarding or consultation calls
  • Communications and correspondence via email, phone, or chat
  • Billing and payment information (processed through secure, encrypted payment processors)
  • Any other information you voluntarily share when requesting services or support

2.2 Information Collected Automatically

  • IP address and general geographic location
  • Browser type, device type, and operating system
  • Pages visited, time on site, and referring URLs
  • Cookies and similar tracking technologies (see Section 7 for details)
  • Analytics data collected through tools such as Google Analytics

2.3 Information from Third-Party Platforms

When we manage marketing campaigns or digital platforms on your behalf, we may access performance data from Google Ads, Google Business Profile, Meta Business Manager, EMR/EHR systems you authorize, and review or social media platforms.

We access third-party platforms only to the extent necessary to deliver your contracted services. We do not sell or share this data with unaffiliated parties.

3. How We Use Your Information

We use the information we collect to deliver, improve, and support our services.

3.1 Service Delivery

  • Fulfill contracted SEO, GEO, marketing, and support services
  • Manage your campaigns, accounts, and operational workflows
  • Communicate with you about your account, projects, and results
  • Process billing and manage your service agreements

3.2 Business Operations

  • Respond to inquiries and schedule consultations
  • Analyze website usage to improve our digital presence and content
  • Maintain records required for legal, accounting, or compliance purposes

3.3 Marketing Communications

  • Send updates, case studies, and educational content relevant to medical marketing — only with your consent
  • Notify you about new services, features, or changes to our offerings

You may opt out of marketing emails at any time using the unsubscribe link in every communication.

3.4 Legal and Compliance

  • Comply with applicable laws, regulations, and legal processes
  • Enforce our Terms of Service and other agreements
  • Protect the rights, safety, and property of Vital Ops Group and our clients

4. HIPAA Compliance & Healthcare Data

Vital Ops Group works exclusively with medical practices. We take our responsibilities under the Health Insurance Portability and Accountability Act (HIPAA) seriously.

4.1 Our HIPAA Commitments

  • We sign a Business Associate Agreement (BAA) with every healthcare client before accessing any system that may contain Protected Health Information (PHI)
  • All staff with potential PHI exposure receive HIPAA training
  • We use encrypted data transmission and secure VPN access for all remote support operations
  • Regular security audits are conducted across all systems and integrations
  • Background checks are performed on all team members handling sensitive client data

4.2 AI Tools & Patient Data

  • Our AI chat, digital intake forms, and patient communication tools are deployed in HIPAA-compliant environments
  • We do not train AI models on identifiable patient data
  • Digital forms, insurance verification workflows, and appointment systems operate through HIPAA-compliant platforms only

4.3 Breach Notification

In the unlikely event of a data breach involving PHI, Vital Ops Group will notify affected clients within the timeframes required by HIPAA and applicable state law, and will cooperate fully with investigation and remediation efforts.

5. How We Share Your Information

We do not sell your personal information. We share data only in the following limited circumstances:

5.1 Service Providers

We work with trusted vendors who help us operate our business, including payment processors, cloud hosting providers, analytics tools, and project management platforms. All service providers are bound by confidentiality agreements.

5.2 Legal Requirements

We may disclose information when required by law, court order, or government authority, or when necessary to protect our legal rights or prevent harm.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you in advance.

5.4 With Your Consent

We may share your information in other ways with your explicit written consent.

6. Data Retention

We retain your information for as long as necessary to fulfill contractual obligations, comply with legal and accounting requirements, and resolve disputes. Client account data is typically retained for 7 years following contract termination. Healthcare data subject to HIPAA follows applicable retention schedules. When data is no longer required, it is securely deleted or anonymized.

7. Cookies & Tracking Technologies

Our website uses cookies and similar technologies to enhance your experience and understand visitor behavior.

Types of Cookies We Use

  • Essential Cookies — Required for the website to function. These cannot be disabled.
  • Analytics Cookies — Help us understand visitor behavior and improve our website (e.g., Google Analytics).
  • Marketing Cookies — Track the effectiveness of our advertising campaigns.
  • Preference Cookies — Remember your settings and choices across visits.

Your Cookie Choices

You can manage cookies through your browser settings. To opt out of Google Analytics, visit: tools.google.com/dlpage/gaoptout. Disabling certain cookies may limit website functionality.

8. Data Security

We implement industry-standard security measures to protect your information. Our safeguards include:

  • SSL/TLS encryption for all data in transit
  • Encrypted storage for sensitive data at rest
  • Role-based access controls limiting data access to authorized personnel only
  • Secure VPN connections for all remote support staff
  • Regular security audits and vulnerability assessments
  • Multi-factor authentication on critical systems

While no system is 100% secure, we are committed to maintaining the highest practical standards of data protection.

9. Your Rights & Choices

Access & Correction

You may request a copy of the personal information we hold about you and request corrections to any inaccurate or incomplete data.

Deletion

You may request deletion of your personal information, subject to our legal obligations and legitimate business needs.

Opt-Out of Marketing

You can unsubscribe from marketing communications at any time. We will honor your request within 10 business days.

California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information.

How to Exercise Your Rights

Email: vitalopsgroup@gmail.com. We will respond within 30 days of receipt. Identity verification may be required for certain requests.

10. Third-Party Links & Integrations

Our website and services may contain links to third-party websites or integrate with external platforms. Vital Ops Group is not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any external services you use.

11. Children's Privacy

Our services are intended for healthcare practices and business professionals. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that a minor has submitted personal information to us, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or services. When we make material changes, we will update the Effective Date, notify active clients via email with at least 14 days' notice, and post the updated policy on our website. Your continued use of our services after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Vital Ops Group  |  Privacy & Compliance Team
Email: vitalopsgroup@gmail.com
Phone: (213) 429-7104
Website: vitalopsgroup.com

Frequently Asked Questions

Does Vital Ops Group sell my personal information?

No. Vital Ops Group does not sell, rent, or trade your personal information to any third party under any circumstances.

Is Vital Ops Group HIPAA-compliant?

Yes. Vital Ops Group is fully HIPAA-compliant. We sign Business Associate Agreements (BAAs) with all healthcare clients, use encrypted data transmission, and conduct regular security audits.

How does Vital Ops Group protect patient data?

All AI chat tools, digital intake forms, insurance verification systems, and patient communication platforms operate within HIPAA-compliant environments with encrypted connections, role-based access controls, and trained, background-checked staff.

How long does Vital Ops Group retain my data?

Business data is retained for 7 years following contract termination to satisfy standard legal and accounting requirements. Healthcare data follows HIPAA-mandated retention schedules.

How can I request deletion of my data?

Email vitalopsgroup@gmail.com with your request. We will respond within 30 days and process eligible deletion requests promptly, subject to any legal retention obligations.

What cookies does the Vital Ops Group website use?

We use essential cookies (required for functionality), analytics cookies (visitor behavior via Google Analytics), and marketing cookies (campaign performance tracking). Cookie preferences can be managed through your browser settings.