Version Date: February 01, 2019
GATHERING, USE AND DISCLOSURE OF NON-PERSONALLY-IDENTIFYING INFORMATION
Users of the Website Generally
“Non-Personally-Identifying Information” is information that, without the aid of additional information, cannot be directly associated with a specific person. “Personally-Identifying Information,” by contrast, is information such as a name or email address that, without more, can be directly associated with a specific person. Like most website operators, Company gathers from users of the Website Non-Personally-Identifying Information of the sort that Web browsers, depending on their settings, may make available. That information includes the user’s Internet Protocol (IP) address, operating system, browser type and the locations of the websites the user views right before arriving at, while navigating and immediately after leaving the Website. Although such information is not Personally-Identifying Information, it may be possible for Company to determine from an IP address a user’s Internet service provider and the geographic location of the visitor’s point of connectivity as well as other statistical usage data. Company analyzes Non-Personally-Identifying Information gathered from users of the Website to help Company better understand how the Website is being used. By identifying patterns and trends in usage, Company is able to better design the Website to improve users’ experiences, both in terms of content and ease of use. From time to time, Company may also release the Non-Personally-Identifying Information gathered from Website users in the aggregate, such as by publishing a report on trends in the usage of the Website.
A “Web Beacon” is an object that is embedded in a web page or email that is usually invisible to the user and allows website operators to check whether a user has viewed a particular web page or an email. Company may use Web Beacons on the Website and in emails to count users who have visited particular pages, viewed emails and to deliver co-branded services. Web Beacons are not used to access users’ Personally-Identifying Information. They are a technique Company may use to compile aggregated statistics about Website usage. Web Beacons collect only a limited set of information, including a Web Cookie number, time and date of a page or email view and a description of the page or email on which the Web Beacon resides. You may not decline Web Beacons. However, they can be rendered ineffective by declining all Web Cookies or modifying your browser setting to notify you each time a Web Cookie is tendered, permitting you to accept or decline Web Cookies on an individual basis.
We may use third-party vendors, including Google, who use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimize and serve ads based on your past activity on the Website, including Google Analytics for Display Advertising. The information collected may be used to, among other things, analyze and track data, determine the popularity of certain content and better understand online activity. If you do not want any information to be collected and used by Google Analytics, you can install an opt-out in your web browser (https://tools.google.com/dlpage/gaoptout/) and/or opt out from Google Analytics for Display Advertising or the Google Display Network by using Google’s Ads Settings (www.google.com/settings/ads).
Aggregated and Non-Personally-Identifying Information
We may share aggregated and Non-Personally Identifying Information we collect under any of the above circumstances. We may also share it with third parties and our affiliate companies to develop and deliver targeted advertising on the Website and on websites of third parties. We may combine Non-Personally Identifying Information we collect with additional Non-Personally Identifying Information collected from other sources. We also may share aggregated information with third parties, including advisors, advertisers and investors, for the purpose of conducting general business analysis. For example, we may tell our advertisers the number of visitors to the Website and the most popular features or services accessed. This information does not contain any Personally-Identifying Information and may be used to develop website content and services that we hope you and other users will find of interest and to target content and advertising.
We may use hyperlinks on the Website which will redirect you to a social network if you click on the respective link. However, when you click on a social plug-in, such as Facebook’s “Like” button, Twitter’s “tweet” button or the Google+, that particular social network’s plugin will be activated and your browser will directly connect to that provider’s servers. If you do not use these buttons, none of your data will be sent to the respective social network’s plugin provider. So for example, when you click on the Facebook’s “Like” button on the Website, Facebook will receive your IP address, the browser version and screen resolution, and the operating system of the device you have used to access the Website. Settings regarding privacy protection can be found on the websites of these social networks and are not within our control.
COLLECTION, USE AND DISCLOSURE OF PERSONALLY-IDENTIFYING INFORMATION
As defined above, Personally-Identifying Information is information that can be directly associated with a specific person. Company may collect a range of Personally-Identifying Information from and about Website users. Much of the Personally-Identifying Information collected by Company about users is information provided by users themselves when (1) registering for our service, (2) logging in with social network credentials, (3) participating in polls, contests, surveys or other features of our service, or responding to offers or advertisements, (4) communicating with us, (5) creating a public profile or (6) signing up to receive newsletters. That information may include each user’s name, address, email address and telephone number, and, if you transact business with us, financial information such as your payment method (valid credit card number, type, expiration date or other financial information). We also may request information about your interests and activities, your gender, age, date of birth, username, hometown and other demographic or relevant information as determined by Company from time to time. Users of the Website are under no obligation to provide Company with Personally-Identifying Information of any kind, with the caveat that a user’s refusal to do so may prevent the user from using certain Website features.
BY REGISTERING WITH OR USING THE WEBSITE, YOU CONSENT TO THE USE AND DISCLOSURE OF YOUR PERSONALLY-IDENTIFYING INFORMATION AS DESCRIBED IN THIS “COLLECTION, USE AND DISCLOSURE OF PERSONALLY-IDENTIFYING INFORMATION” SECTION.
We may occasionally use your name and email address to send you notifications regarding new services offered by the Website that we think you may find valuable. We may also send you service-related announcements from time to time through the general operation of the service. Generally, you may opt out of such emails at the time of registration or through your account settings, though we reserve the right to send you notices about your account, such as service announcements and administrative messages, even if you opt out of all voluntary email notifications.
Company will disclose Personally-Identifying Information under the following circumstances:
- Third-Party Service Providers.We may share your Personally-Identifying Information, which may include your name and contact information (including email address) with our authorized service providers that perform certain services on our behalf. These services may include fulfilling orders, providing customer service and marketing assistance, performing business and sales analysis, supporting the Website’s functionality and supporting contests, sweepstakes, surveys and other features offered through the Website. We may also share your name, contact information and credit card information with our authorized service providers who process credit card payments. These service providers may have access to personal information needed to perform their functions but are not permitted to share or use such information for any other purpose.
Changing Personally-Identifying Information; Account Termination
COLLECTION AND USE OF INFORMATION BY THIRD PARTIES GENERALLY
We take the security of your Personally-Identifying Information seriously and use reasonable electronic, personnel and physical measures to protect it from loss, theft, alteration or misuse. However, please be advised that even the best security measures cannot fully eliminate all risks. We cannot guarantee that only authorized persons will view your information. We are not responsible for third-party circumvention of any privacy settings or security measures.
We are dedicated to protect all information on the Website as is necessary. However, you are responsible for maintaining the confidentiality of your Personally-Identifying Information by keeping your password confidential. You should change your password immediately if you believe someone has gained unauthorized access to it or your account. If you lose control of your account, you should notify us immediately.
The Children’s Online Privacy Protection Act (“COPPA”) protects the online privacy of children under 13 years of age. We do not knowingly collect or maintain Personally-Identifying Information from anyone under the age of 13, unless or except as permitted by law. Any person who provides Personally-Identifying Information through the Website represents to us that he or she is 13 years of age or older. If we learn that Personally-Identifying Information has been collected from a user under 13 years of age on or through the Website, then we will take the appropriate steps to cause this information to be deleted. If you are the parent or legal guardian of a child under 13 who has become a member of the Website or has otherwise transferred Personally-Identifying Information to the Website, please contact Company using our contact information below to have that child’s account terminated and information deleted.
CALIFORNIA PRIVACY RIGHTS
California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about the Personally-Identifying Information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of the Personally-Identifying Information that was shared and the names and addresses of all third parties with which we shared Personally-Identifying Information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to our privacy officer as listed below.
Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. Because there is not yet a common understanding of how to interpret the DNT signal, the Website currently does not respond to DNT browser signals or mechanisms.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. IT IS OUR LEGAL DUTY TO SAFEGUARD YOUR PROTECTED HEALTH INFORMATION (PHI) By law Upwell Advisors is required to ensure that your PHI is kept private. The PHI constitutes information created or noted by us that can be used to identify you. It contains data about your past, present, or future health or condition, the provision of health care services to you, or the payment for such health care. We are required to provide you with this Notice about our privacy procedures. This Notice must explain when, why, and how we would use and/or disclose your PHI. Use of PHI means when we share, apply, utilize, examine, or analyze information throughout the course of your treatment; PHI is disclosed when we release, transfer, give, or otherwise reveal it to a third party outside of Upwell Advisors. With some exceptions, we may not use or disclose more of your PHI than is necessary to accomplish the purpose for which the use or disclosure is made; however, we are always legally required to follow the privacy practices described in this Notice. Please note that we reserve the right to change the terms of this Notice and our privacy policies at any time as permitted by law. Any changes will apply to PHI already on file with us. Before we make any important changes to our policies, we will immediately change this Notice and post a new copy of it in the office. You may also request a copy of this Notice from us, or you can view a copy of it in the office. HOW WE WILL USE AND DISCLOSE YOUR PHI. We will use and disclose your PHI for many different reasons. Some of the uses or disclosures will require your prior written authorization; others, however, will not. Below you will find the different categories of my uses and disclosures, with some examples. Uses and Disclosures Related to Treatment, Payment, or Health Care Operations That Do Not Require Your Prior Written Consent. We may use and disclose your PHI without your consent for the following reasons: 1. For treatment: We can use your PHI within Upwell Advisors to provide you with mental health treatment, including discussing or sharing your PHI with staff members, your physicians, psychiatrist, psychologist, and other licensed health care providers who provide you with health care services or are otherwise involved in your care. Example: If a psychiatrist is treating you, we may disclose your PHI to her/him in order to coordinate your care. 2. For health care operations: We may disclose your PHI to facilitate the efficient and correct operation of daily operations. Examples: Quality control – we might use your PHI in the evaluation of the quality of health care services that you have received or to evaluate the performance of the health care professionals who provided you with these services. We may also provide your PHI to my attorneys, accountants, consultants, and others to make sure that we are in compliance with applicable laws. 3. To obtain payment for treatment: We may use and disclose your PHI to bill and collect payment for the treatment and services we provided you. Example: we might send your PHI to your insurance company or health plan in order to get payment for the health care services that we have provided to you. We could also provide your PHI to business associates, such as billing companies, claims processing companies, and others that process health care claims for my office. 4. Other disclosures: Examples: Your consent isn’t required if you need emergency treatment provided. Part of the admissions packet contained a Release for Emergency Medical Treatment which will be utilized in an instance of medical emergency. Certain Other Uses and Disclosures Do Not Require Your Consent: We may use and/or disclose your PHI without your consent or authorization for the following reasons: 1. When disclosure is required by federal, state, or local law; judicial, board, or administrative proceedings; or, law enforcement. Example: we may make a disclosure to the appropriate officials when a law requires us to report information to government agencies, law enforcement personnel and/or in an administrative proceeding. 2. If disclosure is compelled by a party to a proceeding before a court of an administrative agency pursuant to its lawful authority. 3. If disclosure is required by a search warrant lawfully issued to a governmental law enforcement agency. 4. If disclosure is compelled by the patient or the patient’s representative pursuant to California Health and Safety Codes or to corresponding federal statutes of regulations, such as the Privacy Rule that requires this Notice. 5. To avoid harm. We may provide PHI to law enforcement personnel or persons able to prevent or mitigate a serious threat to the health or safety of a person or the public (i.e., adverse reaction to meds). 6. If disclosure is compelled or permitted by the fact that you are in such mental or emotional condition as to be dangerous to yourself or the person 7. or property of others, and if I determine that disclosure is necessary to prevent the threatened danger. 8. If disclosure is mandated by the California Child Abuse and Neglect Reporting law. For example, if we have a reasonable suspicion of child abuse or neglect. 9. If disclosure is mandated by the California Elder/Dependent Adult Abuse Reporting law. For example, if we have a reasonable suspicion of elder abuse or dependent adult abuse. 10. If disclosure is compelled or permitted by the fact that you tell us of a serious/imminent threat of physical violence by you against a reasonably identifiable victim or victims. 11. For public health activities. Example: In the event of your death, if a disclosure is permitted or compelled, we may need to give the county coroner information about you. 12. For health oversight activities. Example: We may be required to provide information to assist the government in the course of an investigation or inspection of a health care organization or provider. 13. For specific government functions. Examples: We may disclose PHI of military personnel and veterans under certain circumstances. Also, we may disclose PHI in the interests of national security, such as protecting the President of the United States or assisting with intelligence operations. 14. For research purposes. In certain circumstances, we may provide PHI in order to conduct medical research. 15. For Workers’ Compensation purposes. We may provide PHI in order to comply with Workers’ Compensation laws. 16. Appointment reminders and health related benefits or services. Examples: We may use PHI to provide appointment reminders. We may use PHI to give you information about alternative treatment options, or other health care services or benefits we offer. 17. If an arbitrator or arbitration panel compels disclosure, when arbitration is lawfully requested by either party, pursuant to subpoena duces tectum (e.g., a subpoena for mental health records) or any other provision authorizing disclosure in a proceeding before an arbitrator or arbitration panel. 18. If disclosure is required or permitted to a health oversight agency for oversight activities authorized by law. Example: When compelled by U.S. Secretary of Health and Human Services to investigate or assess my compliance with HIPAA regulations. 19. If disclosure is otherwise specifically required by law. Certain Uses and Disclosures Afford You the Opportunity to Object: Disclosures to family, friends, or others. We may provide your PHI to a family member, friend, or other individual who you indicate is involved in your care or responsible for the payment for your health care, unless you object in whole or in part. Retroactive consent may be obtained in emergency situations. Other Uses and Disclosures Require Your Prior Written Authorization” In any other situation not described above, we will request your written authorization before using or disclosing any of your PHI. Even if you have signed an authorization to disclose your PHI, you may later revoke that authorization, in writing, to stop any future uses and disclosures (assuming that we haven’t taken any action subsequent to the original authorization) of your PHI by us. These are your rights with respect to your PHI: A. The Right to See and Get Copies of Your PHI: In general, you have the right to see your PHI or to get copies of it; however, you must request it in writing. If we do not have your PHI, but we know who does, we will advise you how you can get it. You will receive a response from me within 30 days of my receiving your written request. Under certain circumstances, we may need to deny your request, but if we do, we will give you, in writing, the reasons for the denial. We will also explain your right to have the denial reviewed. If you ask for copies of your PHI, we will charge you not more than $.25 per page. We may see fit to provide you with a summary or explanation of the PHI, but only if you agree to it, as well as to the cost, in advance. B. The Right to Request Limits on Uses and Disclosures of Your PHI: You have the right to ask that we limit how we use and disclose your PHI. While we will consider your request, we are not legally bound to agree. If we agree to your request, we will put those limits in writing and abide by them except in emergency situations. You do not have the right to limit the uses and disclosures that we are legally required or permitted to make. C. The Right to Choose How We Send Your PHI to You: It is your right to ask that your PHI be sent to you at an alternate address or by an alternate method (for example, via email instead of by regular mail). We are obliged to agree to your request providing that we can give you the PHI, in the format you requested, without undue inconvenience. We may not require an explanation from you as to the basis of your request as a condition of providing communications on a confidential basis. D. The Right to Get a List of the Disclosures We Have Made: You are entitled to a list of disclosures of your PHI that we have made. The list will not include uses or disclosures to which you have already consented, i.e., those for treatment, payment, or health care operations, sent directly to you, or to your family; neither will the list include disclosures made for national security purposes, to corrections or law enforcement personnel, or disclosures made before April 15, 2003. After April 15, 2003, disclosure records will be held for six years. We will respond to your request for an accounting of disclosures within 60 days of receiving your request. The list will include disclosures made during the time of your stay with Upwell Advisors. The list will include the date of the disclosure, to whom PHI was disclosed (including their address, if known), a description of the information disclosed, and the reason for the disclosure. We will provide the list to you at no cost, unless you make more than one request in the same year, in which case we will charge you a reasonable sum based on a set fee for each additional request. E. The Right to Amend Your PHI: If you believe that there is some error in your PHI or that important information has been omitted, it is your right to request that we correct the existing information or add the missing information. Your request and the reason for the request must be made in writing. You will receive a response within 60 days of our receipt of your request. We may deny your request, in writing, if we find that: the PHI is (a) correct and complete, (b) forbidden to be disclosed, (c) not part of our records, or (d) written by someone other than Upwell Advisors. Our denial must be in writing and must state the reasons for the denial. It must also explain your right to file a written statement objecting to the denial. If you do not file a written objection, you still have the right to ask that your request and the denial be attached to any future disclosures of your PHI. If we approve your request, we will make the change(s) to your PHI. Additionally, we will tell you that the changes have been made, and we will advise all others who need to know about the change(s) to your PHI. F. The Right to Get This Notice by Email: You have the right to get this notice by email. You have the right to request a paper copy of it, as well.
Attn: Lori Kelly, Director of Therapy Concierge Desk
Email: [email protected]