HIPAA and GPDR Privacy Practices

HIPAA Notice of Privacy Practices


Our commitment to your privacy

Our practice is dedicated to maintaining the privacy of your personal health information as part of providing professional care. We also are required by law to keep your information private. These laws are complicated, but we must give you this important information. This pamphlet is a shorter version of the full, legally required NPP and you will receive a copy of this to read and refer to it for more information. However, we can’t cover all possible situations so please talk to our Privacy Officer (see the end of this pamphlet) about any questions or problems. We will use the information about your health which we get from you or from others mainly to provide you with treatment, to arrange payment for our services, and for some other business activities which are called, in the law, health care operations. After you have read this NPP we will ask you to sign a Consent Form to let us use and share your information. If you do not consent and sign this form, we cannot treat you. If we or you want to use or disclose (send, share, release) your information for any other purposes we will discuss this with you and ask you to sign an Authorization form to allow this. Of course we will keep your health information private but there are some times when the laws require us to use or share it. For example: 1. When there is a serious threat to your health and safety or the health and safety of another individual or the public. We will only share information with a person or organization who is able to help prevent or reduce the threat. 2. Some lawsuits and legal or court proceedings. 3. We have to report suspected child abuse or elder abuse or anything the state of Colorado defines as child abuse or neglect or elder abuse. 4. We have to disclose some information to the government agencies which check on us to see that we are obeying the privacy laws. There are some other situations like these but which don’t happen very often. They are described in the longer version of the NPP. Your rights regarding your health information 1. You can ask us to communicate with you about your health and related issues in a particular way or at a certain place which is more private for you. For example, you can ask us to call you at home, and not at work to schedule or cancel an appointment. We will try our best to do as you ask. 2. You have the right to ask us to limit what we tell people involved in your care or the payment for your care, such as family members and friends. 3. You have the right to look at the health information we have about you such as your medical and billing records. Your records are kept on file for seven years in accordance with state law. You can even get a copy of these records but we may charge you. Contact our Privacy Officer to arrange how to see your records. See below. 4. If you believe the information in your records is incorrect or missing important information, you can ask us to make some kinds of changes (called amending) to your health information. You have to make this request in writing and send it to our Privacy Officer. You must tell us the reasons you want to make the changes. 5. You have the right to a copy of this notice. If we change this NPP we will post the new version in our waiting area and you can always get a copy of the NPP from the Privacy Officer. 6. You have the right to file a complaint if you believe your privacy rights have been violated. You can file a complaint with our Privacy Officer and with the Secretary of the Department of Health and Human Services. All complaints must be in writing. Filing a complaint will not change the health care we provide to you in any way. If you have any questions regarding this notice or our health information privacy policies, please contact our Privacy Officer who is Angela Sasseville, LPC and can be reached by phone at 303-455-3767 or by e-mail at Angela@FlourishCounseling.com. The effective date of this notice is May 7, 2008.

GPDR Privacy Policy

Protecting your private information is our priority.   In keeping with Colorado state laws regarding confidentiality in mental health, Flourish does NOT sell or disclosure the identities of its clients or their personally identifiable information with third parties.  To review the confidentiality laws associated with your services at Flourish, log in to the Client Portal and review the Professional Disclosure Statement you signed.   This Statement of Privacy applies to https://www.flourishcounseling.com and Flourish Counseling & Coaching, LLC and governs data collection and usage. For the purposes of this Privacy Policy, unless otherwise noted, all references to Flourish Counseling and Coaching, LLC include https://www.flourishcounseling.com, and the Flourish enewsletter.  The Flourish Counseling and Coaching, LLC website is for psychotherapy and life coaching services. By using the Flourish Counseling and Coaching, LLC website, you consent to the data practices described in this statement.   Collection of your Personal Information In order to better provide you with products and services offered on our Site, Flourish Counseling and Coaching, LLC may collect personally identifiable information, such as your: ·       First and Last Name ·       E-mail Address ·       Phone Number ·       IP Address ·       Your Relationship Status ·       Any personal message entered into the “Subject”, “Message”, or “Comments” fields. ·       Location, device type, browser type   Please keep in mind that if you directly disclose personally identifiable information or personally sensitive data through Flourish Counseling and Coaching, LLC’s public message boards, this information may be collected and used by others.   We do not collect any personal information about you unless you voluntarily provide it to us. However, you may be required to provide certain personal information to us when you elect to use services available on www.flourishcounseling.com.   These may include: (a) registering for an account; (b) signing up for special offers from our affiliates; (c) sending us an email message; (d) submitting your credit card or other payment information when ordering and purchasing products and services on www.flourishcounseling.com. To wit, we will use your information for, but not limited to, communicating with you in relation to services and/or products you have requested from us. We also may gather additional personal or non-personal information in the future.   Use of your Personal Information Flourish Counseling and Coaching, LLC collects and uses your personal information to operate its website(s) and deliver the services you have requested.  Flourish Counseling and Coaching, LLC may also use your personally identifiable information to inform you of other products or services available from Flourish Counseling and Coaching, LLC and its affiliates.   Personal Data collected for the following purposes and using the following services:   Analytics: Google Analytics. Personal Data: Cookies and Usage Data.   Managing contacts and sending messages: MailChimp. Personal Data: email address, first name and last name   Interaction with data collection platforms.   Interaction with website comments and likes: WordPress.com and Disqus. Personal Data: WordPress.com/Disqus user ID, IP address, user agent, timestamp of event, blog ID, browser language, country code, and device info.   Contact information for Owner and Data Controller Flourish Counseling and Coaching, LLC, 3339 W. 38th Ave, Denver, CO 80211 Owner contact email: Angela@FlourishCounseling.com. You may check your data, verify, update or correct it, and you may request to have all data removed. If you created an account on our website to comment through WordPress.com or Disqus, you can access and change your online account profile yourself. You may also ask to review any information that we have retained, how we have used it, and to whom we have disclosed this information to by using the contact details listed above or located at the end of the Privacy Policy.   Sharing Information with Third Parties   Flourish Counseling and Coaching, LLC does NOT sell, rent or lease its customer lists to third parties.  Flourish may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you.  Flourish may share data with trusted partners to help perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to Flourish Counseling and Coaching, LLC, and they are required to maintain the confidentiality of your information.   Flourish Counseling and Coaching, LLC may disclose your personal information, without notice, ONLY IF required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on Flourish Counseling and Coaching, LLC or the site; (b) protect and defend the rights or property of Flourish Counseling and Coaching, LLC; and/or (c) act under exigent circumstances to protect the personal safety of users of Flourish Counseling and Coaching, LLC, or the public.   Tracking User Behavior Flourish Counseling and Coaching, LLC may keep track of the websites and pages our users visit within www.flourishcounseling.com in order to determine what services are the most popular. This data is used to deliver customized content and advertising within Flourish customers whose behavior indicates that they are interested in a particular subject area. The following data may be collected while you are on Flourish Counseling and Coaching, LLC website:   Activity Log: This feature only records activities of a site’s registered users, and the retention duration of activity data will depend on the site’s plan and activity type.   Data Used: To deliver this functionality and record activities around site management, the following information is captured: user email address, user role, user login, user display name, WordPress.com and local user IDs, the activity to be recorded, the WordPress.com-connected site ID of the site on which the activity takes place, the site’s Jetpack version, and the timestamp of the activity. Some activities may also include the actor’s IP address (login attempts, for example) and user agent.   Activity Tracked: Login attempts/actions, post and page update and publish actions, comment/pingback submission and management actions, plugin and theme management actions, widget updates, user management actions, and the modification of other various site settings and options. Retention duration of activity data depends on the site’s plan and activity type. See the complete list of currently-recorded activities (along with retention information).   Data Synced: Successful and failed login attempts, which will include the actor’s IP address and user agent.   Comments and Likes: This feature is only accessible to users logged in to WordPress.com or Disqus.   Data Used: In order to process a comment, the following information is used: WordPress.com user ID/username (you must be logged in to use this feature) or Disqus user ID/username, the local site-specific user ID (if the user is signed in to the site on which the like occurred), and a true/false data point that tells us if the user liked a specific comment. If you perform a like action from one of our mobile apps, some additional information is used to track the activity: IP address, user agent, timestamp of event, blog ID, browser language, country code, and device info. Activity Tracked: Comment likes. Contact Form Data Used: Akismet is enabled on the site, so the contact form submission data — IP address, user agent, name, email address, website, and message — is submitted to the Akismet service (also owned by Automattic) for the sole purpose of spam checking. The actual submission data is stored in the database of the site on which it was submitted and is emailed directly to the owner of the form (i.e. the site author who published the page on which the contact form resides). This email will include the submitter’s IP address, timestamp, name, email address, website, and message.   Data Synced: Post and post meta data associated with a user’s contact form submission. If Akismet is enabled on the site, the IP address and user agent originally submitted with the comment are synced, as well, as they are stored in post meta.   Google Analytics Data Used: Please refer to the appropriate Google Analytics documentation for the specific type of data it collects. For sites running WooCommerce (also owned by Automattic) and this feature simultaneously and having all purchase tracking explicitly enabled, purchase events will send Google Analytics the following information: order number, product id and name, product category, total cost, and quantity of items purchased. Google Analytics does offer IP anonymization, which can be enabled by the site owner.   Activity Tracked: This feature sends page view events (and potentially video play events) over to Google Analytics for consumption. For sites running WooCommerce-powered stores, some additional events are also sent to Google Analytics: shopping cart additions and removals, product listing views and clicks, product detail views, and purchases. Tracking for each specific WooCommerce event needs to be enabled by the site owner.   Gravatar Hovercards Data Used: This feature will send a hash of the user’s email address (if logged in to the site or WordPress.com — or if they submitted a comment on the site using their email address that is attached to an active Gravatar profile) to the Gravatar service (also owned by Automattic) in order to retrieve their profile image.   Notifications This feature is only accessible to registered users of the site who are logged in to WordPress.com and have subscribed to RSS blog updates. Data Used: IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID and URL, Jetpack version, user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Some visitor-related information or activity may be sent to the site owner via this feature. This may include: email address, WordPress.com username, site URL, email address, comment content, follow actions, etc. Activity Tracked: Sending notifications (i.e. when we send a notification to a particular user), opening notifications (i.e. when a user opens a notification that they receive), performing an action from within the notification panel (e.g. liking a comment or marking a comment as spam), and clicking on any link from within the notification panel/interface.   Data Used: In order to check login activity and potentially block fraudulent attempts, the following information is used: attempting user’s IP address, attempting user’s email address/username (i.e. according to the value they were attempting to use during the login process), and all IP-related HTTP headers attached to the attempting user. Activity Tracked: Failed login attempts (these include IP address and user agent).   Data Synced: Failed login attempts, which contain the user’s IP address, attempted username or email address, and user agent information.   WordPress.com Stats Data Used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Important: The site owner does not have access to any of this information via this feature. For example, a site owner can see that a specific post has 285 views, but he/she cannot see which specific users/accounts viewed that post. Stats logs — containing visitor IP addresses and WordPress.com usernames (if available) — are retained by Automattic for 28 days and are used for the sole purpose of powering this feature. Activity Tracked: Post and page views, video plays (if videos are hosted by WordPress.com), outbound link clicks, referring URLs and search engine terms, and country. When this module is enabled, Jetpack also tracks performance on each page load that includes the Javascript file used for tracking stats. This is exclusively for aggregate performance tracking across Jetpack sites in order to make sure that our plugin and code is not causing performance issues. This includes the tracking of page load times and resource loading duration (image files, Javascript files, CSS files, etc.). The site owner has the ability to force this feature to honor DNT settings of visitors. By default, DNT is currently not honored.   WordPress.com Toolbar This feature is only accessible to registered users of the site who are also logged in to WordPress.com. Data Used: Gravatar image URL of the logged-in user in order to display it in the toolbar and the WordPress.com user ID of the logged-in user. Additionally, for activity tracking (detailed below): IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID and URL, Jetpack version, user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Activity Tracked: Click actions within the toolbar. Types of Data collected: Among the types of Personal Data that this Application collects, by itself or through third parties, there are: Cookies, Usage Data, email address, first name, last name and phone number.   Automatically Collected Information Information about your computer hardware and software may be automatically collected by Flourish Counseling and Coaching, LLC. This information can include: your IP address, browser type, domain names, access times and referring website addresses. This information is used for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of the Flourish website.   Links   This website contains links to other sites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of any other site that collects personally identifiable information.   Security of your Personal Information   Flourish Counseling and Coaching, LLC secures your personal information from unauthorized access, use, or disclosure. Flourish Counseling and Coaching, LLC uses the following methods for this purpose: ·       SSL Protocol ·       GlobalSign When personal information (such as a credit card number) is transmitted to other websites, it is protected through the use of encryption, such as the Secure Sockets Layer (SSL) protocol. We strive to take appropriate security measures to protect against unauthorized access to or alteration of your personal information. Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, you acknowledge that: (a) there are security and privacy limitations inherent to the Internet which are beyond our control; and (b) security, integrity, and privacy of any and all information and data exchanged between you and us through this Site cannot be guaranteed.   Children Under Thirteen   Flourish Counseling and Coaching, LLC does not knowingly collect personally identifiable information from children under the age of thirteen. If you are under the age of thirteen, you must ask your parent or guardian for permission to use this website.   Disconnecting your Flourish Counseling and Coaching, LLC Account from Third Party Websites   You will be able to connect your Flourish Counseling and Coaching, LLC account to third party accounts. BY CONNECTING YOUR SUBLIME CREATIONS, LLC ACCOUNT TO YOUR THIRD PARTY ACCOUNT, YOU ACKNOWLEDGE AND AGREE THAT YOU ARE CONSENTING TO THE CONTINUOUS RELEASE OF INFORMATION ABOUT YOU TO OTHERS (IN ACCORDANCE WITH YOUR PRIVACY SETTINGS ON THOSE THIRD PARTY SITES). IF YOU DO NOT WANT INFORMATION ABOUT YOU, INCLUDING PERSONALLY IDENTIFYING INFORMATION, TO BE SHARED IN THIS MANNER, DO NOT USE THIS FEATURE. You may disconnect your account from a third party account at any time.   Opt-Out & Unsubscribe from Third Party Communications   We respect your privacy and give you an opportunity to opt-out of receiving announcements of certain information. Users may opt-out of receiving any or all communications from Flourish Counseling and Coaching, LLC by contacting us here: ·       Email: Admin@FlourishCounseling.com ·       Phone: (303) 455-3767, x5 E-mail Communications From time to time, Flourish Counseling and Coaching, LLC may contact you via email for the purpose of providing announcements, promotional offers, information and tools, and/or other general communication. If you would like to stop receiving marketing or promotional communications via email from Flourish Counseling and Coaching, LLC, you may opt-out of such communications by sending an email to Admin@FlourishCounseling.com with the subject line of “Unsubscribe”. External Data Storage Sites We may store your data on servers provided by third party hosting vendors with whom we have contracted. Changes to this Statement Flourish Counseling and Coaching, LLC reserves the right to change this Privacy Policy from time to time. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address specified in your account, by placing a prominent notice on our site, and/or by updating any privacy information on this page. Your continued use of the Site and/or Services available through this Site after such modifications will constitute your: (a) acknowledgment of the modified Privacy Policy; and (b) agreement to abide and be bound by that Policy. Contact Information Flourish Counseling and Coaching, LLC welcomes your questions or comments regarding this Statement of Privacy. If you believe that Flourish, LLC has not adhered to this Statement, please contact Flourish Counseling and Coaching, LLC at: Flourish Counseling and Coaching, LLC 3339 W. 38th Ave, Denver, CO 80211 Email Address: Angela@FlourishCounseling.com Telephone number: (303) 455-3767, x1 Effective as of June 1, 2018