Privacy Policy for Larson Aeromedical Services

Purpose: To protect pilots’ personal and medical information, ensuring compliance with HIPAA and FAA regulations.

Policy:

1. Information Collected:

   • We collect personal data (e.g., name, contact details, FAA pilot certificate number) and medical information (e.g., health history, vision/hearing test results) required for FAA medical examinations via the FAA MedXPress system, in-person visits, or other communications.

   • Website cookies or analytics may collect non-personal data (e.g., IP addresses) to improve user experience.

2. Use of Information:

   • Data is used to conduct FAA medical examinations, process certifications, communicate with you, and comply with FAA and HIPAA requirements.

   • Medical data is submitted to the FAA as mandated by 14 CFR Part 67.

   • Anonymized data may be used for internal analytics (e.g., appointment trends).

3. Data Sharing:

   • Medical data is shared with the FAA as required for certification.

   • Limited data may be shared with trusted third parties (e.g., payment processors, scheduling software providers) to facilitate services, all HIPAA-compliant.

   • We do not sell or share personal data for marketing purposes.

   • Data may be disclosed to comply with legal obligations or protect our rights.

4. Data Security:

   • We use HIPAA-compliant encryption (e.g., SSL for online data) and secure storage for all personal and medical information.

   • Access is restricted to Dr. Larson and authorized staff trained in HIPAA compliance.

   • FAA MedXPress data is managed per FAA security protocols.

5. Patient Rights:

   • Request access to or correction of your medical records by contacting larsonaeromed@gmail.com. Medical records are only briefly retained, rarely.

   • Request restrictions on data sharing (where permitted by HIPAA/FAA rules).

   • Opt out of non-essential communications (e.g., appointment reminders) via n unsubscribe link on email communication, if any.

   • Complaints about privacy practices can be filed with us or the U.S. Department of Health and Human Services.

6. Retention:

   • Medical records are retained per FAA requirements (three years), then securely destroyed.

   • Non-medical data (e.g., contact info) is retained only as needed for business purposes.

7. Updates:

   • Policy updates are posted on www.larsonaeromed.com/privacy-policy with effective dates.

This policy was last updated on 24 June 2025