Orange Oasis Healing Privacy Policy

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Commitment to Your Privacy:

We are required by law to provide you with a notice that explains our privacy practices with regard to your medical information and how we may use and disclose your protected health information (PHI). In our practice, we will create records regarding you and our work together and services we provide to you. We are required by law to maintain the confidentiality of health information that identifies you. We are also required by law to provide you with this notice of our legal duties and the privacy practices that we maintain in my practice concerning your PHI. By federal and state law, we must follow the terms of the Notice of Privacy Practices that we have in effect at the time. We realize that these laws are complicated, but we must provide you with the following important information:

  • How we may use and disclose your PHI,

  • Your privacy rights in your PHI,

  • Our obligations concerning the use and disclosure of your PHI.

Our Responsibilities:

  • We are required by law to maintain the privacy and security of your protected health information.

  • We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.

  • We must follow the duties and privacy practices described in this notice and give you a copy of it.

  • We will not use or share your information other than as described below unless you tell me in writing that we can. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.

The terms of this notice apply to all records containing your PHI that are created or retained by our practice. We reserve the right to revise or amend this Notice of Privacy Practices. Any revision or amendment to this notice will be effective for all of your records that my practice has created or maintained in the past, and for any of your records that we may create or maintain in the future. You may request a copy of the most current Notice at any time.

If you have questions about this Notice, please contact:

Mary Lee // mary@orangeoasishealing.com // 240-272-7772

Uses and Disclosures of PHI:

The following categories describe the different ways in which we may use and disclose your PHI:

  1. Provision and Coordination of Services. We may use and disclose your PHI to provide, coordinate, or manage your mental health services. We may also disclose your health information to other health care providers who are working with you. For example, if you are seeing a psychiatrist, we can disclose your PHI to your psychiatrist to coordinate your care. Additionally, we may disclose your PHI to others who may assist in your care, such as your partner/s or other loved ones.

  2. Payment. We may use and disclose your PHI to bill and collect payment for the services we provide you. For example, we might send your PHI to your insurance company or health plan to get paid for the health care services that we have provided to you.

  3. Health Care Operations. We may use and disclose your PHI to support and operate our practice. For example, we may use your PHI to review and evaluate your services or to evaluate my performance while working with you.

  4. Appointment Reminders. We may use and disclose your PHI to contact you as a reminder about scheduled appointments.

  5. Care Alternatives. We may use and disclose your PHI to tell you about or recommend possible alternative services or options that may be of interest to you.

  6. Others Involved in Your Care. We may use and disclose your PHI to a family member, a close friend, or any other person you identify that is involved in your mental health services or payment for services.

  7. As Required by Law. We may use and disclose your PHI when required to by federal, state, or local law.

Use and Disclosure of PHI in Special Circumstances:

The following describe unique scenarios in which we may use or disclose your PHI:

  • Public Health Risk. We may use and disclose your PHI to public health authorities that are authorized by law to collect information for the purpose of:

    • Reporting child abuse or neglect,

    • Reporting abuse or neglect of a vulnerable person, and,

    • Notifying appropriate government agency(ies) and authority(ies) regarding the potential abuse or neglect of an adult client (including domestic violence); however, we will only disclose this information if you agree or if we are required or authorized by law to disclose this information.

  • Health Oversight Activities. Our practice may disclose your PHI to a health oversight agency for activities authorized by law. Oversight activities can include, for example, investigations, inspections, audits, surveys, licensure and disciplinary actions; civil, administrative and criminal procedures or actions; or compliance with civil rights laws and the health care system in general.

  • Lawsuits and Similar Proceedings. Our practice may use and disclose your PHI in response to a court or administrative order if you are involved in a lawsuit or similar proceeding. We also may disclose your PHI in response to a discovery request, subpoena or other lawful process by another party involved in the dispute, but only if we have made an effort to inform you of the request or to obtain an order protecting the information the party has requested.

  • Workers’ Compensation. Our practice may release your PHI for workers’ compensation and similar programs.

Business Associates and Marketing:

  • Our Business Associates. We may use and disclose your information to outside persons or entities that perform services on our behalf, such as auditing, legal, or transcription. We contractually require these parties to use and disclose your information only as permitted and to appropriately safeguard your information.

  • When We Will Not Use or Disclose Your Information. We will not share your information to: • market our services, or • sell or otherwise receive compensation for disclosing your information.

Your Rights Regarding Your PHI:

Although your health record is the physical property of our practice because we compiled it, the information belongs to you. You have the right to:

  1. Confidential Communications. You have the right to request that we communicate with you about your health and related issues in a particular manner or at a certain location. For instance, you may ask that we contact you at home, rather than work. You do not need to give a reason for your request.

  2. Requesting Restrictions. You have the right to request a restriction in our use or disclosure of your PHI for services, payment, or health care operations. Additionally, you have the right to request that we restrict my disclosure of your PHI to only certain individuals involved in your care or the payment for your care, such as family members and friends. We are not required to agree to your request; however, if we do agree, we are bound by our agreement except when otherwise required by law, in emergencies or when the information is necessary to treat you. In order to request a restriction in my use or disclosure of your PHI, you must make your request in writing to admin@orangeoasishealing.com. Your request must describe in a clear and concise fashion:

    • The information you wish restricted,

    • Whether you are requesting to limit our practice’s use, disclosure or both,

    • To whom you want the limits to apply.

  3. Inspection and Copies. You have the right to inspect and obtain a copy of the PHI that may be used to make decisions about you, including patient medical records and billing records, but not including psychotherapy notes. You must submit your request in writing to Mary Lee through email at mary@orangeoasishealing.com in order to inspect and/or obtain a copy of your PHI. Our practice will charge a fee for the costs of copying, mailing, labor, and supplies associated with your request. Our practice may deny your request to inspect and/or copy in certain limited circumstances; however, you may request a review of the denial. Another licensed health care professional chosen by me will conduct reviews.

  4. Amendment. You may ask us to amend your health information if you believe it is incorrect or incomplete, and you may request an amendment for as long as the information is kept by our practice. To request an amendment, your request must be made in writing and submitted to Mary Lee through email at mary@orangeoasishealing.com. You must provide us with a reason that supports your request for amendment. Our practice will deny your request if you fail to submit your request (and the reason supporting your request) in writing. Also, we may deny your request if you us me to amend information that is in our opinion: (a) accurate and complete; (b) not part of the PHI kept by my practice; (c) not part of the PHI which you would be permitted to inspect and copy; or (d) not created by my practice.

  5. Accounting of Disclosures. All of our clients have the right to request an “accounting of disclosures.” An “accounting of disclosures” is a list of certain non-routine disclosures our practice has made of your PHI for purposes not related to treatment, payment, or operations. Use of your PHI as part of the routine client care in my practice is not required to be documented. For example, when we use your information to file an insurance claim for payment. In order to obtain an accounting of disclosures, you must submit your request in writing to: Mary Lee through email at mary@orangeoasishealing.com. All requests for an “accounting of disclosures” must state a time period, which may not be longer than six (6) years from the date of disclosure and may not include dates before June 18, 2023. The first list you request within a 12-month period is free of charge, but my practice may charge you for additional lists within the same 12-month period. Our practice will notify you of the costs involved with additional requests, and you may withdraw your request before you incur any costs.

  6. Right to a Paper Copy of this Notice. You are entitled to receive a paper copy of our notice of privacy practices. You may ask us to give you a copy of this notice at any time. To obtain a paper copy of this notice, write email Mary Lee at mary@orangeoasishealing.com.

  7. Right to File a Complaint. If you believe your privacy rights have been violated, you may file a complaint with our practice or with the Secretary of the Department of Health and Human Services. To file a complaint with our practice, contact: Nita Williams via email at nita@orangeoasishealing.com. All complaints must be submitted in writing. You will not be penalized for filing a complaint.

  8. Right to Provide an Authorization for Other Uses and Disclosures. Our practice will obtain your written authorization for uses and disclosures that are not identified by this notice or permitted by applicable law. Any authorization you provide to us regarding the use and disclosure of your PHI may be revoked at any time in writing. After you revoke your authorization, we will no longer use or disclose your PHI for the reasons described in the authorization. Please note: We are required to retain records of your care.

Web Privacy Policies:

  • Selling Your Data. We will never sell any personally identifying information to any third parties.

  • SSL. We use high-grade encryption and security protocols (Secure Socket Layer-SSL) when processing financial transactions. This method is the industry-standard security protocol, which makes it difficult for anyone to intercept the information you send us. Inside Orange Oasis Healing, data is stored on password-protected servers. Our staff is educated about the importance of safeguarding your information. However, such precautions do not guarantee that our website is invulnerable to all security breaks. OAH makes no warranty, guarantee or representation that the use of our website is protected from viruses, security threats or other vulnerabilities and that your information will always be secure.

  • Storing Information. We store your personal information in secure databases with limited access.

  • Usage Data. Usage Data is collected automatically when using the Service. Usage Data may include information such as your device’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

    When you access the Service by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device’s unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

    We may also collect information that your browser sends whenever you visit our Service or access the Service by or through a mobile device.

  • Protecting Your Information. We take appropriate security measures (including physical, electronic and procedural measures) to help safeguard your personal information from unauthorized access and disclosure. For example, only authorized employees are permitted to access personal information, and they may do so only for permitted business functions. We use firewalls to help prevent unauthorized persons from gaining access to your personal information.

  • Communication. We use HIPAA compliant internet and technology communication platforms to community via phone, SMS (text), and email. The platforms used for these purposes have been thoroughly vetted and OAH has entered Business Associate Agreements with these platforms to ensure HIPAA compliant regulations.

  • Marketing. We will not share or sell your mobile data for marketing purposes. We do not share personal data (phone numbers) and consent with third parties / affiliates or partners. No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

  • Mobile Data. No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

  • Data Retention. The Company will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent required to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

  • Opt-Out. We communicate with our members on a regular basis via email. For example, we may use your email address to confirm your request, to send you notice of payments, to send you information about changes to our products and services, and to send notices and other disclosures as required by law. Generally, members cannot opt-out of these communications, but they will be primarily informational in nature rather than promotional.

    However, we provide you the opportunity to exercise an opt-out choice if you do not want to receive other types of communications from us, such as messages or updates from us regarding new services and products offered on the Sites. For emails, you may opt-out by clicking on the “unsubscribe” link within the text of an email. We will process your unsubscribe as soon as possible, but please be aware that in some circumstances you may receive a few more messages until the unsubscribe is processed. If you have elected to receive notices to your mobile device via text message, you may opt-out by replying “STOP” to such mobile message. You may receive a confirmatory text message in response to your “STOP” request and you hereby consent to receipt of such confirmation.

  • Payments. Our website may facilitate online payments for products or services. We collect and pass payment data to the payment gateway to enable this to occur, however, we do not store any of your payment data.The payment processors we work with are: Stripe. Their Privacy Policy can be viewed at https://stripe.com/us/privacy

This Privacy Statement applies only to our online practices and does not encompass other areas of the organization. By accessing or using the web site, you agree to be bound by all terms and conditions of Orange Oasis Healing as posted at the time of your access or use.

We respect your privacy!

Privacy Officer Information:

If you have any questions regarding our notice of privacy policies, complaints about our privacy practices, or need information on how to file a complaint, please contact Nita Williams, CEO by phone at 240-272-7772 or email nita@orangeoasishealing.com.