THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

 

Effective Date: September 23, 2024

 

The purpose of this Privacy Policy is to inform clients of their privacy rights regarding their health information and identity. This policy applies to the Avalon Wellness & Recovery website and all products and services offered by the program.

 

Definitions

 

Protected Health Information (PHI): Any individually identifiable health information relating to a client's past, present, or future physical or mental health or condition, and any related health care services.

 

Personal Information: Information that identifies or can be used to identify an individual, such as name, address, email, and health information.

 

Cookies: Small data files stored on a user’s device that help us enhance user experience and analyze site traffic.

 

Information We Collect

Information gathered from the website includes filling out forms voluntarily, the means of connection to the website from the client, and by accepting cookies. This may also include information such as browser type, language, referring site, IP address, geographic location, and time zone.

 

When gathering this information, it may be used to communicate with clients directly on the website and meet client needs more efficiently, personalizing the experience. The website is encrypted, meaning all information is secure and protected against unauthorized access, alteration, disclosure, or destruction of personal information, username, password, transaction information, and data stored. Information is never sold, shared, or traded with anyone.

 

Data Retention Policy

Avalon Wellness & Recovery retains personal information only as long as necessary to fulfill the purposes outlined in this policy or as required by law.

 

HIPAA Compliance

This notice is written in plain language to help you understand your rights and our responsibilities under the law. These rights include: the right to access your health information, request corrections, limit disclosures, and obtain a list of those who have received your information. You also have the right to request confidential communications and to file a complaint if you believe your rights have been violated.

 

Individually Identifiable Health Information (45 CFR 164.520), including the Confidentiality of Medical Records Act (California Civil Code § 56 et seq.), covered in this Privacy Policy, describes how medical information about the client may be used or disclosed and how the client can access this information. The client’s personal health record contains private and confidential information about them and their health. Both State and Federal laws protect the confidentiality of this information.

 

Examples of Disclosure

Below are examples, but not limited to, when health information may be given to outside sources:

 

* To public health authorities for disease prevention or control.

* To comply with workers’ compensation laws.

* To law enforcement when required by legal processes.

* To government agencies for health oversight activities.

* In response to court orders or legal subpoenas.

* For organ donation or medical research under strict conditions.

* To report child abuse, neglect, or domestic violence.

 

client Rights

When it comes to client health information, clients have specific rights:

 

Access to Records: To get an electronic or paper copy of their electronic health record. Upon request, staff may provide clients with a copy of their record. The request typically has a standard fee and is provided within 30 days.

 

Corrections to Records: Electronic health record information about the client that they see as incorrect or incomplete may be updated upon request. The request may be denied; however, staff will provide the client with a written denial and reason within 60 days.

 

Confidential Communications: Staff may provide clients with the requested electronic health records to the mailing address they provide, and staff may leave phone messages with the client’s written approval. Only staff-approved requests are accepted.

 

Limiting Disclosure: clients can ask staff not to use or share certain health information for treatment, payment, or operations. Staff are not required to agree to the client’s request and may decline if it would affect the client’s care. If the client pays for a service or health care item out-of-pocket and in full, the client can ask staff not to share that information for the purpose of payment or operations with their health insurer. Staff will agree unless a law requires them to share that information.

 

Information Access: Staff can provide the client with a list of providers or affiliates the program may share health information with upon request. The program keeps records for a minimum of seven (7) years. Staff may be asked for health information during that time and can inform the client of who has been provided with their information and the reason why.

 

Obtaining a Privacy Policy Copy

Staff may provide the client with a paper copy of this notice at any time, whether electronically, by additional copy, mail, or in person.

 

Legal Guardian or Power of Attorney

If approval has been given to a legal guardian or power of attorney, the client may exercise their rights regarding disclosing their health information. The role will be verified before any information is provided.

 

Filing a Complaint

Complaints can be filed if the client feels their rights have been violated. The client may contact the program staff or the licensing agency, KDADS. The client can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting [www.hhs.gov/ocr/privacy/hipaa/complaints/](http://www.hhs.gov/ocr/privacy/hipaa/complaints/). There is no retaliation for filing a complaint.

 

Release of Information

If the client approves, staff may share information in the following cases:

 

* With the client’s family, friends, spouses, or others involved in their care.

* In an emergency, staff may share the client’s information:

 

  * In a disaster relief situation

  * If the client is unconscious

  * If there is a serious and/or imminent threat to health or safety

  * If staff believe it is in the best interest of the client

 

Staff do not share the client’s information unless the client signs a Release of Information:

 

* No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

* The following also requires a Release of Information signed:

 

  * For treatment, including follow-up communications with the client after treatment.

  * To provide feedback on clinical outcomes.

  * For billing/client insurance.

 

Please note: Once information is disclosed to a third party, it may no longer be protected by HIPAA and could be re-disclosed by the recipient.

 

We do not use your information for fundraising purposes. If that changes in the future, we will notify you in advance and provide the opportunity to opt out of any fundraising communications.

 

Breaking Confidentiality

Breaking confidentiality may include:

 

* Reporting adverse reactions to medications

* Reporting suspected abuse, neglect, or domestic violence

* Preventing or reducing a serious threat to anyone’s health or safety

* To comply with the law, including DHCS, law enforcement, the court, a subpoena, or government requests

* A medical examiner or funeral director

* Responding to criminal activity on the property

 

Staff follow all state and federal laws regarding providing health information to the above.

 

Affiliate and Marketing Disclosure

Avalon Wellness & Recovery does not participate in third-party lead generation or affiliate marketing programs. We are committed to transparency in how we promote our services. Any affiliate or marketing relationships will be disclosed and will comply with applicable laws and ethical guidelines.

 

Accuracy of Website Content

We strive to ensure all website content is accurate, complete, and not misleading. If you believe any information on our website is inaccurate or confusing, please contact us immediately.

 

Security Practices

We implement a variety of security measures to maintain the safety of your personal information. These include, but are not limited to, encryption of sensitive data, secure access controls, and regular security assessments.

 

International Data Transfers

If we transfer your personal information outside your country, we ensure appropriate safeguards are in place to protect your information in accordance with applicable laws.

 

Cookies and Tracking Technologies

We use cookies to enhance user experience and analyze site traffic. Users can manage cookie preferences through their browser settings. Visitors to our website are presented with a cookie consent banner to allow or manage cookie preferences. This ensures transparency and user control over data collection.

 

User Rights Under GDPR/CCPA

clients may have additional rights under applicable privacy laws, including the right to access, delete, or restrict the processing of their personal information.

 

Data Breach Procedures

In the event of a data breach, we will notify affected clients within 72 hours, as required by law, and provide information about the nature of the breach and potential impacts.

 

Updates to the Privacy Policy

This Privacy Policy may be updated periodically. clients will be notified of significant changes via email or a notice on our website.

 

Contact Information for Privacy Concerns

For any questions or concerns about this Privacy Policy or our privacy practices, please contact our Privacy Officer at:

 

Mailing Address:

Avalon Wellness & Recovery

801 Iowa Street,

Lawrence, KS 66044

 

Email Address: david@avalonwrc.com

Executive Director: David Hawley

Phone Number: 785-340-0341

Company Email: david@avalonwrc.com

 

Disclaimer of Liability

While we take reasonable measures to protect your information, we cannot guarantee absolute security against unauthorized access or data breaches.

 

Acceptance of These Terms

Utilizing this website signifies the client’s agreement to this policy. If the client does not agree, they do not have to use this website. When the client continues to use this website, it is also considered acceptance of this policy, including when the policy is updated.

You can always access the most up to date version of this Privacy Policy on our website at www.avalonwrc.com/privacy-policy.