Effective Date: March 30, 2026



Next Step Rehab LLC ("Next Step Rehab," "we," "us," or "our") is a Maryland-based mobile and in-home rehabilitation practice providing physical therapy (PT), occupational therapy (OT), and speech-language pathology (SLP) services. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website or contact us through any digital channel.

This Policy applies to website visitors and online inquiries only. For information about how we handle your protected health information (PHI) as a patient, please refer to our separate Notice of Privacy Practices, provided at the time of your initial evaluation.

1. Information We Collect

1.1 Information You Provide

We may collect the following categories of information when you voluntarily submit it through our website contact forms, email, phone, or appointment request tools:

• Full name and contact details (address, phone number, email address)
• Insurance information submitted for eligibility inquiries
• General health questions or service inquiries
• Referral source information
• Communications you send to us

1.2 Information Collected Automatically

When you visit our website, certain technical data may be collected automatically through standard web technology, including:

• IP address and general geographic location (city/region level)
• Browser type and operating system
• Pages visited and time spent on each page
• Referring URL (the page you visited before ours)
• Date and time of your visit

This information is collected to maintain website security, analyze traffic patterns, and improve user experience. It is not linked to your personal identity.

1.3 Cookies and Tracking Technologies

Our website may use cookies and similar technologies to enhance functionality and analyze usage. You may configure your browser to refuse cookies; however, some features of the site may not function properly as a result. We do not use cookies to track individual users across unaffiliated third-party websites.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Responding to inquiries and scheduling consultations or evaluations
• Verifying insurance eligibility prior to service delivery
• Communicating with referral sources and healthcare partners
• Improving our website content and digital services
• Complying with applicable federal and Maryland state laws
• Protecting the security and integrity of our systems

We do not use website-collected information for automated profiling, targeted advertising, or any purpose unrelated to the delivery and administration of rehabilitation services.

3. HIPAA and Protected Health Information

Next Step Rehab LLC is a HIPAA-covered entity. Any protected health information (PHI) you share in connection with clinical services is governed exclusively by our Notice of Privacy Practices and applicable provisions of the Health Insurance Portability and Accountability Act (HIPAA), 45 C.F.R. Parts 160 and 164.

We strongly advise against transmitting clinical health details through unsecured website contact forms or general email. For clinically sensitive communications, please contact our office directly by phone.

4. Disclosure of Your Information

4.1 Service Providers

We may share limited information with trusted third-party vendors who assist us in operating our website, managing communications, or verifying insurance — solely to the extent necessary to provide those services. These vendors are contractually required to protect your information and may not use it for any independent purpose.

4.2 Healthcare Partners and Referral Sources

With your knowledge and consent, we may communicate with referring physicians, hospitals, school-based programs, or other healthcare entities to coordinate care or confirm service arrangements.

4.3 Legal Requirements

We may disclose information when required by law, court order, regulatory mandate, or to protect the rights, safety, or property of Next Step Rehab LLC, our staff, or the public.

4.4 Business Transfers

In the event of a merger, acquisition, or transfer of substantially all business assets, your information may be transferred to the successor entity, subject to equivalent privacy protections.

4.5 No Sale of Information

We do not sell, rent, or trade your personal information to third parties for marketing or commercial purposes.

5. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect the information we collect against unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encrypted transmission of data via SSL/TLS protocols on our website
• Access controls limiting staff access to information on a need-to-know basis
• Secure storage of any submitted records or inquiries

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Retention of Information

We retain website-collected contact and inquiry information for as long as reasonably necessary to respond to your inquiry, fulfill service obligations, and comply with applicable record retention requirements under Maryland law. Clinical records are retained in accordance with our HIPAA-compliant records retention policy.

7. Third-Party Links

Our website may contain links to third-party websites, including insurance portals, health system directories, or scheduling platforms. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before submitting personal information.

8. Children's Privacy

Our website is not directed to children under the age of 13. We do not knowingly collect personal information from children without verifiable parental consent. If you believe we have inadvertently collected information from a minor, please contact us immediately so we may delete it.

9. Your Rights

Depending on your state of residence, you may have certain rights with respect to your personal information, including:

• The right to request access to or a copy of information we hold about you
• The right to request correction of inaccurate information
• The right to request deletion of information, subject to legal retention requirements
• The right to opt out of non-essential communications

To exercise any of these rights, please contact us using the information provided in Section 11. We will respond to verifiable requests within a reasonable time frame consistent with applicable law.

10. Updates to This Policy

We reserve the right to update this Privacy Policy at any time. Changes will be posted to our website with a revised effective date. Continued use of our website following any update constitutes your acceptance of the revised Policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us at:

Registered Agents LLC

Attn: Next Step Rehab LLC

5000 Thayer Center, Oakland, Maryland 21550

Email: privacy@nextsteprehab.com

Website: nextstep-rehab.com