Select Page

Southern California Multi-Specialty Center

Privacy Policy

Effective Date: May 18, 2026
Last Updated: May 18, 2026

1. Introduction & Scope

Southern California Multi-Specialty Center (“SCMSC,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, share, and protect information when you visit scmsc.com (the “Site”), submit information through forms available on the Site, or otherwise interact with us online.

This Privacy Policy covers the information we handle in our role as a website operator. It does not cover Protected Health Information (“PHI”) that we handle in our role as a healthcare provider. PHI is governed separately by our HIPAA Notice of Privacy Practices, which describes how we may use and disclose your health information and the rights you have over that information. See Section 8 for how this Privacy Policy and our HIPAA Notice work together.

By using the Site, you acknowledge that you have read this Privacy Policy. If you do not agree with how we handle information as described here, please do not use the Site.

2. Information We Collect

We collect three categories of information.

2.1 Information You Provide Directly

When you interact with the Site, you may choose to provide:

  • Contact information — name, email address, phone number, and any message content you submit through our contact forms.
  • Appointment request information — name, contact information, the service or department you are interested in, and any scheduling preferences you provide through appointment request forms on the Site.
  • Communication content — the content of any messages, inquiries, or feedback you send us.

Information submitted through Site forms is classified according to its content, not the form used to submit it. Contact and scheduling information is governed by this Privacy Policy. Protected Health Information — information that identifies you and relates to your care, your providers, treatments, conditions, or payment for that care — is governed by our HIPAA Notice of Privacy Practices, regardless of which Site channel was used to submit it. Site forms are not intended as a channel for clinical or sensitive health information; see Section 8 for how PHI is handled when it does arrive through a Site channel.

2.2 Information Collected Automatically

When you visit the Site, certain information is collected automatically through cookies, web beacons, server logs, and similar technologies. This may include:

  • Device and browser information — device type, operating system, browser type and version, screen resolution, and language preferences.
  • Network information — Internet Protocol (IP) address, approximate location derived from IP address, internet service provider, and referring URL.
  • Usage information — pages viewed on the Site, time spent on pages, links clicked, navigation patterns, and dates and times of access.
  • Analytics identifiers — cookie identifiers and similar tokens that allow us and our analytics providers to recognize returning visitors and aggregate usage data.

See Section 4 for more on cookies and tracking technologies and how to manage your preferences.

2.3 Information From Third Parties

We may receive information about you from third parties that help us operate the Site or understand how visitors use it. Categories include:

  • Analytics providers (such as Google Analytics and Google Search Console) — aggregated and pseudonymized data about Site usage.
  • Service providers and vendors that help us operate the Site, host content, or deliver services.
  • Advertising and marketing technology providers — if we use advertising platforms to reach Site visitors or potential patients, those platforms may share information about how their ads perform. We currently do not run paid advertising on social media or third-party ad networks; this category is included to cover future activities so this Policy continues to apply if our practices expand.
  • Publicly available sources — information that is lawfully made available to the public.

Information collected through linked third-party services that you visit by clicking a link on our Site (such as our MyChart patient portal or our HIPAA-compliant digital intake forms) is collected by those third parties, not by us through the Site. See Section 15.

3. How We Use Information

We use the information we collect for the following business and commercial purposes:

  • Responding to inquiries and appointment requests. Routing your messages and appointment requests to the appropriate department, contacting you to schedule or confirm appointments, and following up on your inquiries.
  • Operating and improving the Site. Hosting and maintaining the Site, securing it against unauthorized access, fixing bugs, and improving the visitor experience based on aggregated usage data.
  • Analytics and performance measurement. Understanding how visitors find and use the Site, which pages are most useful, and how to make our content more helpful to patients and prospective patients.
  • Marketing and communications. Sending communications about our services, providers, and content, where permitted by law and where you have not opted out. This may include future advertising and marketing activities using third-party platforms.
  • Security, fraud prevention, and legal compliance. Detecting and preventing fraudulent, unauthorized, or unlawful activity; investigating possible violations of our terms; and complying with applicable legal obligations.
  • Aggregated and de-identified analysis. Creating statistical and aggregated reports that do not identify any individual.

We do not use the information collected through the Site to make automated decisions that produce legal or similarly significant effects about you.

For email communications you receive from us — including newsletters and marketing communications — we comply with applicable email marketing laws, including the CAN-SPAM Act. Every marketing email clearly identifies the sender and includes an unsubscribe link. You may opt out of marketing communications at any time. Opting out of marketing communications does not affect transactional or service-related emails relating to your appointments, care, or account, which we may continue to send as necessary.

4. Cookies & Tracking Technologies

The Site uses cookies, pixels, software development kits, and similar technologies (collectively, “cookies“) to function properly, measure performance, and improve the visitor experience.

4.1 Categories of Cookies We Use

  • Strictly necessary cookies — required for the Site to function (e.g., loading pages, remembering security preferences). These cannot be disabled.
  • Functional cookies — remember choices you make (such as language) to improve your experience.
  • Analytics cookies — help us understand how visitors interact with the Site so we can improve it. We currently use Google Analytics and Google Search Console for this purpose. Google’s privacy practices are described at policies.google.com/privacy.
  • Advertising and marketing cookies — used to deliver and measure advertising. We do not currently use advertising cookies, but this category is included so that this Policy continues to apply if we begin doing so in the future. If we begin using advertising cookies, they will be subject to the consent and opt-out mechanisms described in Section 7.

4.2 Managing Your Cookie Preferences

The Site uses a cookie consent banner that lets you accept, reject, or customize the non-strictly-necessary cookies that are set on your device. You can change your preferences at any time by clicking the cookie preferences link on the Site. The banner also displays the current inventory of cookies in use, which may be updated from time to time as our tools change.

You can also control cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be notified when a cookie is set. Disabling cookies may affect Site functionality.

4.3 Global Privacy Control and Do Not Track

Some browsers and browser extensions offer a Global Privacy Control (“GPC”) signal that communicates a universal opt-out preference. Where required by applicable law, we honor GPC signals as a valid opt-out of the sale or sharing of personal information for cross-context behavioral advertising under the California Consumer Privacy Act (“CCPA”) and equivalent state laws.

Because there is no single industry standard for “Do Not Track” (“DNT”) browser signals, we do not respond to DNT signals at this time, except where they are interpreted as a GPC opt-out under applicable law.

5. How We Share Information

We share information with the following categories of recipients:

  • Service providers and vendors that perform services on our behalf — including website hosting, IT and security services, communications and email delivery, analytics, customer support, and scheduling. These providers are authorized to use the information only as needed to perform services for us and are contractually obligated to protect it.
  • Affiliates and professional partners — including providers and clinical staff who work at SCMSC locations, when sharing is necessary to respond to your inquiry or appointment request.
  • Legal and regulatory authorities — when required to comply with applicable law, respond to lawful requests from government authorities, enforce our terms, protect our rights or property, or protect the rights, property, or safety of patients, staff, or the public.
  • Professional advisors — including auditors, accountants, attorneys, and insurers, when reasonably necessary.
  • Successors in interest — in connection with a merger, acquisition, reorganization, sale of assets, or similar transaction, information may be transferred to the successor entity, subject to commitments at least as protective as this Policy.
  • With your consent or at your direction — any other party you authorize.

We do not share information we collect through the Site with third parties for those third parties’ own direct marketing purposes without your consent.

6. SMS / Text Message Communications

If you provide your mobile phone number through a form on the Site and consent to receive SMS or text messages from us, the following terms apply:

  • Type of messages. We may send text messages relating to your appointments, care coordination, intake instructions, and account-related notices. We do not send marketing or promotional text messages unless you have separately opted in to marketing communications.
  • Frequency. Message frequency varies based on your interactions with us.
  • Message and data rates. Standard message and data rates may apply depending on your mobile carrier and plan.
  • Help and opt-out. Reply HELP for help. Reply STOP to unsubscribe at any time. After replying STOP, you will receive a confirmation message and will not receive further texts unless you opt in again.
  • No sharing of SMS consent. Mobile phone numbers collected for SMS communications, and any SMS opt-in consent, are not shared with third parties or affiliates. SMS consent is collected separately from other consents and is not transferred, sold, or otherwise disclosed to any third party, including marketing affiliates, lead generators, or advertising partners, for promotional or marketing purposes.
  • Not a condition of service. Consent to receive SMS messages is not required as a condition of receiving care or other services from SCMSC.

7. Sale or Sharing of Personal Information

The California Consumer Privacy Act and similar laws use specific definitions of “sale” and “sharing”:

  • A “sale” includes disclosing personal information to a third party in exchange for valuable consideration.
  • Sharing” includes disclosing personal information to a third party for cross-context behavioral advertising — that is, targeting advertising to a consumer based on their activity across different websites or services.

7.1 Our Current Practices

We do not sell personal information collected through the Site, and we do not currently share personal information for cross-context behavioral advertising. We also do not knowingly sell or share the personal information of consumers we know to be under 16 years of age.

7.2 Future-Proofing for Advertising Activities

We may, in the future, use advertising and marketing technologies that could constitute “sharing” under the CCPA — for example, retargeting visitors who have previously visited the Site, or measuring the performance of advertising campaigns across third-party platforms. If we begin engaging in any activity that constitutes a sale or sharing of personal information, we will honor opt-out requests through the mechanisms described in Section 7.3 and will update this Policy if material disclosures change.

7.3 How to Opt Out

You may opt out of any future sale or sharing of your personal information in the following ways:

  • Submit a Global Privacy Control (“GPC”) signal through your browser or browser extension. We treat valid GPC signals as opt-out requests under the CCPA and equivalent state laws.
  • Submit a request by emailing [email protected] with the subject line “Do Not Sell or Share My Personal Information.”
  • Use the cookie preferences banner on the Site to reject advertising and marketing cookies.

We will process opt-out requests within the timeframes required by applicable law.

8. Protected Health Information and HIPAA

SCMSC is a healthcare provider subject to the Health Insurance Portability and Accountability Act (“HIPAA”). Under HIPAA, Protected Health Information (“PHI”) is information that identifies you and relates to your past, present, or future physical or mental health, the provision of healthcare to you, or payment for that care.

8.1 What This Privacy Policy Covers vs. What Our HIPAA Notice Covers

  • This Privacy Policy governs information collected and used in our role as a website operator — for example, contact form submissions, appointment request information, analytics data, and cookies.
  • Our HIPAA Notice of Privacy Practices governs PHI collected and used in our role as a healthcare provider — for example, information you provide on intake forms, information generated during clinical care, billing information, and information shared with other healthcare providers involved in your treatment.

Our HIPAA Notice of Privacy Practices is available on the Site and at any SCMSC location.

8.2 Information Collected Through the Site Is Not Designed to Be PHI

Site contact forms, appointment request forms, and other Site channels are not intended as a means of transmitting clinical or sensitive health information. Please do not include health information in a Site contact form, message, or other Site channel. If you have questions about your care or need to share health information, please contact us by phone or use the secure channels we provide for clinical communications — such as the MyChart patient portal or our HIPAA-compliant intake forms described in Section 15.

If health information that constitutes PHI is included in a Site form, message, or other communication — whether voluntarily or in response to a form field — we will treat that information as PHI under HIPAA from the time it reaches us and handle it in accordance with our HIPAA Notice of Privacy Practices and applicable law, regardless of the Site channel through which it was submitted.

8.3 Digital Intake Forms (Off-Site)

We use HIPAA-compliant digital intake forms that are hosted by third-party platforms and accessed by clicking a link from our Site or directly from a link we share with you. When you complete one of those intake forms, the information you submit is collected and processed by the intake-form platform on our behalf, governed by our HIPAA Notice of Privacy Practices and the platform’s HIPAA-compliance commitments — not by this Privacy Policy.

8.4 MyChart Patient Portal (Off-Site)

We provide a link to MyChart, a patient portal operated by Epic Systems Corporation. When you click the MyChart link, you leave our Site and access a service operated by Epic. Your use of MyChart is governed by Epic’s terms and privacy practices, by our HIPAA Notice of Privacy Practices, and by any agreements you enter with the MyChart service — not by this Privacy Policy.

9. Telehealth

SCMSC offers telehealth services. Telehealth visits do not occur through this Site. When telehealth is appropriate for your care, we will coordinate the visit through a separate, secure telehealth platform.

Information collected and used during telehealth visits is governed by our HIPAA Notice of Privacy Practices and the telehealth platform’s terms and privacy commitments — not by this Privacy Policy.

10. Data Retention

We retain information collected through the Site only as long as needed for the purposes described in this Privacy Policy or as required by law. Retention practices include:

  • Contact and appointment request information — retained for as long as needed to respond to your inquiry, schedule and provide services if you become a patient, and meet our recordkeeping obligations as a healthcare provider.
  • Analytics and usage information — retained for the period needed to understand Site performance, typically in aggregate or pseudonymized form.
  • Information required to be retained by law — retained for the period required by applicable law, regulation, or legal process.

When information is no longer needed, we delete, destroy, or de-identify it using methods consistent with applicable law and reasonable industry practice. Retention of PHI in clinical records is governed by our HIPAA Notice of Privacy Practices and applicable medical-records retention laws, not by this Privacy Policy.

11. Data Security

We use reasonable administrative, technical, and physical safeguards designed to protect information collected through the Site from unauthorized access, use, disclosure, alteration, or destruction. These safeguards include access controls, network protections, secure transmission for sensitive submissions, and vendor agreements that require service providers to maintain appropriate security.

No method of transmission over the internet or method of electronic storage is completely secure. While we work to protect your information, we cannot guarantee absolute security. If we become aware of a security incident affecting your information, we will notify you in accordance with applicable law.

Email and unsecured channels. Email and similar plain-text electronic communications are not inherently secure. Please do not send sensitive information — including Protected Health Information, financial information, or other confidential information — to us by email or through unsecured Site channels. If you send sensitive information through an unsecured channel, the information may be intercepted or accessed by third parties during transmission, and we cannot guarantee its confidentiality in transit. For sensitive health information, please use the secure channels we provide for clinical communications — the MyChart patient portal and our HIPAA-compliant intake forms described in Section 15 — or contact us by phone.

Safeguards for PHI in clinical settings are governed by the HIPAA Security Rule and are described in our HIPAA Notice of Privacy Practices.

12. Children’s Privacy

The Site is intended for use by adults. We do not knowingly collect personal information from children under the age of 13 through the Site, and we do not knowingly sell or share the personal information of consumers we know to be under 16 years of age.

If you are a parent or legal guardian and believe that a child has provided personal information to us through the Site, please contact us at [email protected] and we will take steps to delete that information.

Information about minors who are patients of SCMSC is handled under our HIPAA Notice of Privacy Practices and applicable state law governing minor-patient care, not under this Privacy Policy.

13. Your Privacy Rights

Your rights with respect to personal information depend on where you live and applicable law. This Section describes the rights available and how to exercise them.

13.1 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”):

  • Right to know. Request that we disclose the categories of personal information we have collected about you, the categories of sources, the business or commercial purposes for collection, the categories of third parties with whom we share personal information, and the specific pieces of personal information we have collected.
  • Right to delete. Request that we delete personal information we have collected from you, subject to legal exceptions.
  • Right to correct. Request that we correct inaccurate personal information we maintain about you.
  • Right to opt out of sale or sharing. As described in Section 7.
  • Right to limit use of sensitive personal information. Where applicable, limit our use of sensitive personal information to the purposes necessary to provide the requested goods or services. We do not currently use sensitive personal information for purposes that would trigger this right; if we begin doing so, we will provide a “Limit the Use of My Sensitive Personal Information” link and process such requests.
  • Right to non-discrimination. We will not discriminate against you for exercising any of these rights.

California “Shine the Light” Law. Under California Civil Code §1798.83, California residents may request information about the categories of personal information we have disclosed to third parties for those third parties’ direct marketing purposes in the prior calendar year. As described in Section 5, we do not share personal information with third parties for those third parties’ direct marketing purposes.

How to exercise these rights: Email [email protected] with the nature of your request, or call us at 818-900-6480. We will verify your identity using information reasonably necessary to confirm that the request is yours. We will respond within the timeframes required by law (generally 45 days, extendable by 45 additional days where reasonably necessary, with notice).

Authorized agents. You may designate an authorized agent to submit a request on your behalf. We may require the agent to provide written authorization signed by you and may verify your identity directly.

13.2 Residents of Virginia, Colorado, Connecticut, Utah

If you are a resident of Virginia, Colorado, Connecticut, or Utah, you have rights under your state’s privacy law that are similar to the CCPA/CPRA rights described above, including the right to access, delete, correct (where provided by your state law), opt out of certain processing, and exercise those rights without retaliation. You may also have the right to appeal a denial of your request.

To exercise these rights, email [email protected] or call 818-900-6480. We will respond within the timeframes required by your state’s law.

13.3 Residents of Other U.S. States

A growing number of U.S. states are adopting consumer privacy laws (including Texas, Oregon, Florida, Montana, Tennessee, Indiana, Iowa, Delaware, New Hampshire, New Jersey, and others). If you reside in a state with a consumer privacy law that applies to us, you may have rights similar to those described above. To exercise rights, contact us using the information in Section 17, and we will respond consistent with applicable law.

13.4 Residents of the European Economic Area, United Kingdom, and Switzerland

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you may have rights under the General Data Protection Regulation, the UK GDPR, or Swiss Federal Act on Data Protection — including rights to access, rectification, erasure, restriction of processing, data portability, objection to processing, and to withdraw consent where processing is based on consent. You may also have the right to lodge a complaint with your supervisory authority.

To exercise these rights, contact us using the information in Section 17.

13.5 Verification

To protect your information, we will take reasonable steps to verify your identity before responding to a request. The verification process may include matching information in your request against information we hold, requesting additional information, or other measures consistent with applicable law and the sensitivity of the information involved.

14. “Do Not Sell or Share My Personal Information”

As described in Section 7, we do not currently sell personal information or share personal information for cross-context behavioral advertising. To future-proof for activities we may engage in later, we provide the following mechanisms regardless:

  • Email “Do Not Sell or Share My Personal Information” to [email protected].
  • Submit a Global Privacy Control signal through your browser.
  • Reject advertising and marketing cookies in the cookie preferences banner on the Site.

If you have not exercised this right and we begin engaging in activities that would constitute selling or sharing, we will update the Site with a more prominent opt-out mechanism and update this Policy with material disclosures.

15. Third-Party Links and Services

The Site contains links to and references to third-party services. When you click a link to a third-party service, you leave the Site and are subject to that third party’s terms, privacy practices, and policies.

Linked third-party services on or referenced by the Site include:

  • MyChart patient portal operated by Epic Systems Corporation;
  • HIPAA-compliant digital intake form platforms used by SCMSC for new and returning patient intake;
  • The telehealth platform SCMSC uses when telehealth is appropriate for your care; and
  • Analytics, performance, and operational services that may set cookies or collect data as described in Sections 2 and 4.

Information collected by these third-party services is governed by their terms and privacy practices. For PHI handled by services operating as our HIPAA business associates, our HIPAA Notice of Privacy Practices also applies.

We are not responsible for the content, terms, or practices of third-party services that we link to or reference. Before providing information to a third-party service, please review its terms and privacy practices.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. The “Last Updated” date at the top of this Privacy Policy indicates when the Policy was most recently revised.

If we make material changes, we will provide notice through the Site (such as a banner or pop-up) or by other means we consider appropriate. We encourage you to review this Privacy Policy periodically.

This Privacy Policy is reviewed at least annually.

17. Contact Us

If you have questions about this Privacy Policy or how we handle information, or if you want to exercise any of the rights described in Section 13, please contact us:

Southern California Multi-Specialty Center
19950 Rinaldi St., Suite 101D
Porter Ranch, CA 91326

Email: [email protected]
Phone: 818-900-6480

For PHI and matters governed by our HIPAA Notice of Privacy Practices, please use the contact information above.

Userway menu