Stairway Resource Center operates the stairwayrecovery.com website, which provides adult mental health and addiction treatment services.
USES AND DISCLOSURES OF HEALTH INFORMATION
Stairway Resource Center is committed to protecting the privacy of the personal and health information we collect or create as part of providing health care services to our clients, known as “Protected Health Information” or “PHI”. PHI typically includes your name, address, date of birth, billing arrangements, care, and other information that relates to your health, health care provided to you, or payment for health care provided to you. PHI DOES NOT include information that is de- identified or cannot be linked to you.
This notice of Health Information Privacy Practices (the “Notice”) describes Stairway Resource Center’s duties with respect to the privacy of PHI, Stairway Resource Center’s use of and disclosure of PHI, client rights and contact information for comments, questions, and complaints.
HEALTH INFORMATION PRIVACY PROCEDURES AND LEGAL OBLIGATIONS
Stairway Resource Center obtains most of its PHI directly from you, through care applications, assessments and direct questions. We may collect additional personal information depending upon the nature of your needs and consent to make additional referrals and inquiries. We may also obtain PHI from community health care agencies, other governmental agencies or health care providers as we set up your service arrangements.
Stairway Resource Center is required by law to provide you with this notice and to abide by the terms of the Notice currently in effect. Stairway Resource Center reserves the right to amend this Notice at any time to reflect changes in our privacy practices. Any such changes will be applicable to and effective for all PHI that we maintain including PHI we created or received prior to the effective date of the revised notice. Any revised notice will be mailed to you or provided upon request.
Stairway Resource Center is required by law to maintain the privacy of PHI. Stairway Resource Center will comply with federal law and will comply with any state law that further limits or restricts the uses and disclosures discussed below. In order to comply with these state and federal laws, Stairway Resource Center has adopted policies and procedures that require its employees to obtain, maintain, use and disclose PHI in a manner that protects client privacy.
HEALTH INFORMATION USES AND DISCLOSURES WITH YOUR AUTHORIZATION
Except as outlined below, Stairway Resource Center will not use or disclose your PHI without your written authorization. The authorization form is available from Stairway Resource Center (at the address and phone number below). You have the right to revoke your authorization at any time, except to the extent that Stairway Resource Center has taken action in reliance on the authorization.
The law permits Stairway Resource Center to use and disclose your PHI for the following reasons without your authorization:
For Your Treatment: We may use or disclose your PHI to physicians, psychologists, nurses and other authorized healthcare professionals who need your PHI in order to conduct an examination, prescribe medication or otherwise provide health care services to you.
To Obtain Payment: We may use or disclose your PHI to insurance companies , government agencies or health plans to assist us in getting paid for our services . For example, we may release information such as dates of treatment to an insurance company in order to obtain payment.
For Our Health Care Operations: We may use or disclose your PHI in the course of activities necessary to support our health care operations such as performing quality checks on your employee services. We may also disclose PHI to other persons not in Stairway Resource Center’s workforce or to companies who help us perform our health services (referred to as “Business Associates”) we require these business associates to appropriately protect the privacy of your information .
As Permitted or Required By The Law: In some cases we are required by law to disclose PHI. Such as disclosers may be required by statute, regulation court order, government agency, we reasonably believe an individual to be a victim of abuse, neglect or domestic violence: for judicial and administrative proceedings and enforcement purposes.
For Public Health Activities: We may disclose your PHI for public health purposes such as reporting communicable disease results to public health departments as required by law or when required for law enforcement purposes.
For Health Oversight Activities: We may disclose your PHI in connection with governmental oversight, such as for licensure, auditing and for administration of government benefits.
To Avert Serious Threat to Health and Safety: We may disclose PHI if we believe in good faith that doing so will prevent or lessen a serious or imminent threat to the health and safety of a person or the public.
Disclosures of Health Related Benefits or Services: Sometimes we may want to contact you regarding service reminders, health related products or services that may be of interest to you, such as health care providers or settings of care or to tell you about other health related products or services offered at Stairway Resource Center. You have the right not to accept such information.
Incidental Uses and Disclosures: Incidental uses and disclosures of PHI are those that cannot be reasonably prevented, are limited in nature and that occur as a by-product of a permitted use or disclosure. Such incidental used and disclosures are permitted as long as Stairway Resource Center use reasonable safeguards and use or disclose only the minimum amount of PHI necessary.
To Personal Representatives: We may disclose PHI to a person designated by you to act on your behalf and make decisions about your care in accordance with state law. We will act according to your written instructions in your chart and our ability to verify the identity of anyone claiming to be your personal representative.
To Family and Friends: We may disclose PHI to persons that you indicate are involved in your care or the payment of care. These disclosures may occur when you are not present, as long as you agree and do not express an objection. These disclosures may also occur if you are unavailable, incapacitated, or facing an emergency medical situation and we determine that a limited disclosure may be in your best interest. We may also disclose limited PHI to public or private entity that is authorized to assist in disaster relief efforts in order for that entity to locate a family member or other person that may be involved in caring for you. You have the right to limit or stop these disclosures.
YOUR RIGHTS CONCERNING HEALTH INFORMATION PRIVACY
Access to Certain Records: You have the right to inspect and copy your PHI in a designated record set except where State law may prohibit client access. A designated record set contains medical and billing and case management information. If we do not have your PHI record set but know who does, we will inform you how to get it. If our PHI is a copy of information maintained by another health care provider, we may direct you to request the PHI from them. If Stairway Resource Center produces copies for you, we may charge you up to $1.00 per page up to a maximum fee of $50.00. Should we deny your request for access to information contained in your designated record set, you have the right to ask for the denial to be reviewed by another healthcare professional designated by Stairway Resource Center.
Amendments to Certain Records: You have the right to request certain amendments to your PHI if, for example, you believe a mistake has been made or a vital piece of information is missing. Stairway Resource Center is not required to make the requested amendments and will inform you in writing of our response to your request.
Accounting of Disclosures: You have the right to receive an accounting of disclosures of your PHI that were made by Stairway Resource Center for a period of six (6) years prior to the date of your written request. This accounting does not include for purposes of treatment, payment, health care operations or certain other excluded purposes, but includes other types of disclosures, including disclosures for public health purposes or in response to a subpoena or court order.
Restrictions: You have the right to request that we agree to restrictions on certain uses and disclosures of your PHI, but we are not required to agree to your request. You cannot place limits on uses and disclosures that we are legally required or allowed to make.
Revoke Authorizations: You have the right to revoke any authorizations you have provided, except to the extent that Stairway Resource Center has already relied upon the prior authorization.
Delivery by Alternate Means or Alternate Address: You have the right to request that we send your PHI by alternate means or to an alternate address.
Complaints & How to contact us: If you believe your privacy rights have been violated, you have the right to file a complaint by contacting Stairway Resource Center at the address and/or phone number indicated below. You also have the right to file a complaint with the Secretary of the United States Department of Health and Human services in Washington, D.C. Stairway Resource Center will not retaliate against you for filing a complaint.
If you believe your privacy rights have been violated, you may make a complaint by contacting Privacy Office, at “email@example.com, (866) 866-0602,(916) 445-4646” or the Secretary for the Department of Health and Human Services. No individual will be retaliated against for filing a complaint.
The U.S.Department of Health and Human Services 200 Independence Avenue, S.W.
Washington, D.C. 20201
Toll Free: 1-877-696-6775
Please be aware that mail sent to the Washington D.C area offices takes an additional 3-4 days to process due to changes in mail handling resulting from the Anthrax crisis of October 2001.
Information Collection and Use
For a better experience, while using our Service, we may require you to provide us with certain personally identifiable information, including but not limited to your name, phone number, and postal address. We are the sole owners of the information collected on the site. The information that we collect will be used to contact or identify you. We never sell your personal information to third parties. We also collect non-personally identifiable information through such devices like analytics, cookies, and log files, which may include, but is not limited to, your IP (internet protocol) address, your ISP (internet service provider), the Web browser you used to visit the Site, the time visited the Site, which Web Pages you visited on the Site, and other anonymous Site usage data.
We may share information with governmental agencies or other companies assisting us in fraud prevention or investigation. Under no circumstances do we rent, trade or share your address or e-mail address with any other company for their marketing purposes without your consent. We may do so when:
(1) permitted or required by law; or
(2) trying to protect against or prevent actual or
potential fraud or unauthorized transactions; or
(3) investigating fraud that has already taken place.
The information is not provided to these companies for marketing purposes. Log Data We want to inform you that whenever you visit our Service, we collect information that your browser sends to us which is called Log Data. This Log Data may include information such as your computer Internet Protocol address, browser version, pages of our Service that you visit, the time and date of your visit, the time spent on those pages, and other statistics.
What personal information do we collect from the people that visit our blog, website or app?
When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, mailing address, phone number, or other details to help you with your experience.
When do we collect information?
We collect information from you when you subscribe to a newsletter, respond to a survey, fill out a form or enter information on our site.
How do we use your information?
We may use the information we collect from you when you register, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
- To personalize user’s experience and to allow us to deliver the type of content and product offerings in which you are most interested.
- To improve our website in order to better serve you.
- To allow us to better service you in responding to your customer service requests.
- To send periodic emails regarding your order or other products and services.
How do we protect visitor information?
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible. We use regular Malware Scanning. We use a SSL certificate on this website.
Do we use ‘cookies’?
- Understand and save user’s preferences for future visits.
- Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies. If you disable cookies off, some features may be disabled and may affect the user’s experience that makes your site experience more efficient and some of our services may not function properly.
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless we provide you with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
We do not include or offer third-party products or services on our website.
California Online Privacy Protection Act
According to CalOPPA we agree to the following:
Users are able to change their personal information:
- By emailing us
- By calling us
How does our site handle do not track signals?
We honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Does our site allow third-party behavioral tracking?
It’s also important to note that we allow third-party behavioral tracking.
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under 13, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under 13.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
- We will notify the users via email within 7 business days
- We will notify the users via in-site notification within 7 business days
We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only those individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
- Send information, respond to inquiries, and/or other requests or questions.
- Market to our mailing list or continue to send emails to our clients after the original transaction has occurred
To be in accordance with CAN-SPAM we agree to the following:
- NOT use false, or misleading subjects or email addresses
- Identify the message as an advertisement in some reasonable way
- Include the physical address of our business or site headquarters
- Monitor third-party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly
- Allow users to unsubscribe by using the link at the bottom of each email
If at any time you would like to unsubscribe from receiving future emails, you can email us at:
- Follow the instructions at the bottom of each email and we will promptly remove you from ALL correspondence.
We may employ third-party companies and individuals due to the following reasons:
- To facilitate our Service;
- To provide the Service on our behalf;
- To perform Service-related services; or
- To assist us in analyzing how our Service is used.
We want to inform our Service users that these third parties have access to your Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.
We value your trust in providing us your Personal Information, thus we are striving to use
commercially acceptable means of protecting it. We take necessary precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.
Wherever we collect sensitive information, that information is encrypted and transmitted to us in a secure way. You can verify this by looking for “https” at the beginning of the address of the web page. While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment. The safety and security of your information also depends on you. We urge you to be careful about giving out information in public areas of the Site like message boards. Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure.
As a result, while we strive to protect your Personally Identifiable Information, you acknowledge that:
(a) there are security and privacy limitations of the Internet which are beyond our control;
(b) the security, integrity, and privacy of any and all information and data exchanged between you and us through this Site cannot be guaranteed; and
(c) any such information and data may be viewed or tampered with in transit by a third party.
Links to Other Sites
Our Services do not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. In the case we discover that a child under 13 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to do the necessary actions.
NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW INFORMATION ABOUT YOU AND YOUR TREATMENT MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This organization is required by law to maintain the privacy and confidentiality of your health
information and to provide you with notice of its legal duties and privacy practices with respect to your health information. Please also respect the privacy of others you encounter in treatment.
Changes to this Notice of Privacy Practices
Complaints Regarding Privacy Practices
Complaints about this Notice of Privacy Practices and/or handling your health information should be directed to: firstname.lastname@example.org
If you are not satisfied with the manner in which this office handles a complaint, you may submit a formal complaint to one of the regional U.S Department of Health and Human Services Offices for Civil Rights. A list of these offices can be found online at: https://www2.ed.gov/about/offices/list/ocr/addresses.html