ES Healthcare Consulting logo

Services

Practice Areas

Featured Projects

About

FAQ

Schedule a Meeting
M

Services

Practice Areas

Featured Projects

About

FAQ

Schedule a Meeting

Privacy Policy

Effective Date: June 23, 2026 | Last Updated: June 23, 2026

ES Healthcare Consulting ("Company," "we," "us," or "our") is committed to protecting the privacy and security of the personal data we collect and process. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data in connection with our website and business operations, and describes the rights available to consumers under the Virginia Consumer Data Protection Act ("VCDPA"), Va. Code §§ 59.1-575 through 59.1-585.

This Privacy Policy applies to personal data collected through our website and through our consulting services offered to residents of the Commonwealth of Virginia.

1. SCOPE AND APPLICABILITY

This Privacy Policy governs the processing of personal data of Virginia consumers (natural persons who are residents of the Commonwealth of Virginia acting in an individual or household context) in connection with our website and services. It does not apply to individuals acting in a commercial or employment context, or to data exempted under applicable law.

Certain data we process in connection with healthcare consulting activities may also be governed by the Health Insurance Portability and Accountability Act ("HIPAA") and related regulations. Where HIPAA applies, our HIPAA-specific Notice of Privacy Practices governs protected health information. This Privacy Policy addresses personal data processed outside the scope of HIPAA.

2. DEFINITIONS

As used in this Privacy Policy, the following terms have the meanings set forth below, consistent with the VCDPA (§ 59.1-575):

 

  • "Consumer" means a natural person who is a Virginia resident acting only in an individual or household context.
  • "Personal Data" means any information that is linked or reasonably linkable to an identified or identifiable natural person. Personal data does not include de-identified data or publicly available information.
  • "Sensitive Data" means a category of personal data that includes: data revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexual orientation, or citizenship or immigration status; genetic or biometric data processed for the purpose of uniquely identifying a natural person; personal data collected from a known child; or precise geolocation data.
  • "Controller" refers to ES Healthcare Consulting as the entity that determines the purposes and means of processing personal data.
  • "Processor" means a natural or legal person that processes personal data on behalf of the Controller.
  • "Processing" means any operation performed on personal data, whether manual or automated, including collection, use, storage, disclosure, analysis, deletion, or modification.
  • "Sale of Personal Data" means the exchange of personal data for monetary consideration by a controller to a third party.
  • "Targeted Advertising" means displaying advertisements to a consumer where the advertisement is selected based on personal data obtained from that consumer's activities over time and across nonaffiliated websites or online applications.

3. PERSONAL DATA WE COLLECT

3.1 Categories of Personal Data Collected

We may collect the following categories of personal data:

  • Identifiers: Identifiers: Names, email addresses, phone numbers, mailing addresses, and similar contact information you provide when contacting us or using our services.
  • Internet or Network Activity: Internet or Network Activity. IP addresses, browser type, pages visited on our website, referring URLs, time and date of access, and similar browsing data collected through cookies and similar technologies.
  • Professional or Employment-Related Information: Professional or Employment-Related Information: Job title, employer, professional credentials, or healthcare organization affiliation when provided in connection with our consulting services.
  • Communications Data: Communications Data: Records of correspondence, inquiries, and communications you send to us.
  • Sensitive Data (where applicable): Sensitive Data (where applicable). We may collect certain sensitive data categories as defined under the VCDPA only with your prior express consent, as further described in Section 6 below.

3.2 Data We Do Not Collect

We do not knowingly collect personal data from children under the age of 13 without verifiable parental consent as required by the Children's Online Privacy Protection Act ("COPPA") and the VCDPA. If you believe we have inadvertently collected personal data from a child, please contact us immediately at the information in Section 12.

4. HOW WE COLLECT PERSONAL DATA

We collect personal data from the following sources:

  • Directly from you when you: complete contact or inquiry forms on our website; subscribe to our newsletter or communications; engage us for consulting services; attend events or webinars we host; or otherwise communicate with us.
  • Automatically when you visit our website through the use of cookies, web beacons, pixels, and similar tracking technologies.
  • From third-party sources, such as business partners, referral sources, or publicly available records, to the extent permitted by applicable law.

5. PURPOSES FOR WHICH WE PROCESS PERSONAL DATA

We process personal data only for the purposes disclosed at the time of collection and for other purposes that are reasonably necessary and compatible with those original purposes, consistent with the VCDPA’s purpose limitation requirements. These purposes include:

  • Providing, operating, and improving our consulting services and website.
  • Responding to your inquiries, questions, and requests.
  • Communicating with you about our services, industry news, and updates (where you have not opted out).
  • Administering contracts and business relationships.
  • Complying with legal obligations, including applicable healthcare regulations and professional standards.
  • Protecting the security and integrity of our website and business operations.
  • Conducting internal research and analytics to improve our services.
  • Enforcing our legal rights and agreements.

We do not process personal data for purposes of targeted advertising or the sale of personal data to third parties for monetary consideration.

6. SENSITIVE DATA

To the extent our services involve the collection or processing of sensitive data as defined under Va. Code § 59.1-575, we will obtain your express consent prior to processing such data. Sensitive data is processed only for the specific purposes for which consent is given, unless otherwise required by law.

We conduct and document data protection assessments for processing activities involving sensitive data, as required by Va. Code § 59.1-580.

7. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

7.1 Processors and Service Providers

We may share personal data with third-party processors that perform services on our behalf, such as IT service providers, cloud hosting providers, email platforms, and analytics providers. We require all processors to comply with applicable data protection obligations through written contracts that meet the requirements of Va. Code § 59.1-579.

7.2 Other Disclosures

We may also disclose personal data:

  • To comply with legal obligations, court orders, regulatory requirements, or lawful requests from government authorities.
  • To protect the rights, property, or safety of ES Healthcare Consulting, our clients, or the public.
  • In connection with a merger, acquisition, sale of assets, or other business transactions, in which case the receiving party will be required to honor this Privacy Policy.
  • With your consent, or at your direction.

7.3 No Sale of Personal Data

ES Healthcare Consulting does not sell personal data to third parties for monetary consideration, as defined under Va. Code § 59.1-575. We also do not engage in targeted advertising using personal data obtained from consumers’ activities across nonaffiliated websites.

8. CONSUMER RIGHTS UNDER THE VCDPA

Virginia consumers have the following rights with respect to their personal data, as set forth in Va. Code § 59.1-577:

  • Right to Know (Access): Right to Know: You have the right to confirm whether we are processing your personal data and to access such data.
  • Right to Correct: Right to Correct: You have the right to correct inaccurate personal data we hold about you, considering the nature of the data and the purposes for which it is processed.
  • Right to Delete: Right to Delete: You have the right to request that we delete personal data you have provided to us or that we have obtained from you, subject to certain exceptions under Va. Code § 59.1-577.
  • Right to Data Portability: Right to Data Portability: You have the right to obtain a copy of the personal data you previously provided to us in a portable and, to the extent technically feasible, readily usable format.
  • Right to Opt Out: Right to Opt Out You have the right to opt out of the processing of your personal data for purposes of: (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. As noted above, we do not currently engage in targeted advertising or the sale of personal data.

8.1 How to Exercise Your Rights

To exercise any of the rights listed above, please submit a verifiable consumer request using one of the following methods:

We will respond to your request within 45 days of receipt. If additional time is needed, we will notify you within the initial 45-day period and may extend our response by an additional 45 days where reasonably necessary, consistent with Va. Code § 59.1-577(D). We will not charge a fee for responding to your request unless it is manifestly unfounded, excessive, or repetitive.

We may need to verify your identity before fulfilling your request. We will use reasonable measures to authenticate your request consistent with the sensitivity of the personal data involved.

8.2 Authorized Agents

You may designate an authorized agent to submit a consumer rights request on your behalf. We may require verification that the agent is authorized to act on your behalf and may require you to confirm the request directly with us. 

8.3 Appeal of Our Decision

If we decline to act on your consumer rights request, you have the right to appeal our decision. To appeal, please contact us in writing at the contact information in Section 12 within a reasonable time following receipt of our decision. We will respond to your appeal within 60 days of receipt, as required by Va. Code § 59.1-577(E). If your appeal is denied, you may submit a complaint to the Virginia Attorney General’s Office at:

Office of the Attorney General of Virginia

Consumer Protection Section

202 North Ninth Street

Richmond, Virginia 23219

Website: www.oag.state.va.us

    9. DATA MINIMIZATION AND RETENTION

    Consistent with Va. Code § 59.1-578(B)(3) and (4), we collect only the personal data that is adequate, relevant, and reasonably necessary for the purposes for which it is processed. We do not process personal data in a manner that is incompatible with the disclosed purposes of collection.

    We retain personal data for no longer than is reasonably necessary to fulfill the purposes for which it was collected, to comply with legal obligations, to resolve disputes, or to enforce our agreements. When personal data is no longer needed for these purposes, we securely delete or anonymize it.

      10. DATA SECURITY

      ES Healthcare Consulting establishes, implements, and maintains reasonable administrative, technical, and physical security measures to protect personal data from unauthorized access, acquisition, disclosure, destruction, use, modification, or loss, as required by Va. Code § 59.1-578(B)(5). The measures we employ are appropriate to the volume and nature of the personal data we process.

      Notwithstanding our security measures, no method of transmission over the internet or electronic storage is completely secure. We encourage you to use caution when transmitting sensitive information electronically.

        11. COOKIES AND TRACKING TECHNOLOGIES

        Our website may use cookies, pixels, and similar tracking technologies to enhance your experience, analyze usage patterns, and improve our services. We do not use these technologies for targeted advertising purposes.

        You may control cookie settings through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

          12. CONTACT INFORMATION

          For questions, concerns, or to exercise your consumer rights under this Privacy Policy or the VCDPA, please contact us at:

          ES Healthcare Consulting
          Email: info@eshealthcareconsulting.com

            13. CHANGES TO THIS PRIVACY POLICY

            We reserve the right to update or modify this Privacy Policy at any time. When we make material changes, we will revise the “Last Updated” date at the top of this Policy and, where appropriate, provide you with notice of the change. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

            Your continued use of our website or services following the posting of changes constitutes your acknowledgment of those changes.

              14. LEGAL DISCLAIMER

              This Privacy Policy is intended to comply with the Virginia Consumer Data Protection Act (Va. Code §§ 59.1-575 through 59.1-585) and other applicable law. Nothing in this Privacy Policy constitutes legal advice. ES Healthcare Consulting recommends consulting with qualified legal counsel to ensure compliance with all applicable data privacy laws, including but not limited to the VCDPA, HIPAA, and any other federal, state, or local laws that may apply to your specific circumstances.