Privacy Policy: Protecting Your Information
This privacy policy & practices page also serves to inform individuals how their protected health information’ (PHI) is used and shared by Forward Health. We protect the privacy and security of your substance use disorder patient records in accordance with 42 U.S.C. § 290dd–2 and 42 C.F.R. Part 2, the Confidentiality of Substance Use Disorder Patient Records (“Part 2”), in addition to HIPAA and applicable state law. This Notice of Privacy Practices outlines our legal duties and privacy practices with respect to health information. We are required by law to provide you with a copy of this Notice and to notify you following a breach of your unsecured health information.
You have the right to file a complaint if you believe your privacy rights have been violated. If you would like to file a complaint about our privacy practices, you can do so by sending a letter outlining your concerns to: Forward Health , Attn: Compliance, 6020 Groveport Road, Groveport, OH 43125 or by asking to speak to our compliance officer by calling 614-567-6274. You also have the right to complain to the Secretary of the United States Department of Health and Human Services, the United States Attorney for the judicial district in which the violation occurs, and the Substance Abuse and Mental Health Services Administration (SAMHSA) office responsible for opioid treatment program oversight. You will not be penalized or otherwise retaliated against for filing a complaint.
PII Privacy Policy
What Personal Information Do We Collect From The People That Visit Our
Website?
When registering or filling out a form on our site, you may be asked to enter your name, email address, phone number, subject matter, or other details to help you with your experience. We collect this information to create a better and more personalized visitor experience and also so that we can help you get the most from our website and our services.
When Do We Collect Information?
We collect information from you when you register on our site, subscribe to a newsletter, fill out a form, or enter information on our site. We do not collect any information outside of your voluntary disclosure using our website forms, phone service, or email.
How Do We Use Your Information?
We may use the information we collect from you when you register, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
- To administer a contest, promotion, survey, or other site feature.
- To send periodic emails regarding your order or other products and services.
- To follow up with them after correspondence (email or phone inquiries).
How Do We Protect Your Information?
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.
We use regular Malware Scanning.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/insurance information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information.
All transactions are processed through a gateway provider and are not stored or processed on our servers.
Do We Use ‘Cookies’?
We do use cookies with Google Analytics and Dynamic Number Insertion.
Third-Party Disclosure
We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information.
Third-Party Links
We do not include or offer third-party products or services on our website.
Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en
Google, as a third-party vendor, uses cookies to serve ads on our site. Google’s use of the DART cookie enables it to serve ads to our users based on previous visits to our site and other sites on the Internet. Users may opt-out of the use of the DART cookie by visiting the Google Ad and Content Network privacy policy.
We have implemented the following:
Google Display Network Impression Reporting
We, along with third-party vendors such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our website.
Opting Out:
Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt-Out page or by using the Google Analytics Opt-Out Browser add-on.
Privacy Policy Changes:
You will be notified of any changes on our Privacy Policy Page.
You can change your personal information:
- By emailing us
- By logging in to your account
- By chatting with us or by sending us a support ticket
How Does Our Site Handle Do Not Track Signals?
We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Does Our Site Allow Third-Party Behavioral Tracking?
It’s also important to note that we allow third-party behavioral tracking
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under the age of 13 years old.
Online Security
We uphold the highest standards for protecting your information. To do this, we have both electronic and physical safeguards for information that are implemented to continuously protect your personal data. Our safeguards are according to the industry’s standards and practices.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with fair information practices we will take the following responsive action, should a data breach occur:
- We will notify you via email within 7 business days after a data breach.
- We will notify the users via in-site notification within 7 business days after a data breach.
- We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
Email Address
We collect your email address in order to market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
CAN-SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
To be in accordance with CAN-SPAM, we agree to the following:
- Not use false or misleading subjects or email addresses.
- Identify the message as an advertisement in some reasonable way.
- Include the physical address of our business or site headquarters.
- Monitor third-party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly.
- Allow users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails, you can follow the instructions at the bottom of each email and we will promptly remove you from ALL correspondence.
Protected Health Information (PHI) Privacy Practices
We will obtain your written authorization to use and disclose your protected health information unless we are permitted to use or disclose your information without your authorization under applicable law. The following categories describe the ways that we may use and disclose your health information without your written authorization under Part 2. To the extent applicable state law is even more restrictive than Part 2 on how we use and disclose any of your health information, we comply with more restrictive state law.
Within Our Facilities. Forward Health personnel who have a need for your information in connection with their duties that arise out of the provision of diagnosis, treatment, or referral for treatment may use and share your information. In addition, we may share your information with the entity that has direct administrative control over our substance use disorder program.
Emergency Treatment. In the event of a medical emergency in which your prior authorization cannot be obtained, we may disclose your identifying information to medical personnel. We will obtain your authorization prior to disclosing your information for non-emergency treatment.
Business Associates/Qualified Service Organizations. We may disclose your information to third party “business associates” and “qualified service organizations” that perform various services on our behalf, such as transcription, billing, and collection services, and who agree to protect the privacy of your health information.
Audits. We may disclose your health information to entities who are legally permitted to perform audits of our facilities. Those entities are required to maintain the privacy of your information.
Legal Proceedings. We may disclose your health information pursuant to court orders that meet the requirements of applicable law.
Reporting Crimes on Our Premises or Against Our Personnel. We may disclose a patient’s commission (or threatened commission) of a crime on our premises or against our personnel to a law enforcement agency or official. We are permitted to disclose information regarding the circumstances of such incident, including the suspect’s name, address, last known whereabouts, and status as a patient in our program.
Reporting Child Abuse or Neglect. We may report incidents of suspected child abuse and neglect to the appropriate state or local authorities.
Deceased Persons. We may disclose information relating to the cause of death of a patient under laws requiring the collection of death or other vital statistics or permitting inquiry into the cause of death.
Research. Under certain circumstances, we may disclose your health information to researchers who are conducting a specific research project. Your identifying information will never be published without your written authorization.
FDA Reporting. We may disclose patient identifying information to medical personnel of the Food and Drug Administration (“FDA”) who assert a reason to believe that the health of any individual may be threatened by an error in the manufacture, labeling, or sale of a product under FDA jurisdiction, and that the information will be used for the exclusive purpose of notifying patients or their physicians of potential dangers.
OTHER USES AND DISCLOSURES:
Use or disclosure of your health information for any purpose other than those listed above requires your written authorization. Some examples include:
- Psychotherapy Notes: We will not use and disclose your psychotherapy notes without your written authorization except as otherwise permitted by law.
- Release of Your Presence in Our Facility: We will not disclose your presence in treatment to individuals who may call the facility or present in person at the facility unless you have provided your written authorization permitting the release.
- Marketing: We will not use or disclose your health information for marketing purposes without your written authorization except as otherwise permitted by law.
- Sale of Your Health Information: We will not sell your health information without your written authorization except as otherwise permitted by law.
If you change your mind after authorizing a use or disclosure of your health information, you may withdraw your permission by revoking the authorization. However, your decision to revoke the authorization will not affect or undo any use or disclosure of your health information that occurred before you notified us of your decision, or any actions that we have taken based upon your authorization. To revoke an authorization, please notify us by mail at Forward Health, Attn: Compliance, 6020 Groveport Road, Groveport OH 43125 or by contacting our Compliance Officer by telephone at 614-567-6274.
YOUR RIGHTS REGARDING YOUR HEALTH INFORMATION:
This section describes your rights regarding the health information we maintain about you. All requests or communications to exercise your rights discussed below must be submitted in writing to Forward Health, Attn: Compliance, 6020 Groveport Road, Groveport OH 43125.
Right to Inspect and Copy. You have the right to inspect and receive a copy of your health information, excluding your psychotherapy notes. We may charge you a fee as authorized by law to meet your request. You may request access to your health information in a certain electronic form and format, if readily producible, or, if not readily producible, in a mutually agreeable electronic form and format. Further, you may request in writing that we transmit such a copy to any person or entity you designate. Your written, signed request must clearly identify such designated person or entity and where you would like us to send the copy. We may deny your request to inspect and copy in limited circumstances. If you are denied access to your health information, you may request that the denial be reviewed by a licensed health care professional chosen by us. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.
Right to Request Confidential Communications. You have the right to request that we communicate your health information to you in a certain manner or at a certain location. For example, you may wish to receive information through a written letter sent to a private address. We will grant reasonable requests. We will not ask you the reason for your request.
Right to Amend. You have a right to request that we amend or correct your health information that you believe is incorrect or incomplete. For example, if your date of birth is incorrect, you may request that the information be corrected. To request a correction or amendment to your health information, you must make your request in writing and provide a reason for your request. You have the right to request an amendment for as long as the information is kept by or for us. Under certain circumstances we may deny your request. If your request is denied, we will provide you with information about our denial and how you can file a written statement of disagreement with us that will become part of your medical record.
Right to an Accounting of Disclosures. You have the right to request an accounting of disclosures we make of your health information. Please note that certain disclosures need not be included in the accounting we provide to you, including most disclosures we make pursuant to your authorization. Your request must state a time period which may not go back further than six years. You will not be charged for this accounting, unless you request more than one accounting per year, in which case we may charge you a reasonable cost-based fee for providing the additional accounting(s). We will notify you of the costs involved and give you an opportunity to withdraw or modify your request before any costs have been incurred.
Right to Request Restrictions. HIPAA provides that you have the right to request restrictions on how your health information is used or disclosed for treatment, payment, or health care operations activities but that we are not required to agree to your requested restriction, unless that restriction is regarding disclosure of health information to your health insurance company and: (1) the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law; and (2) the health information pertains solely to a health care item or service for which you or another person (other than your health insurance company) paid for in full. Note, however, that Part 2 requires that we obtain your written authorization for most disclosures, except as expressly outlined above.
Right to a Paper Copy of This Notice. You have the right to receive a paper copy of this Notice at any time, even if you previously agreed to receive this Notice electronically. Please contact us if you would like a paper copy.
Contacting Us
If there are any questions regarding this privacy policy, you may contact us using the information below.
Forward Health
Attn: Webmaster
6020 Groveport Road,
Groveport OH 43125