Privacy Policy

This Privacy Policy applies to Holsman Healthcare, LLC ("Holsman Healthcare," "we," "us," or "our") and its affiliated clinical entities:

• Holsman Physical Therapy & Rehabilitation, P.C. — Outpatient physical and occupational therapy, 19+ locations in New Jersey, New York, and Indiana (holsmanpt.com)
• Home Therapy PT Physical & Occupational Therapy LLC — Home-based PT/OT in Rockland County, NY and the tri-state area (hometherapypt.com)
• Home Therapy LLC — Home-based PT/OT in New Jersey

This policy governs information collected through our websites, online contact forms, employment applications, and other non-clinical digital interactions. For information about how we handle patient health information (Protected Health Information / PHI), please refer to our full HIPAA Notice of Privacy Practices, which governs all clinical patient care activities.

We collect information in two ways: information you provide to us directly, and information collected automatically when you use our websites.

We do not collect Social Security numbers, financial account numbers, or payment card information through our websites. Such information, if needed for employment purposes, is collected through secure, separate processes.

We use the information we collect for the following purposes:

• Responding to inquiries — To respond to questions, appointment requests, or service inquiries submitted through our contact forms;
• Employment and staffing — To evaluate therapist and staff applicants, verify credentials and licensure, and process employment applications for positions at Holsman Physical Therapy & Rehabilitation, Home Therapy PT, and affiliated entities;
• Credentialing and compliance — To verify that clinical staff are licensed, skilled, and appropriately credentialed in the disciplines and states in which they practice;
• Communications — To send you information about open positions, practice updates, or service information if you have requested it or consented to receive it;
• Website improvement — To analyze website usage, troubleshoot technical issues, and improve the user experience;
• Legal compliance — To comply with applicable federal and state laws, regulations, and legal process;
• Safety and fraud prevention — To detect and prevent fraud, unauthorized access, or other harmful activities.

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share your information in the following limited circumstances:

• Within our organization: Among Holsman Healthcare affiliates (Holsman PT, Home Therapy PT, Home Therapy LLC) for the purposes described in this policy;
• Service providers: With vendors who assist us in operating our websites, processing applications, or conducting background checks, under contractual obligations of confidentiality;
• Legal requirements: When required by law, court order, subpoena, regulatory authority, or to protect the rights, property, or safety of our organization or others;
• Business transfers: In connection with a merger, acquisition, or sale of assets, subject to standard confidentiality protections;
• With your consent: For any other purpose with your prior consent.

We do not disclose applicant information to outside recruiters, staffing agencies, or third-party employers without your express written consent.

Our websites may use cookies and similar tracking technologies to improve your browsing experience and analyze website traffic. These may include:

• Essential cookies: Required for the website to function properly (e.g., session management, form security);
• Analytics cookies: Used to understand how visitors interact with our website (e.g., Google Analytics). This data is aggregated and anonymized;
• Preference cookies: Used to remember your preferences (e.g., language settings).

You may disable cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our websites. We do not use advertising or tracking cookies for behavioral advertising or cross-site tracking.

Our websites may use Google Analytics. Google's privacy policy is available at policies.google.com/privacy. You may opt out of Google Analytics using the Google Analytics Opt-Out Browser Add-on.

We are a HIPAA covered entity. Our clinical operations comply with the HIPAA Privacy Rule (45 C.F.R. Part 164, Subpart E), the HIPAA Security Rule (45 C.F.R. Part 164, Subpart C), and the Breach Notification Rule (45 C.F.R. Part 164, Subpart D). We maintain Business Associate Agreements with all vendors who access PHI on our behalf.

Insurance accepted by our clinical entities includes: Medicare Part B, Veterans Administration (VA) / TRICARE, automobile no-fault, workers' compensation, and commercial PPO plans. We do not accept Medicaid or Managed Care HMO plans at this time.

Information collected from therapist applicants and employees — including physical therapists (PT, DPT), occupational therapists (OT, OTR/L), therapy assistants (PTA, COTA), and administrative staff — is used solely for:

• Evaluating qualifications, licensure, and fitness for clinical positions;
• Conducting required background checks and reference verifications, with applicant consent;
• Processing payroll, benefits, and employment records in compliance with applicable employment law;
• Fulfilling credentialing requirements for Medicare, state licensing boards, and insurance payors;
• Complying with IRS, state tax, and employment reporting obligations.

Applicant information is retained for a minimum period consistent with applicable state and federal employment law and then securely destroyed. We do not share applicant information with outside parties for placement purposes without explicit written consent.

We retain personal information for as long as necessary to fulfill the purposes described in this policy, or as required by applicable law:

• Contact inquiries: Retained for up to 2 years unless a continuing relationship exists;
• Employment applications (not hired): Retained for a minimum of 1 year as required by federal EEOC guidelines and applicable state law;
• Employee records: Retained for the duration of employment plus a minimum of 7 years, or longer as required by law;
• Website analytics data: Anonymized; retained per our analytics provider's standard retention settings;
• Clinical records / PHI: Governed by the HIPAA Notice of Privacy Practices and applicable state law (New Jersey: 10 years from last date of service; New York: 6 years from last date of service; Indiana: 7 years from last date of service; minors: until age of majority plus applicable retention period).

We implement appropriate administrative, technical, and physical security measures to protect personal information against unauthorized access, disclosure, alteration, or destruction. These measures include:

• SSL/TLS encryption for all data transmitted through our websites;
• Access controls limiting access to personal information on a need-to-know basis;
• Regular security assessments and staff training;
• Secure disposal of personal information when no longer needed.

No method of internet transmission or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. In the event of a data breach involving your personal information, we will notify you as required by applicable law.

Our websites may contain links to third-party websites (e.g., insurance portals, state licensing board sites, professional associations). This Privacy Policy does not apply to those third-party sites, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.

Our websites are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately and we will promptly delete it.

Minors who are patients of our clinical entities are subject to the protections described in our HIPAA Notice of Privacy Practices and applicable state law governing minor patient rights.

Depending on your state of residence, you may have certain rights regarding your personal information. You may contact us to:

• Access the personal information we hold about you;
• Correct inaccurate or incomplete information;
• Delete personal information, subject to legal retention requirements;
• Opt out of any marketing communications from us;
• Withdraw consent where we rely on consent as the basis for processing.

To exercise any of these rights, contact our Privacy Officer using the information below. We will respond within a reasonable time frame and in accordance with applicable law. Note that these rights apply to website and non-clinical data only. Rights regarding PHI are governed by our HIPAA Notice of Privacy Practices.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last Revised" date at the top of this page and, where appropriate, provide additional notice. Your continued use of our websites after any changes constitutes your acceptance of the updated policy.

We encourage you to review this policy periodically. The current version is always available at holsmanhealthcare.com/privacy, holsmanpt.com/privacy-policy, and hometherapypt.com/privacy.

If you have questions about this Privacy Policy, wish to exercise your rights, or need to report a concern, please contact our Privacy Officer: