Privacy Policy
Effectivity October 2023
Please read our privacy policy carefully before you start using our website.
By visiting www.flournoyhealthsystems.org and other websites on which these Terms of Use reside or are linked that are operated by Flournoy Health Systems (the “Websites”), you are consenting to our collection, use, and disclosure of your information as described in this Privacy Policy. From time to time, we may modify this Privacy Policy in our sole discretion by posting a revised policy on the Websites. We may post a notice on the homepage of our Websites to notify visitors of any material change to this Privacy Policy. You are expected to check this page each time you visit the Websites, so you are aware of any changes, as they are binding on you.
Sources of The Information We Collect
Information to Which This Privacy Policy Applies
This Privacy Policy applies to the following information that we collect:
- On our Websites;
- In email messages between you and the Websites; and
- Through cookies included on the Websites.
Information to which this Privacy Policy Does Not Apply
Types of Information We May Collect; How We Collect Information; and How We Respond to “Do Not Track” Signals
Types of Information We Collect
We collect several types of information from and about users of our Websites, including information:
- By which you may be personally identified, such as your name, email address, postal address, telephone number, and any other information which you submit voluntarily to us (“Personally Identifiable Information” or “PII”). You may decide whether or not to provide us with PII, but if you choose not to do so, you may not get full functionality from the Websites.
- About your Internet connection, the equipment you use to access our Websites and usage details (g., language), and browsing history, such as your navigation within the Websites and which portion(s) of the Websites you used the most.
How We Collect Information
We collect this information in the following ways:
- Directly from you when you voluntarily provide it to us; and
- Automatically when you navigate through the Websites (g., information collected through cookies).
Information That You Provide Voluntarily
We may collect PII information which you submit voluntarily to us. We collect this information directly from you when you provide it to us, such as, for example, when you provide the information:
- On the Websites contact form.
- When you subscribe to a newsletter on the Websites.
- When you otherwise submit it to us, such as when you send us your resume.
- We may also ask you for information when you report a problem on our Websites.
Collection of Location Information; Protected Health Information.
We may collect information about your location when you access or use our website or services. When you use our website in connection with health care services, treatment, payment, or health plan operations, your location information may constitute protected health information (“PHI”) or electronic protected health information (“ePHI”) subject to the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (collectively, “HIPAA”). This clause describes our collection, use, and disclosure of location information that may be PHI.
- Types of Location Information. We may collect:
- Approximate Location. We may derive your approximate location from your IP address, which provides general information about your city, state, or region.
- Precise Location. Only with your express authorization, we may collect precise location data from GPS, wireless networks, cell towers, Bluetooth signals, or other location-enabled services on your device.
- Collection Methods. Location information may be collected through:
- IP address analysis when you visit our website.
- Device settings and sensors, including GPS functionality, only if enabled and expressly authorized by you.
- Wi-Fi access points and cellular network information detected by your device, with your permission.
- Information you provide directly, such as entering a location in a search field or form.
- Permitted Uses and Disclosures. We will use and disclose location information that is PHI only as permitted or required by HIPAA, including:
- Treatment. To provide, coordinate, or manage your health care and related services, including referrals and consultations.
- Payment. To obtain payment or reimbursement for health care services provided to you, including eligibility verification and claims processing.
- Health Care Operations. To support our business functions such as quality assessment, care coordination, case management, population health management, fraud and abuse detection and compliance, and business planning and development.
- Required by Law. When we are required by federal, state, or local law to disclose location information.
- Authorized by You. For purposes you specifically authorize in writing, including any uses or disclosures described in a separate written authorization you provide.
- Other HIPAA-Permitted Purposes. For public health activities, health oversight, judicial and administrative proceedings, law enforcement purposes, research (with appropriate authorizations or waivers), to avert serious threats to health or safety, and other purposes permitted under 45 C.F.R. §§ 164.510, 164.512.
- Minimum Necessary Standard. Except where otherwise required by law or for treatment purposes, we will limit the collection, use, and disclosure of location information to the minimum necessary to accomplish the intended purpose.
- No Sale of PHI; Marketing Restrictions. We will not sell your location information if it constitutes PHI. We will not use or disclose location information that is PHI for marketing purposes without your prior written authorization, except as permitted by HIPAA for refill reminders or communications about health-related products or services we currently provide.
- Safeguards. We implement administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of location information that is ePHI, in compliance with the HIPAA Security Rule (45 C.F.R. Part 164, Subpart C). These safeguards include encryption, access controls, audit logs, and secure transmission protocols.
- Business Associates and Service Providers. We may disclose location information that is PHI to our business associates and service providers who perform functions on our behalf or assist us in providing services to you. All such business associates are required to enter into written agreements obligating them to safeguard your PHI and use or disclose it only as permitted by HIPAA and the business associate agreement.
- User Permissions and Controls.
- Authorization for Precise Location. We will collect precise location data (GPS or similar sensor-based location) only after obtaining your express written authorization that complies with HIPAA requirements (45 C.F.R. § 164.508) when such information is PHI and the collection is for a purpose requiring authorization.
- Device-Level Controls. You may enable or disable location services through your device’s settings. Disabling location services will prevent collection of precise location data from GPS and similar sensors.
- Browser Settings. Most web browsers allow you to control location permissions. You may accept or deny location access requests when prompted.
- Right to Revoke Authorization. If you have provided written authorization for use or disclosure of location information, you may revoke that authorization at any time by submitting a written revocation to compliance@flournoyhealthsystems.org. Revocation will not affect uses or disclosures we made in reliance on your authorization before we received your revocation.
- Impact of Declining Location Services. If you decline to permit location data collection, certain features or functionality of our website or services that depend on location information may not be available or may be limited. We will not condition treatment, payment, enrollment, or eligibility for benefits on your provision of an authorization for use or disclosure of location information, except in limited circumstances permitted by HIPAA.
- Notice of Privacy Practices. This clause supplements our Notice of Privacy Practices, which provides additional detail about how we collect, use, and disclose PHI, and describes your rights under HIPAA. You may review our current Notice of Privacy Practices at [WEBSITE URL] or request a paper copy by contacting compliance@flournoyhealthsystems.org.
- Retention. We retain location information only as long as necessary to fulfill the purposes described in this clause and our Notice of Privacy Practices, or as required by law. Our retention practices comply with HIPAA’s requirements and Georgia law governing medical records retention.
- Breach Notification. In the event of a breach of unsecured location information that is PHI, we will provide notice to you and, where required, to the Secretary of the U.S. Department of Health and Human Services and the media, in accordance with the HIPAA Breach Notification Rule (45 C.F.R. Part 164, Subpart D).
- Your HIPAA Rights. You have rights under HIPAA with respect to location information that is PHI, including the right to access, amend, receive an accounting of disclosures, request restrictions, request confidential communications, and file a complaint. These rights are described in detail in our Notice of Privacy Practices.
Non-Personally Identifiable Information Collected Automatically
We use cookies to collect and provide to Google Analytics and WordPress certain anonymized information about your equipment, browsing actions, and patterns, when you navigate through and interact with our Websites, including, for example, the following types of non-personally identifiable information:
- Details regarding your visit(s) to the Websites (g., pages visited),
- Browser information (g., browser name, viewport, or viewing pane); and
- User information (g., language).
For information regarding how Google uses data when you use our site, see www.google.com/policies/privacy/partners.
By utilizing this website, you consent to the use of such automatic data collection techniques (e.g., browser cookies). Browser cookies are small files placed on the hard drive of your computer. You can set your browser to refuse all or some browser cookies or to alert you when cookies are being sent. Please note that if you turn cookies off, some of the features that make your site experience more efficient may not function properly.
How We Respond to “Do Not Track” Signals
How We Use and/or Disclose Information that We Collect
We do not sell visitors’ PII. We may use and/or disclose PII we collect about you as follows:
- To present the Websites and its contents to you;
- To provide you with information, products, and/or services that you request from us. For example, if you complete and submit the Contact Us form for information about a particular service, we will use the information you submit to provide you with that information. Examples may include:
- Treatment: We may use your information to provide you with patient care and/or other health-related services.
- Operations: We may use your information to run our agency, improve your care, and/or contact you, when necessary.
- Payment: We use your information to bill and receive payment from health plans and other entities.
- Only aggregated, anonymized data is periodically transmitted to external services providers to help us improve the Websites, related applications, and our service. Our service providers who work on our behalf, do not have independent use of the information we disclose to them, and have agreed to comply with this Privacy Policy.
- To fulfill any other purpose for which you provide PII.
- To our contractors and/or vendors, but only for the reason(s) for which you submitted the information to our Websites. These contractors and/or vendors are bound by contractual obligations to keep PII confidential and only use it for the purpose for which we disclose it to them.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us.
- To enforce or apply our Websites Terms of Use.
- To comply with any court order, law, legal process, to respond to any government or regulatory request, and/or to protect or defend our interests or the interests of users of our Websites.
- If we believe that disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our customers, or others.
- To a buyer or other successor in the event of a material change in ownership.
- In any other way we may describe when you provide the information.
- For any other purpose with your consent.
Data Security and Retention
We have implemented physical, technical, and administrative safeguards to protect the security of the PII that you submit to us through our Websites from accidental loss and unauthorized access, use, alteration, and disclosure. We will only retain PII for the length of time necessary to fulfill the purpose for which the PII was submitted or longer if required by law.
The security of the information we collect about you also depends on you. For example, you are responsible for keeping any passwords related to all of the Websites confidential. The transmission of information via the Internet is not completely secure. We cannot guarantee the security of your PII when it is being transmitted to the Websites. Any information which you transmit to the Websites is at your own risk. We are not responsible for the circumvention of any privacy setting or security measures contained on the Websites.
Children Under the Age of 13
Compliance Department
Flournoy Health Systems, Inc.
50 Hurt Plaza, Suite 1650
Atlanta, GA 30303
compliance@flournoyhealthsystems.com
(478) 607-2035
Links to Third-Party Websites
SMS Marketing Policy
Health Insurance Portability and Accountability Act (“hipaa)
Questions, Comments, Concerns, or Complaints
Compliance Department
Flournoy Health Systems, Inc.
50 Hurt Plaza, Suite 1650
Atlanta, GA 30303
compliance@flournoyhealthsystems.com
(478) 607-2035