Patient Privacy and HIPAA Compliance
Arbor Wellness will be referred to in this Notice of Privacy Practices (“Notice”) as “Entity.” This Notice is given to you by Entity to describe the ways in which Entity may use and disclose your medical information (called “protected health information” or “PHI”) and to notify you of your rights with respect to PHI in the possession of Entity. Entity protects the privacy of PHI, which also is protected from disclosure by state and federal law. In certain circumstances, pursuant to this Notice, patient authorization or applicable laws and regulations, PHI can be used by Entity or disclosed to other parties. Below are categories describing these uses and disclosures, along with some examples to help you better understand each category.
Entity may use or disclose your PHI for the purpose of treatment, payment, and health care operations, described in more detail below, without obtaining written authorization from you. Please review carefully.
For Treatment: Entity may use and disclose PHI in the adherence of providing, managing, or coordinating your medical treatment, including the disclosure of PHI for treatment activities of another healthcare provider. These types of uses and disclosures may take place between physicians, nurses, technicians, students, and other health care professionals who provide you health care services or are otherwise involved in your care. Information obtained by Entity will be used to furnish healthcare services, items, and supplies to you. We will document in your record information related to the items dispensed to you and services provided to you.
For Health Care Operations: Entity may use and disclose PHI as part of their operations, including for quality assessment and improvement, such as evaluating the treatment and services you receive and the performance of our staff in caring for patients. Other activities include hospital training, underwriting activities, compliance and risk management activities, planning and development, and management and administration. Entity may disclose PHI to doctors, nurses, technicians, students, attorneys, consultants, accountants, and others for review and learning purposes. These disclosures help make sure that Entity is complying with all applicable laws, and are continuing to provide healthcare to patients at a high level of quality. Entity may also disclose PHI to other health care facilities plans for certain of their operations, including their quality assessment and improvement activities, credentialing and peer review activities, and health care fraud and abuse detection or compliance, provided that those other facilities and plans have, or have had in the past, a relationship with the patient who is the subject of the information.
For Payment: Entity may use and disclose PHI in order to collect payment for the health care services provided to you. For example, Entity may need to give PHI to your health plan in order to be reimbursed for the services provided to you. Facility may also disclose PHI to their business associates, such as billing companies, claims processing companies, and others that assist in processing health claims. Facility may also disclose PHI to other health care providers and health plans for the payment activities of such providers or health plans. The information on the bill may include identifying information as well as items and services you are receiving.
Other Uses and Disclosures in Which Authorization is Not Required
In addition to using and disclosing PHI for treatment, health care operations and payment, Entity may use and disclose PHI without written authorization under the following circumstances:
As Required by Law and Law Enforcement: Entity may use or disclose PHI when required by law. Entity may also disclose PHI when ordered to in a judicial and administrative proceeding, in response to subpoenas or discovery requests, to identify or locate a suspect, fugitive, material witness, or missing person, when dealing with gunshot and other wounds, about criminal conduct, to report a crime, its location or victims, or the identity, description or location of a person who committed a crime, or for other law enforcement purposes.
For Public Health Activities and Public Health Risks: Entity may disclose PHI to government officials in charge of collecting information about births and deaths, preventing and controlling disease, reports of child abuse or neglect and of other victims of abuse, neglect, or domestic violence, reactions to medications or product defects or problems, or to notify a person who may have been exposed to a communicable disease or may be at risk of contracting or spreading a disease or condition.
Coroners, Medical Examiners, and Funeral Directors: Entity may disclose PHI to coroners, medical examiners, and funeral directors for the purpose of identifying a decedent, determining a cause of death, or otherwise as necessary to enable these parties to carry out their duties consistent with applicable law.
For Health Oversight Activities: Entity may disclose PHI to the government for oversight activities authorized by law, such as audits, investigations, inspections, licensure or disciplinary actions, and other proceedings, actions or activities necessary for monitoring the health care system, government programs, and compliance with civil rights laws.
Organ, Eye, and Tissue Donation: Entity may release PHI to organ procurement organizations to facilitate organ, eye, and tissue donation and transplantation.
Research: Under certain circumstances, Facility may use and disclose PHI for medical research purposes.
To Avoid a Serious Threat to Health or Safety: Entity may use and disclose PHI to law enforcement personnel or other appropriate persons, to prevent or lessen a serious threat to the health or safety of a person or the public.
Lawsuits and Disputes: If you are involved in a lawsuit or a dispute, Facility may disclose health information about you in response to a court or administrative order.
Specialized Government Functions: Entity may use and disclose PHI of military personnel and veterans under certain circumstances. Entity may also disclose PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities, and for the provision of protective services to the President or other authorized persons or foreign heads of state or to conduct special investigations.
Workers’ Compensation: Entity may disclose PHI to comply with workers’ compensation or other similar laws. These programs provide benefits for work-related injuries or illnesses.
Health-Related Benefits and Services; Limited Marketing Activities: Entity may use and disclose PHI to inform you of treatment alternatives or other health-related benefits and services that may be of interest to you, such as disease management programs. Entity may use and disclose your PHI to encourage you to purchase or use a product or service through a face-to-face communication or by giving you a promotional gift of nominal value.
Disaster Relief: Entity may disclose medical information about you to an entity assisting in disaster relief so that your family can be notified about your condition, status and location.
Disclosures to you or for HIPAA Compliance Investigations: Entity may disclose your PHI to you or to your personal representative, and are required to do so in certain circumstances described below in connection with your rights of access to your PHI and to an accounting of certain disclosures of your PHI. Facility must disclose your PHI to the Secretary of the U.S. Department of Health and Human Services (the “Secretary”) when requested by the Secretary in order to investigate compliance with privacy regulations issued under the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)
Uses and Disclosures to Which You May Object
Other types of uses and disclosures of your PHI not described above will be made only with your written authorization, which you have the limited right to revoke in writing. You may object to the following uses and disclosures of PHI that Entity may make:
Disclosures to Individuals Involved in Your Health Care or Payment for Your Health Care: Unless you object, Entity may disclose your PHI to a family member, other relative, friend, or other person you identify as involved in your health care or payment for your health care. Entity may also notify those people about your location or condition.
Other Uses and Disclosures of PHI For Which Authorization is Required: Most uses and disclosures of psychotherapy notes, uses and disclosures of PHI for marketing purposes, and disclosures that constitute a sale of PHI require authorization. Other types of uses and disclosures of your PHI not described above will be made only with your written authorization, which with some limitations you have the right to revoke in writing.
Uses and Disclosures Subject to State and Other Laws: In addition to the federal privacy regulations that require this notice (called the “HIPAA” regulations), there are state and other federal health information privacy laws. These laws on occasion may require your specific written permission prior to disclosures of certain particularly sensitive information (such as mental health, drug/alcohol abuse, or HIV/AIDS information) in circumstances that the HIPAA regulations would permit disclosure without your permission. Entity is required to comply not only with the HIPAA regulations but also with any other applicable laws that impose stricter nondisclosure requirements.
Most uses and disclosures of psychotherapy notes, uses and disclosures of PHI for marketing purposes, and disclosures that constitute a sale of PHI require authorization. Other types of uses and disclosures of your PHI not described above will be made only with your written authorization, which with some limitations you have the right to revoke in writing.
Entity is required by law to maintain the privacy of your PHI, to provide individuals with notice of its legal duties and privacy practices with respect to PHI, to abide by the terms described in this Notice and to notify affected individuals following a breach of unsecured PHI. Entity reserves the right to change the terms of this Notice and of its privacy policies, and to make the new terms applicable to all of the PHI it maintains. Before Entity makes an important change to its privacy policies, it will promptly revise this Notice and post a new Notice on our website. You have the following rights regarding your PHI:
You may request the Entity restrict the use and disclosure of your PHI: Entity is not required to agree to any restrictions you request, but if the Entity does so it will be bound by the restrictions to which it agrees except in emergency situations.
You have the right to request that communications of PHI to you from Facility be made by particular means or at particular locations: For instance, you might request that communications be made at your work address, or by e-mail rather than regular mail. Your requests must be in writing and sent to the Privacy Officer. Your requests must be made in writing and sent to firstname.lastname@example.org. Entity will accommodate your reasonable requests without requiring you to provide a reason.
Generally, you have the right to inspect and copy your PHI that Entity maintains, provided that you make your request in writing and sent to email@example.com. Within thirty (30) days of receiving your request (unless extended by an additional thirty (30) days), Entity will inform you of the extent to which your request has or has not been granted. In some cases, Entity may provide you a summary of the PHI you request if you agree in advance to such a summary and any associated fees. If you request copies of your PHI or agree to a summary of your PHI, Entity may impose a reasonable fee to cover copying, postage, and related costs. If Entity denies access to your PHI, it will explain the basis for denial and your opportunity to have your request and the denial reviewed by a licensed health care professional (who was not involved in the initial denial decision) designated as a reviewing official. If Entity does not maintain the PHI you request, if it knows where that PHI is located it will tell you how to redirect your request.
If you believe that your PHI maintained by Entity contains an error or needs to be updated, you have the right to request that Entity correct or supplement your PHI. Your request must be made in writing and sent to firstname.lastname@example.org and it must explain why you are requesting an amendment to your PHI. Within sixty (60) days of receiving your request (unless extended by an additional thirty (30) days), Entity will inform you of the extent to which your request has or has not been granted. Entity generally can deny your request if your request relates to PHI: (i) not created by Entity; (ii) that is not part of the records Entity maintains; (iii) that is not subject to being inspected by you; or (iv) that is accurate and complete. If your request is denied, Entity will provide you a written denial that explains the reason for the denial and your rights to: (i) file a statement disagreeing with the denial; (ii) if you do not file a statement of disagreement, submit a request that any future disclosures of the relevant PHI be made with a copy of your request and Entity’s denial attached; and (iii) complain about the denial.
You generally have the right to request and receive a list of the disclosures of your PHI Entity has made at any time during the six (6) years prior to the date of your request. The list will not include disclosures for which you have provided a written authorization, and does not include certain uses and disclosures to which this Notice already applies, such as those: (i) for treatment, payment, and health care operations; (ii) made to you; (iii) for Entity’s patient directory or to persons involved in your health care; (iv) for national security or intelligence purposes; or (v) to correctional institutions or law enforcement officials. You should submit any such request to email@example.com, and within sixty (60) days of receiving your request (unless extended by an additional thirty (30) days), Entity will respond to your request. You have the right to receive a paper copy of this notice upon request, even if you have agreed to receive this notice electronically.
You may complain to Entity if you believe your privacy rights with respect to your PHI have been violated by contacting firstname.lastname@example.org and submitting a written complaint. Entity will in no manner penalize you or retaliate against you for filing a complaint regarding Entity’s privacy practices. You also have the right to file a complaint with the Secretary of the Department of Health and Human Services.
You have the right to receive PHI in an electronic format, if electronic medical records are in use in the facility.
You have the right to receive a paper copy of this notice upon request even if you have agreed to receive this notice electronically. To obtain a paper copy of this notice, please contact the Privacy Officer (Contact information below).
You have the right to receive notice in the event of a breach of confidentiality.
You have the right to opt out of all communications from our company including fundraising, call 866-771-1649.
You have the right to restrict disclosures of PHI to health plans if you have paid for services out of pocket in full.
We protect all personal health information in compliance with the standards of the national Health Insurance Portability and Accountability Act (HIPAA). We only release health information with the signed consent of patients. The only exceptions to this rule are if a patient reports suicidal or homicidal intentions, physical or sexual abuse or neglect of oneself, a minor or an elderly person. In these instances, our staff is required by law to contact the authorities.
Google AdWords remarketing service is provided by Google Inc.
You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads
Google also recommends installing the Google Analytics Opt-out Browser Add-on –https://tools.google.com/dlpage/gaoptout – for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/
- By email: email@example.com
- By phone number: 866-771-1649
- By mail: 370 Cumberland Way, Madison, TN, 37115
Facility will not penalize you or retaliate against you for filing a complaint regarding their privacy practices. You also have the right to file a complaint with the Secretary of the Department of Health and Human Services at 200 Independence Avenue, S.E., Washington, DC
Types of Data Collected
Arbor Wellness and it’s website, https://arborwellnessmh.com/ does not collect any information that personally identifies you unless you willingly provide it by sending it to us via webform or email. This personal information may include your name, phone number, or email address, and any other information that you provide to Arbor Wellness.
Arbor Wellness also gathers non-personally identifiable information such as pages visited, what web page each visitor came from, browser type, browser version, time and date of visit, the time spent on those pages, unique device identifiers, which hyperlinks were clicked, and other diagnostic data. Collecting this information tracks IP addresses, and browser software from each user that visits the site. The non-personal information that is collected helps us improve our services and our capabilities to help those struggling with addictive disorders. It also helps determine our effectiveness of the services we provide.
Arbor Wellness uses cookie technology. As a piece of data stored on a visitors hard drive, cookies are small files to help us improve your time visiting the site by identifying a repeat visitor and target the interests of our users. Cookies save passwords, helps track user preferences, and additionally sets language preferences. Users can choose to reject cookies from the website, though may have specific issues with the site if not accepted.
Some cookies we use are:
- Session Cookies: Used to operate our services.
- Preference Cookies: Used to remember your preferences in various settings.
- Security Cookies: Used for security purposes.
Information Collecting, Use, and Sharing
As owners of the information collected on this site, we have access to the information you voluntarily give us via web-form or other direct contact. We do not sell or give out this information to anybody.
Arbor Wellness may disclose your personal data in the good faith belief that such action is necessary to:
- To comply with legal obligation.
- To protect and defend the rights of Arbor Wellness.
- To prevent or investigate possible wrongdoing in connection with our Services.
- To protect the personal safety of users of the Service or the public.
- To protect against legal liability.
- To protect you if you become a potential threat to yourself or others, or if you fall ill and require hospitalization.
Third-Party Service Providers
We may employ third-party companies to manage our site and facilitate the use of web services on our behalf using database management, analytics, and improvement to each feature of the site. Such specific parties may have access to back-end user information to provide maximum services on behalf of Arbor Wellness. Using the information you submitted to address the reason you contacted us, for no reason do we ever trade, sell, or give away your information with any other company for any purposes without your consent.
At any time, you may opt out of future contact or use of your information by emailing firstname.lastname@example.org. You may also email the same address by to see what data we have about you, if any, correct and change any data, or express any concern you have over the data you have provided us.
Additionally, we reserve the right to report illegal activity to law enforcement for investigation.
At Arbor Wellness, we take extreme measures to protect your health information. Collecting confidential information using encryption and secure measures online, your information is also protected offline by designating specific staff members to access personal information. Our servers with the confidential information are kept in secure environments.
Arbor Wellness upholds our standards of security to the highest degree, however, no security system is impervious. By submitting your information to Arbor Wellness, you do so at your own risk. At any breach of information, Arbor Wellness will make any required disclosures to you of the breach of your security or confidentiality we have in our system.
Third Party Sites
There are some services, links, and content offered on the Arbor Wellness site that are often from third party sites other than Arbor Wellness. Arbor Wellness does not disclose any personal information to any Third Party Sites without your consent. While upholding your personal information Arbor Wellness does not endorse or is responsible for the privacy policies of any third party sites.
Arbor Wellness does not address anyone under the age of eighteen (18). If you are a parent or guardian and are aware that your children has provided us with personal data, please contact us. If we are aware that we have collected Personal Data from children without verification or parental consent, we take steps to remove their Personal Data from our servers.
Arbor Wellness was not designed for children eighteen (18) years of age and above and will not knowingly collect information of children that are above that designated age. By using our website, you agree and abide by the agreements that you are above twelve (12) years of age. If at any time, Arbor Wellness believes you are under the designated age of twelve (12) years old, Arbor Wellness at any time, without notice terminate your access to the website and rendered services and delete any personal and impersonal information you may have submitted through our website.