Necessary Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
This Privacy Notice applies to Well Clinic San Francisco (usually referred to just as “us”, “our”, “we” or something similar) web site. By using our web site, you consent to the data practices in this notice.
Personal data (usually referred to just as “data” below) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered there. We may collect personal information such as your name, email address, home or work phone number or other information you provide us. We use this information to answer questions you may ask us, deliver services to you that you request, and send you updates and communicate with you when you ask us to. We may also collect information about your computer hardware and software, such as your IP address, browser type, comain names, access times and referring web site address. We use this information to operate our service, maintain our quality of service, and provide general statistics regarding use of our website. Of the data we collect through our website (which we will talk about in more detail below), we do not collect or process what are called “special categories” of data that may risk your rights and freedoms. For example, through our website, we do not collect any characteristics of protected classifications including age, race or ethnic origin, religion or philosophical beliefs, sexual orientation, political opinions, trade union memberships, biometric data used to identify an individual, data related to sexual orientation, sexual preferences, sex life, gender, or data related to gender identity or expression. You may provide us health-related information through our website in a form you can fill out, called “personal health information” (“PHI” for short), which is discussed in our HIPAA Policy, below.
I. Information about us
II. The data we collect, how we use it, and the rights you have regarding our use of your data
III. Information about the data processing
I. Information about us and your data
The party responsible for this website for purposes of data protection is:
Well Clinic San Francisco
383 Rhode Island St. Suite 201
San Francisco, CA
II. The data we collect, how we use it, and the rights you have regarding our use of your data.
It should not surprise you we collect any information you enter on our site, send us through email, or that you give us in any other way. If you do not fill out contact forms or send us your information with your explicit consent, we do not collect this information about you. When you visit a website, you disclose certain information, such as your Internet Protocol (IP) address and the time of your visit. This site, like many other sites, records this basic information about visits to our site through Google Analytics, but we reasonably anonymize IP addresses by blocking part of your IP address so that it cannot be reasonably connected to you or used to identify you. We will talk more about this later. We encourage you to review the privacy policies of the websites you visit, as we cannot control the information third parties gather about you, including the websites your visit before you visit our website or websites you may visit after you visit our website.
We collect two types of information about you. The first type of information we collect is information by which you may be personally identified and you voluntarily provide to us, such name and email address. If you have other requests of us, such as telling us how we can help when you fill in our website Contact Us form or reporting a problem with our website, you may choose to provide us information such as your name, postal address, email address, or any other identifier by which you may be contacted by us online or offline (“personally identifiable information”). We may keep a copy of your correspondence (including your email address) if you write us. This includes any social media posts you may make on our social media sites (such as Facebook or LinkedIn) so we can keep track of who submitted what and are able to contact you if we need to regarding your submission.
The second type of information we may collect is information that is about you individually but does not by itself identify you (“non-personal information”). This type of information is generally collected automatically as you navigate through a website, and could include such information as IP addresses, which URL you came from, browsing patterns and actions, location data, zip code, operating system of your computer, browser type and information collected through cookies, flash cookies, web beacons, logs and other tracking technologies that helps us continually improve our services to you, but when you use our website we reasonably anonymize and aggregate this information, so it cannot be used to reasonably identify you.
The information we collect is used for administering our business activities and fulfilling any other purpose for which you provide it and consent. If you are in the EU, UK or Switzerland, or any other country, this data is transferred out of the country you accessed our website with your consent. You have explicitly consented to us transferring your first and last name, email, and any other information you provide to us to California, United States, in order for us to perform services for you and your requests of us to do so as well as to our processors, sub processors and third-party vendors, who are also located in the United States or Canada. If you do not fill out contact forms or send us your information with your explicit consent, we do not collect your information. We may use your information: to carry out our obligations and enforce our rights for contracts entered into between you and us; to prevent fraud; to protect the rights and/or life of an individual; to protect our rights or prevent misuse of our website, property or services; to notify you about changes to our website, new services, or special offers; to recognize you when you return to our Site and remember your preferences; and, when you ask us to use your information for business activities administered by third parties, such as releasing your address information to the delivery service to deliver products/services that you ordered or provide order information to third parties that help us provide customer service.
Your personal data is yours and you have rights over it, including but not limited to:
• the right to be informed about the collection and use of your personal data;
• the right of access to your personal data and any supplementary information;
• the right to have any errors in your personal data rectified;
• the right to have your personal data erased (“right to be forgotten”);
• the right to block or suppress the processing of your personal data;
• the right to move, copy or transfer your personal data from one IT environment to another;
• the right to withdraw your consent of our processing of your personal and data;
• the right to file a complaint with your local supervisory authority;
• the right to object to processing of your personal data in certain circumstances;
• the right to non-discrimination for the same prices and service as those who have and have not exercised their privacy rights (although, as mentioned above, exercising rights such as the right to be forgotten, may prevent you from using our services and certain aspects of our website); and,
• rights related to automated decision-making (i.e. where no humans are involved) and profiling (i.e. where certain personal data is processed to evaluate an individual).
However, after saying all of that, please know there are exceptions to these rights, many examples of which we have listed in this policy.
California residents have the right to request specific disclosures about our privacy practices, including telling you about the information we share with third parties for marketing purposes and the rights listed above (such as the right to non-discrimination). To make such a request, please contact us at the addresses below.
We do not process or respond to “Do Not Track” signals or other similar transmissions that indicate a request to disable online tracking of users who visit our site or who use our services.
III. Information about the data processing
You can request access to all your personally identifiable information and manage your data, including your withdrawal of consent, by sending an e-mail to us. We may not accommodate a request to change information if we believe the change would violate a law or cause the information to be incorrect. Please note that the personally identifiable information and non-personal information that we maintain will be deleted or anonymized after we determine there is no longer any reason to process your information or otherwise fulfill our contractual obligations to you, whichever is more appropriate. While we do not hold personal data any longer than we need to, the duration will depend on your relationship with us. Also, if you request us to delete your information, you should realize that that deleting personal information may affect our ability to deliver services or may result in deleting your account completely.
Depending on which of our services you use, more than one company may be the controller of your personal data in our processors and sub-processors, discussed below. We will not disclose any personally identifiable information to any third party without first receiving your permission, which includes our processors and sub-processors and third-party vendors, below. We do not sell, trade, or rent your personally identifiable information to others.
The importance of security of your personally identifiable information is also very important to us. We have implemented measures designed to secure your personally identifiable information from accidental loss and from unauthorized access, use, alteration, and disclosure. For example, we use security software to protect the confidentiality of your personally identifiable information. We use a Secure Socket Layer/Transport Layer Security technology when information is submitted to us on line. We do not store any of your personal data at our location, but instead use secure cloud storage. However, please know that when we access your personally identifiable information from our computers, it is protected in several ways with firewalls, data encryption, physical security for our buildings, files and information contained therein and other current industry standards. In addition, our business practices are reviewed periodically for compliance with policies and procedures governing the security and confidentiality of our information. Our business practices limit employee access to confidential information, and limit the use and disclosure of such information to authorized persons. Non-personal information that you provide or that we collect also resides on a secure server in our processor and sub processor and cloud infrastructure mentioned above and is only accessible via password. We also use old fashioned lock and key with locking office doors, locking desks, building security systems, and other physical security measures.
Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your personally identifiable information, you acknowledge that: (a) there are security and privacy limitations of the Internet which are beyond our control; (b) the security, integrity and privacy of any and all information and data exchanged between you and us through this site cannot be guaranteed; and (c) any such information and data may be viewed or tampered with in transit by a third party. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the website or other service.
You can read more about the protections and treatment of your PHI below in the HIPAA data part of our privacy notices.
Children and our websites
This website does not provide services or sell products to children under the age of 18. If you are under the age of 18 years old, please do not enter any information into this site and do not use this site. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. If you are aware of any information we may have collected from a child under 18 years of age, please let us know so that we can delete that information.
a) Session cookies
b) Third-party cookies
c) Disabling cookies
If you prevent or restrict the installation of cookies, not all of the functions on our site may be fully usable.
We use Google Analytics on our website. This is a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 (hereinafter: Google). The Google Analytics service is used to analyze how our website is used. Usage and user-related information, such as IP address, place, time, or frequency of your visits to our website will be transmitted to a Google server in the United States and stored there. However, we use Google Analytics with the so-called anonymization function, whereby Google truncates the IP address before it is transmitted to us. The data collected in this way is in turn used by Google to provide us with an evaluation of visits to our website and what visitors do once there. This data can also be used to provide other services related to the use of our website and of the internet in general. Google states that it will not connect your IP address to other data. In addition, Google provides further information with regard to its data protection practices at:
https://www.google.com/intl/en/policies/privacy/partners including options you can exercise to prevent such use of your data. In addition, Google offers an opt-out add-on at:
Our website uses Google Maps to display our location and to provide directions. This is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 (hereinafter: Google). To enable the display of certain fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed.
Our website uses Google Fonts to display external fonts. This is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 (hereinafter: Google).
To enable the display of certain fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed. When you access our site, a connection to Google is established from which Google can identify the site from which your request has been sent and to which IP address the fonts are being transmitted for display.
Google offers detailed information at: https://adssettings.google.com/authenticated and https://policies.google.com/privacy in particular on options for preventing the use of data.
Our website uses the plug-in of the Facebook social network. Facebook.com is a service provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. In the EU, this service is also operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, hereinafter both referred to as “Facebook.” Further information about the possible plug-ins and their respective functions is available from Facebook at https://developers.facebook.com/docs/plugins/.
Changes to our Privacy Notices
Privacy Policies and Data Collection from Third Party Websites.
Well Clinic of San Francisco
100 Bush Street, Suite 508
San Francisco, CA 94110
Protecting your private information is of paramount importance to us
All Web site content and submission forms are hosted on a HIPAA compliant server to protect your personal information.
By using this site, you agree to this NOTICE of PRIVACY PRACTICES.
I. THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
II. I HAVE A LEGAL DUTY TO SAFEGUARD YOUR PROTECTED HEALTH INFORMATION (PHI)
I am legally required to protect the privacy of your PHI, which includes information that can be used to identify you that I’ve created or received about your past, present, or future health or condition, the provision of health care to you, or the payment of this health care. I must provide you with this Notice about my privacy practices, and such Notice must explain how, when, and why I will “use” and “disclose” your PHI.
A “use” of PHI occurs when I share, examine, utilize, apply, or analyze such information within my practice; PHI is “disclosed” when it is released, transferred, has been given to, or is otherwise divulged to a third party outside of my practice. With some exceptions, I may not use or disclose any more of your PHI than is necessary to accomplish the purpose for which the use or disclosure is made. And, I am legally required to follow the privacy practices described in this Notice.
However, I reserve the right to change the terms of this Notice and my privacy policies at any time. Any changes will apply to PHI on file with me already. Before I make any important changes to my policies, I will promptly change this Notice and post a new copy of it in my office and on my website. You can also request a copy of this Notice from me, or you can view a copy of it in my office.
III. HOW I MAY USE AND DISCLOSE YOUR PHI
I will use and disclose your PHI for many different reasons. For some of these uses or disclosures, I will need your prior written authorization; for others, however, I do not. Listed below are the different categories of my uses and disclosures along with some examples of each category.
1. Uses and Disclosures Relating to Treatment, Payment, or Health Care Operations Do Not Require Your Prior Written Consent. I can use and disclose your PHI without your consent for the following reasons:
1. For Treatment. I can use your PHI within my practice to provide you with mental health treatment, including discussing or sharing your PHI with my supervisor. I can disclose your PHI to physicians, psychiatrists, psychologists, and other licensed health care providers who provide you with health care services or are involved in your care. For example, if a psychiatrist is treating you, I can disclose your PHI to your psychiatrist to coordinate your care.
2. To Obtain Payment for Treatment. I can use and disclose your PHI to bill and collect payment for the treatment and services provided by me to you. For example, I might send your PHI to your insurance company or health plan to get paid for the health care services that I have provided to you. I may also provide your PHI to my business associates, such as billing companies, claims processing companies, and others that process my health care claims.
3. For Health Care Operations. I can use and disclose your PHI to operate my practice. For example, I might use your PHI to evaluate the quality of health care services that you received or to evaluate the performance of the health care professionals who provided such services to you. I may also provide your PHI to my accountant, attorney, consultants, or others to further my health care operations.
4. Patient Incapacitation or Emergency. I may also disclose your PHI to others with-out your consent if you are incapacitated or if an emergency exists. For example, your consent isn’t required if you need emergency treatment, as long as I try to get your consent after treatment is rendered, or if I try to get your consent but you are unable to communicate with me (for example, if you are unconscious or in severe pain) and I think that you would consent to such treatment if you were able to do so.
2. Certain Other Uses and Disclosures Also Do Not Require Your Consent or Authorization. I can use and disclose your PHI without your consent or authorization for the following reasons:
1. When federal, state, or local laws require disclosure. For example, I may have to make a disclosure to applicable governmental officials when a law requires me to report information to government agencies and law enforcement personnel about victims of abuse or neglect.
2. When judicial or administrative proceedings require disclosure. For example, if you are involved in a lawsuit or a claim for workers’ compensation benefits, I may have to use or disclose your PHI in response to a court or administrative order. I may also have to use or disclose your PHI in response to a subpoena.
3. When law enforcement requires disclosure. For example, I may have to use or disclose your PHI in response to a search warrant.
4. When public health activities require disclosure. For example, I may have to use or disclose your PHI to report to a government official an adverse reaction that you have to a medication.
5. When health oversight activities require disclosure. For example, I may have to provide information to assist the government in conducting an investigation or inspection of a health care provider or organization.
6. To avert a serious threat to health or safety. For example, I may have to use or disclose your PHI to avert a serious threat to the health or safety of others. However, any such disclosures will only be made to someone able to prevent the threatened harm from occurring.
7. For specialized government functions. If you are in the military, I may have to use or disclose your PHI for national security purposes, including protecting the President of the United States or conducting intelligence operations.
8. To remind you about appointments and to inform you of health-related benefits or services. For example, I may have to use or disclose your PHI to remind you about your appointments, or to give you information about treatment alternatives, other health care services, or other health care benefits that I offer that may be of interest to you.
3. Certain Uses and Disclosures Require You to Have the Opportunity to Object.
1. Disclosures to Family, Friends, or Others. I may provide your PHI to a family member, friend, or other person that you indicate is involved in your care or the payment for your health care, unless you object in whole or in part. The opportunity to consent may be obtained retroactively in emergency situations.
4. Other Uses and Disclosures Require Your Prior Written Authorization. In any other situation not described in sections III A, B, and C above, I will need your written authorization before using or disclosing any of your PHI. If you choose to sign an authorization to disclose your PHI, you can later revoke such authorization in writing to stop any future uses and disclosures (to the extent that I haven’t taken any action in reliance on such authorization) of your PHI by me.
IV. WHAT RIGHTS YOU HAVE REGARDING YOUR PHI
You have the following rights with respect to your PHI:
1. The Right to Request Restrictions on My Uses and Disclosures. You have the right to request restrictions or limitations on my uses or disclosures of your PHI to carry out my treatment, payment, or health care operations. You also have the right to request that I restrict or limit disclosures of your PHI to family members or friends or others involved in your care or who are financially responsible for your care. Please submit such requests to me in writing. I will consider your requests, but I am not legally required to accept them. If I do accept your requests, I will put them in writing and I will abide by them, except in emergency situations. However, be advised, that you may not limit the uses and disclosures that I am legally required to make.
2. The Right to Choose How I Send PHI to You. You have the right to request that I send confidential information to you to at an alternate address (for example, sending information to your work address rather than your home address) or by alternate means (for example, e-mail instead of regular mail). I must agree to your request so long as it is reasonable and you specify how or where you wish to be contacted, and, when appropriate, you provide me with information as to how payment for such alternate communications will be handled. I may not require an explanation from you as to the basis of your request as a condition of providing communications on a confidential basis.
3. The Right to Inspect and Copy of Your PHI. In most cases, you have the right to inspect and copy the PHI that I that I have on you, but you must make the request to inspect and copy such information in writing. If I don’t have your PHI but I know who does, I will tell you how to get it. I will respond to your request within 30 days of receiving your written request. In certain situations, I may deny your request. If I do, I will tell you, in writing, my reasons for the denial and explain your right to have my denial reviewed. If you request copies of your PHI, I will charge you not more than $.25 for each page. Instead of providing the PHI you requested, I may provide you with a summary or explanation of the PHI as long as you agree to that and to the cost in advance.
4. The Right to Receive a List of the Disclosures I Have Made. You have the right to receive a list of instances, i.e., an Accounting of Disclosures, in which I have disclosed your PHI. The list will not include disclosures made for my treatment, payment, or health care operations; disclosures made to you; disclosures you authorized; disclosures incident to a use or disclosure permitted or required by the federal privacy rule; disclosures made for national security or intelligence; disclosures made to correctional institutions or law enforcement personnel; or, disclosures made before April 14, 2003.I will respond to your request for an Accounting of Disclosures within 60 days of receiving such request. The list I will give you will include disclosures made in the last six years unless you request a shorter time. The list will include the date the disclosure was made, to whom the PHI was disclosed (including their address, if known), a description of the information disclosed, and the reason for the disclosure. I will provide the list to you at no charge, but if you make more than one request in the same year, I may charge you a reasonable, cost-based fee for each additional request.
5. The Right to Amend Your PHI. If you believe that there is a mistake in your PHI or that a piece of important information is missing, you have the right to request that I correct the existing information or add the missing information. You must provide the request and your reason for the request in writing. I will respond within 60 days of receiving your request to correct or update your PHI. I may deny your request in writing if the PHI is (i) correct and complete, (ii) not created by me, (iii) not allowed to be disclosed, or (iv) not part of my records.My written denial will state the reasons for the denial and explain your right to file a written statement of disagreement with the denial. If you don’t file one, you have the right to request that your request and my denial be attached to all future disclosures of your PHI. If I approve your request, I will make the change to your PHI, tell you that I have done it, and tell others that need to know about the change to your PHI.
6. The Right to Receive a Paper Copy of this Notice. You have the right to receive a paper copy of this notice even if you have agreed to receive it via e-mail.
V. HOW TO COMPLAIN ABOUT OUR PRIVACY PRACTICES
f you think that I may have violated your privacy rights, or you disagree with a decision I made about access to your PHI, you may file a complaint with the person listed in Section Vl below. You also may send a written complaint to the Secretary of the Department of Health and Human Services at 200 Independence Avenue S.W., Washington, D.C. 20201. I will take no retaliatory action against you if you file a complaint about my privacy practices.
VI. PERSON TO CONTACT FOR INFORMATION ABOUT THIS NOTICE OR TO COMPLAIN ABOUT MY PRIVACY PRACTICES
If you have any questions about this notice or any complaints about my privacy practices, or would like to know how to file a complaint with the Secretary of the Department of Health and Human Services, please contact me at: (415) 857-2160.
VII. EFFECTIVE DATE OF THIS NOTICE
This notice went into effect on August 19th, 2013.
New HIPAA (health insurance portability and accountability act) privacy standards were created to protect patients’ health information when it is disclosed but also to facilitate the flow of medical information between providers. With other medical providers and for safety or security reasons, there is less protection