1. Information Collection. Personal information means any information that may be used to identify an individual, including, but not limited to, a first and last name, email address, a home, postal or other physical address, other contact information, title, birth date, gender, occupation, industry, personal interests, medical conditions or other information when needed to provide a service you requested (“Protected Health Information”).
When you browse Lightfully Behavioral Health’s website, www.lightfully.com (the “Site”), you do so anonymously, unless you have previously indicated that you wish Lightfully Behavioral Health (“LBH”) to remember your login and password or you submit a registration form. We do not collect personal information for the purpose of reselling or distributing that information. We may log your IP address (the Internet address of your computer) to give us an idea of which part of the Site you visit and how long you spend there. However, we do not link your IP address to any personal information unless you have logged in to our website. Like many other commercial websites, the Site may use a standard technology called a “cookie” to collect information about how you use the Site. Please go to “Cookies and Tracking Information” below for more information.
LBH collects personal information when you register with LBH for an appointment, for an LBH account, when you register for a course, or when you submit your information to LBH for any other reason.
2. Notification. When personal information is collected, we will inform you at the point of collection the purpose for the collection. LBH will not transfer your personal information to third parties without your consent.
We will always give you the opportunity to “opt out” of receiving direct marketing or market research information. This means we assume you have given us your consent to collect and use your information in accordance with this Policy unless you take affirmative action to indicate that you do not consent, for instance by clicking or checking the appropriate option or box at the point of collection. In some cases, when applicable, we will provide you with the opportunity to “opt in.” This means we will require your affirmative action to indicate your consent before we use your information for purposes other than the purpose for which it was submitted.
If you prefer not to receive cookies while browsing the Site, you can set your browser to warn you before accepting cookies and refuse the cookie when your browser alerts you to its presence. You can also refuse all cookies by turning them off in your browser, although you may not be able to take full advantage of the Site if you do so. You do not need to have cookies turned on to use/navigate through many parts of the Site, except access to certain of LBH’s web pages require a login and password.
4. Information Sharing and Disclosure. Inside LBH, data is stored in controlled servers with limited access. Your Protected Health Information may be stored and processed in the United States or any other country where LBH, its subsidiaries, affiliates or agents are located. Your personal information is never shared outside LBH without your permission, except under conditions explained below.
- a) For Treatment: We may use and disclose Protected Health Information for your treatment and to provide you with treatment-related health care benefits and services. For example, we may disclose Protected Health Information to doctors, nurses, technicians, pharmacists, or other personnel, including people outside our office, who are involved in your medical care and need the information to provide you with medical care.
- b) For Payment: We may use and disclose Protected Health Information so that we or others may bill and receive payment from you, an insurance company or a third party for the treatment, products and/or services you received. For example, we may give your health plan information about you so that they will pay for your treatment. We may also use and disclose Protected Health Information for confirming coverage or benefits, collection activities and utilization review.
- c) For Health Care Operations: We may use and disclose Protected Health Information for health care operations purposes. These uses and disclosures are necessary to make sure that all of our patients receive quality care and to operate and manage our office. We may use your Protected Health Information for quality assessment, auditing and customer service. We also may share information with other entities that have a relationship with you (for example, your health plan) for their health care operation activities.
- d) Appointment Reminders, Treatment Alternatives, and Health Related Benefits and Services: We may use and disclose Protected Health Information to contact you to remind you that you have an appointment with us, are due for prescription refill, or have a prescription ready. We also may use and disclose Protected Health Information to tell you about treatment alternatives or health-related benefits and services that may be of interest to you.
- e) Individuals Involved in Your Care or Payment for Your Care: When appropriate, we may share Protected Health Information with a person who is involved in your medical care or payment for your care, such as your family or a close friend. Additionally, we may disclose PHI to your personal representative designated by you or any other person who has the authority by law to make health care decisions for you. We also may notify your family about your location or general condition or disclose such information to an entity assisting in a disaster relief effort.
- f) Research: Under certain circumstances, we may use and disclose Protected Health Information for research. For example, a research project may involve comparing the health of patients who received one treatment to those who received another, for the same condition. Before we use or disclose Protected Health Information for research, the project will go through a special approval process through an institutional review board or privacy board that has reviewed the research proposal and established protocols to ensure the privacy of your information. Even without special approval, we may permit researchers to look at records to help them identify patients who may be included in their research project or for other similar purposes, as long as they do not remove or take a copy of any Protected Health Information.
5. Special Situations
- a) As Required by Law: We will disclose Protected Health Information when required to do so by international, federal, state or local law.
- b) To Avert a Serious Threat to Health or Safety: We may use and disclose Protected Health Information when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Disclosures, however, will be made only to someone who may be able to help prevent the threat.
- c) Business Associates: We may disclose Protected Health Information to our business associates that perform functions on our behalf or provide us with services if the information is necessary for such functions or services. For example, we may use another company to perform billing services on our behalf. All of our business associates are obligated to protect the privacy of your information and are not allowed to use or disclose any information other than as specified in our contract.
- d) Public Health Risks: We may disclose Protected Health Information for public health activities. These activities generally include disclosures to prevent or control disease, injury or disability; report births and deaths; report child abuse or neglect; report reactions to medications or problems with products; notify people of recalls of products they may be using; notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition; and notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
- e) Health Oversight Activities: We may use or disclose your Protected Health Information to provide legally required notices of unauthorized access to or disclosure of your Protected Health Information.
- f) Data Breach Notification Purposes: We may use or disclose your Protected Health Information to provide legally required notices of unauthorized access to or disclosure of your Protected Health Information.
- g) Lawsuits and Disputes: If you are involved in a lawsuit or a dispute, we may disclose Protected Health Information in response to a court or administrative order. We also may disclose Protected Health Information in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute.
- h) Law Enforcement: We may release Protected Health Information if asked by a law enforcement official if the information is: (1) in response to a court order, subpoena, warrant, summons or similar process; (2) limited information to identify or locate a suspect, fugitive, material witness, or missing person; (3) about the victim of a crime even if, under certain very limited circumstances, we are unable to obtain the person’s agreement; (4) about a death we believe may be the result of criminal conduct; (5) about criminal conduct on our premises; and (6) in an emergency to report a crime, the location of the crime or victims, or the identity, description or location of the person who committed the crime.
- i) Coroners and Medical Examiners: We may release Protected Health Information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death.
- j) Transfer of Records: We may release Protected Health Information to transfer your records as part of a sale of the pharmacy business when permitted by law.
6. Uses and Disclosures that Require Us to Give You An Opportunity to Object and Opt:
- a) Individuals Involved in Your Care or Payment for Your Care: Unless you object, we may disclose to a member of your family, a relative, a close friend or any other person you identify, your Protected Health Information that directly relates to that person’s involvement in your health care. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment.
- b) Disaster Relief: We may disclose your Protected Health Information to disaster relief organizations that seek your Protected Health Information to coordinate your care, or notify family and friends of your location or condition in a disaster. We will provide you with an opportunity to agree or object to such a disclosure whenever we practically can do so.
- c) YOUR WRITTEN AUTHORIZATION IS REQUIRED FOR OTHER USES AND DISCLOSURES: The following uses and disclosures of your Protected Health Information will be made only with your written authorization:
- i. Uses and disclosures of Protected Health Information for marketing purposes; and
- ii. Disclosures that constitute a sale of your Protected Health Information.
- d) Other uses and disclosures of Protected Health Information not covered by this Notice or the laws that apply to us will be made only with your written authorization. If you do give us an authorization, you may revoke it at any time by submitting a written revocation to our Privacy Office at 3435 E Thousand Oaks Blvd. #3185, Thousand Oaks, CA 91359, and we will no longer disclose Protected Health Information under the authorization. But disclosure that we made in reliance on your authorization before you revoked it will not be affected by the revocation.
7. Your Rights. You have the following rights regarding Protected Health Information we have about you:
- a) Right to Inspect and Copy: You have a right to inspect and copy Protected Health Information that may be used to make decisions about your care or payment for your care. This includes medical and billing records. To inspect and copy this Protected Health Information, you must make your request, in writing, to Privacy Office at 3435 E Thousand Oaks Blvd. #3185, Thousand Oaks, CA 91359. We have up to 30 days to make your Protected Health Information available to you and we may charge you a reasonable fee for the costs of copying, mailing or other supplies associated with your request. We may not charge you a fee if you need the information for a claim for benefits under the Social Security Act or any other state of federal needs-based benefit program. We may deny your request in certain limited circumstances. If we do deny your request, you have the right to have the denial reviewed by a licensed healthcare professional who was not directly involved in the denial of your request, and we will comply with the outcome of the review.
- b) Right to an Electronic Copy of Electronic Medical Records: If your Protected Health Information is maintained in an electronic format (known as an electronic medical record or an electronic health record), you have the right to request that an electronic copy of your record be given to you or transmitted to another individual or entity. We will make every effort to provide access to your Protected Health Information in the form or format you request, if it is readily producible in such form or format. If the Protected Health Information is not readily producible in the form or format you request, your record will be provided in either our standard electronic format; or, if you do not want this form or format, a readable hard copy form. We may charge you a reasonable, cost-based fee for the labor associated with transmitting the electronic medical record.
- c) Right to Get Notice of a Breach: You will be notified upon a breach of any of your unsecured Protected Health Information.
- d) Right to Amend: If you feel that Protected Health Information we have is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for our office.
- e) Right to an Accounting of Disclosures: You have the right to request a list of certain disclosures we made of Protected Health Information for purposes other than treatment, payment and health care operations or for which you provided written authorization.
- f) Right to Request Restrictions: You have the right to request a restriction or limitation on the Protected Health Information we use or disclose for treatment, payment, or health care operations. You also have the right to request a limit on the Protected Health Information we disclose to someone involved in your care or the payment for your care, like a family member or friend. For example, you could ask that we not share information about a particular diagnosis or treatment with your spouse. We are not required to agree to your request unless you are asking us to restrict the use and disclosure of your Protected Health Information to a health plan for payment or health care operation purposes and such information you wish to restrict pertains solely to a health care item or service for which you have paid us “out-of-pocket” in full. If we agree, we will comply with your request unless the information is needed to provide you with emergency treatment.
- g) Out-of-Pocket-Payments: If you paid out-of-pocket in full for a specific item or service, you have the right to ask that your Protected Health Information with respect to that item or service not be disclosed to a health plan for purposes of payment or health care operations, and we will honor that request.
- h) Right to Request Confidential Communications: You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you by mail or at work. Your request must specify how or where you wish to be contacted. We will accommodate reasonable requests
- i) Right to a Paper Copy of This Notice: You have the right to a paper copy of this notice. You may request us to give you a copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.
8. Data Security. Your LBH account information is password-protected for your privacy and security. LBH safeguards the security of the data you send us with physical, electronic, and managerial procedures. In certain areas of the Site, LBH uses industry-standard SSL-encryption to enhance the security of data transmissions. While we strive to protect your personal information, we cannot ensure the security of the information you transmit to us, and so we urge you to take every precaution to protect your personal data when you are on the Internet. Change your passwords often, use a combination of letters and numbers, and make sure you use a secure browser.
9. Children and Privacy. The Site does not target and is not intended to attract children under the age of 13. LBH does not knowingly solicit personal information from children under the age of 13 or send them requests for personal information.
10. Third Party Sites. The Site contains links to other websites. LBH does not share your personal information with those websites and is not responsible for their privacy practices. We encourage you to learn about the privacy policies of those companies.