Privacy Policy

At Flournoy Health Systems, we protect your personal and medical information with the highest standards of security and confidentiality. Learn how we safeguard your privacy every day.

Effectivity October 2023

Flournoy Health Systems, Inc. and its subsidiaries and affiliates (collectively “Flournoy Health Systems”, “Company” or “We”) respect your privacy and are committed to protecting it through our compliance with this website privacy policy (“Privacy Policy”). This Privacy Policy describes the types of information that we may collect from you or that you may provide when you visit our websites, and our practices for collecting, using, maintaining, protecting, and disclosing that information. This Privacy Policy is subject to our Terms of Use, which is available via a link at the bottom of the home pages of our websites. This Privacy Policy also provides information about your rights and how you can contact us to exercise those rights or ask questions about the manner in which we have handled your information.

Please read our privacy policy carefully before you start using our website.

By visiting www.flournoyhealthsystems.org and other websites on which these Terms of Use reside or are linked that are operated by Flournoy Health Systems (the “Websites”), you are consenting to our collection, use, and disclosure of your information as described in this Privacy Policy. From time to time, we may modify this Privacy Policy in our sole discretion by posting a revised policy on the Websites. We may post a notice on the homepage of our Websites to notify visitors of any material change to this Privacy Policy. You are expected to check this page each time you visit the Websites, so you are aware of any changes, as they are binding on you.

Sources of The Information We Collect

Information to Which This Privacy Policy Applies

This Privacy Policy applies to the following information that we collect:

  1. On our Websites;
  2. In email messages between you and the Websites; and
  3. Through cookies included on the Websites.

Information to which this Privacy Policy Does Not Apply

This Privacy Policy does not apply to information otherwise collected by the Company; or by any third party, including through any application or content (including advertising) that may link to or be accessible from the Websites.

Types of Information We May Collect; How We Collect Information; and How We Respond to “Do Not Track” Signals

Types of Information We Collect

We collect several types of information from and about users of our Websites, including information:

  1. By which you may be personally identified, such as your name, email address, postal address, telephone number, and any other information which you submit voluntarily to us (“Personally Identifiable Information” or “PII”). You may decide whether or not to provide us with PII, but if you choose not to do so, you may not get full functionality from the Websites.
  2. About your Internet connection, the equipment you use to access our Websites and usage details (g., language), and browsing history, such as your navigation within the Websites and which portion(s) of the Websites you used the most.

How We Collect Information

We collect this information in the following ways:

  1. Directly from you when you voluntarily provide it to us; and
  2. Automatically when you navigate through the Websites (g., information collected through cookies).

Information That You Provide Voluntarily

We may collect PII information which you submit voluntarily to us. We collect this information directly from you when you provide it to us, such as, for example, when you provide the information:

  1. On the Websites contact form.
  2. When you subscribe to a newsletter on the Websites.
  3. When you otherwise submit it to us, such as when you send us your resume.
  4. We may also ask you for information when you report a problem on our Websites.

Collection of Location Information; Protected Health Information.

We may collect information about your location when you access or use our website or services. When you use our website in connection with health care services, treatment, payment, or health plan operations, your location information may constitute protected health information (“PHI”) or electronic protected health information (“ePHI”) subject to the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (collectively, “HIPAA”). This clause describes our collection, use, and disclosure of location information that may be PHI.

  1. Types of Location Information. We may collect:
    1. Approximate Location. We may derive your approximate location from your IP address, which provides general information about your city, state, or region.
    2. Precise Location. Only with your express authorization, we may collect precise location data from GPS, wireless networks, cell towers, Bluetooth signals, or other location-enabled services on your device.
  2. Collection Methods. Location information may be collected through:
    1. IP address analysis when you visit our website.
    2. Device settings and sensors, including GPS functionality, only if enabled and expressly authorized by you.
    3. Wi-Fi access points and cellular network information detected by your device, with your permission.
    4. Information you provide directly, such as entering a location in a search field or form.
  3. Permitted Uses and Disclosures. We will use and disclose location information that is PHI only as permitted or required by HIPAA, including:
    1. Treatment. To provide, coordinate, or manage your health care and related services, including referrals and consultations.
    2. Payment. To obtain payment or reimbursement for health care services provided to you, including eligibility verification and claims processing.
    3. Health Care Operations. To support our business functions such as quality assessment, care coordination, case management, population health management, fraud and abuse detection and compliance, and business planning and development.
    4. Required by Law. When we are required by federal, state, or local law to disclose location information.
    5. Authorized by You. For purposes you specifically authorize in writing, including any uses or disclosures described in a separate written authorization you provide.
    6. Other HIPAA-Permitted Purposes. For public health activities, health oversight, judicial and administrative proceedings, law enforcement purposes, research (with appropriate authorizations or waivers), to avert serious threats to health or safety, and other purposes permitted under 45 C.F.R. §§ 164.510, 164.512.
  4. Minimum Necessary Standard. Except where otherwise required by law or for treatment purposes, we will limit the collection, use, and disclosure of location information to the minimum necessary to accomplish the intended purpose.
  5. No Sale of PHI; Marketing Restrictions. We will not sell your location information if it constitutes PHI. We will not use or disclose location information that is PHI for marketing purposes without your prior written authorization, except as permitted by HIPAA for refill reminders or communications about health-related products or services we currently provide.
  6. Safeguards. We implement administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of location information that is ePHI, in compliance with the HIPAA Security Rule (45 C.F.R. Part 164, Subpart C). These safeguards include encryption, access controls, audit logs, and secure transmission protocols.
  7. Business Associates and Service Providers. We may disclose location information that is PHI to our business associates and service providers who perform functions on our behalf or assist us in providing services to you. All such business associates are required to enter into written agreements obligating them to safeguard your PHI and use or disclose it only as permitted by HIPAA and the business associate agreement.
  8. User Permissions and Controls.
    1. Authorization for Precise Location. We will collect precise location data (GPS or similar sensor-based location) only after obtaining your express written authorization that complies with HIPAA requirements (45 C.F.R. § 164.508) when such information is PHI and the collection is for a purpose requiring authorization.
    2. Device-Level Controls. You may enable or disable location services through your device’s settings. Disabling location services will prevent collection of precise location data from GPS and similar sensors.
    3. Browser Settings. Most web browsers allow you to control location permissions. You may accept or deny location access requests when prompted.
    4. Right to Revoke Authorization. If you have provided written authorization for use or disclosure of location information, you may revoke that authorization at any time by submitting a written revocation to compliance@flournoyhealthsystems.org. Revocation will not affect uses or disclosures we made in reliance on your authorization before we received your revocation.
    5. Impact of Declining Location Services. If you decline to permit location data collection, certain features or functionality of our website or services that depend on location information may not be available or may be limited. We will not condition treatment, payment, enrollment, or eligibility for benefits on your provision of an authorization for use or disclosure of location information, except in limited circumstances permitted by HIPAA.
  9. Notice of Privacy Practices. This clause supplements our Notice of Privacy Practices, which provides additional detail about how we collect, use, and disclose PHI, and describes your rights under HIPAA. You may review our current Notice of Privacy Practices at [WEBSITE URL] or request a paper copy by contacting compliance@flournoyhealthsystems.org.
  10. Retention. We retain location information only as long as necessary to fulfill the purposes described in this clause and our Notice of Privacy Practices, or as required by law. Our retention practices comply with HIPAA’s requirements and Georgia law governing medical records retention.
  11. Breach Notification. In the event of a breach of unsecured location information that is PHI, we will provide notice to you and, where required, to the Secretary of the U.S. Department of Health and Human Services and the media, in accordance with the HIPAA Breach Notification Rule (45 C.F.R. Part 164, Subpart D).
  12. Your HIPAA Rights. You have rights under HIPAA with respect to location information that is PHI, including the right to access, amend, receive an accounting of disclosures, request restrictions, request confidential communications, and file a complaint. These rights are described in detail in our Notice of Privacy Practices.

Non-Personally Identifiable Information Collected Automatically

We use cookies to collect and provide to Google Analytics and WordPress certain anonymized information about your equipment, browsing actions, and patterns, when you navigate through and interact with our Websites, including, for example, the following types of non-personally identifiable information:

  1. Details regarding your visit(s) to the Websites (g., pages visited),
  2. Browser information (g., browser name, viewport, or viewing pane); and
  3. User information (g., language).

For information regarding how Google uses data when you use our site, see www.google.com/policies/privacy/partners.

By utilizing this website, you consent to the use of such automatic data collection techniques (e.g., browser cookies). Browser cookies are small files placed on the hard drive of your computer. You can set your browser to refuse all or some browser cookies or to alert you when cookies are being sent. Please note that if you turn cookies off, some of the features that make your site experience more efficient may not function properly.

How We Respond to “Do Not Track” Signals

We do not track our visitors over time and across third-party websites. As a result, we do not respond to Do Not Track signals.

How We Use and/or Disclose Information that We Collect

We do not sell visitors’ PII. We may use and/or disclose PII we collect about you as follows:

  1. To present the Websites and its contents to you;
  2. To provide you with information, products, and/or services that you request from us. For example, if you complete and submit the Contact Us form for information about a particular service, we will use the information you submit to provide you with that information. Examples may include:
    1. Treatment: We may use your information to provide you with patient care and/or other health-related services.
    2. Operations: We may use your information to run our agency, improve your care, and/or contact you, when necessary.
    3. Payment: We use your information to bill and receive payment from health plans and other entities.
    4. Only aggregated, anonymized data is periodically transmitted to external services providers to help us improve the Websites, related applications, and our service. Our service providers who work on our behalf, do not have independent use of the information we disclose to them, and have agreed to comply with this Privacy Policy.
  3. To fulfill any other purpose for which you provide PII.
  4. To our contractors and/or vendors, but only for the reason(s) for which you submitted the information to our Websites. These contractors and/or vendors are bound by contractual obligations to keep PII confidential and only use it for the purpose for which we disclose it to them.
  5. To carry out our obligations and enforce our rights arising from any contracts entered into between you and us.
  6. To enforce or apply our Websites Terms of Use.
  7. To comply with any court order, law, legal process, to respond to any government or regulatory request, and/or to protect or defend our interests or the interests of users of our Websites.
  8. If we believe that disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our customers, or others.
  9. To a buyer or other successor in the event of a material change in ownership.
  10. In any other way we may describe when you provide the information.
  11. For any other purpose with your consent.

Data Security and Retention

We have implemented physical, technical, and administrative safeguards to protect the security of the PII that you submit to us through our Websites from accidental loss and unauthorized access, use, alteration, and disclosure. We will only retain PII for the length of time necessary to fulfill the purpose for which the PII was submitted or longer if required by law.

The security of the information we collect about you also depends on you. For example, you are responsible for keeping any passwords related to all of the Websites confidential. The transmission of information via the Internet is not completely secure. We cannot guarantee the security of your PII when it is being transmitted to the Websites. Any information which you transmit to the Websites is at your own risk. We are not responsible for the circumvention of any privacy setting or security measures contained on the Websites.

Children Under the Age of 13

These Websites are not intended for children under 13 years of age. No one under age of 13 may provide any personal information on the Websites. We do not knowingly collect personal information from children under 13 years of age. If you are under 13 years of age, do not use or provide any information on the Websites or on or through any of the features on the Websites or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or username. If we learn that we have collected or received personal information from a child less than 13 years of age without verification of parental consent, we will delete that information. If you believe that we might have any information from or about a child less than 13 years of age, please contact our Compliance department as follows:

Compliance Department
Flournoy Health Systems, Inc.
50 Hurt Plaza, Suite 1650
Atlanta, GA 30303
compliance@flournoyhealthsystems.com
(478) 607-2035

Links to Third-Party Websites

Occasionally, at our discretion, we may include links to third-party sites on our Websites. In addition, third-party websites may link to our Websites. This Privacy Policy does not apply to the privacy practices of any third-party website that may be linked to our Websites. Please be advised that the privacy policies of websites that link to our Websites would apply to your activity on any such third-party websites. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. We seek to protect the integrity of our site and welcome any feedback about the third-party website links included on our Websites. You may provide such feedback via the Contact Us link on the homepages of our Websites.

SMS Marketing Policy

We will not share your opt-in to an SMS campaign with any third party for purposes unrelated to providing you with the services of that campaign. We may share your Personal Data, including your SMS opt-in or consent status, with third parties that help us provide our messaging services, including but not limited to platform providers, phone companies, and any other vendors who assist us in the delivery of text messages. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Health Insurance Portability and Accountability Act (“hipaa)

To the extent that any of the information we collect on our Websites constitutes Protected Health Information (“PHI”) under HIPAA, we will comply with the requirements of HIPAA and its implementing regulations.

Questions, Comments, Concerns, or Complaints

If you have any questions, comments, or complaints regarding the Company’s Privacy Policy, or would like to request access to, correction of, or deletion of any PII that you have provided to us, please contact us as follows. We may not accommodate a request to change or delete information if we believe the change or deletion would violate any law or legal requirement or cause the information to be incorrect.

Compliance Department
Flournoy Health Systems, Inc.
50 Hurt Plaza, Suite 1650
Atlanta, GA 30303
compliance@flournoyhealthsystems.com
(478) 607-2035

Table of Contents

Get in Touch

Media, Speaking Inquiries & Interview Requests