Written Statement of Information Practices
COLLECTION OF PERSONAL HEALTH INFORMATION:
We collect your personal health information directly from you, or from the person acting on your behalf. Examples of the type of personal health information that we collect may include; your name, date of birth, address, health history, records of your appointments with ‘PhirePhly Massage and Bodywork’ and details of the treatment that you received during your appointment. We may sometimes collect personal health information about you from other sources, if we have obtained your consent to do so, or if the law permits.
USES AND DISCLOSURE OF PERSONAL HEALTH INFORMATION:
We may use and disclose your personal health information for the following purposes:
- Treat and care for you;
- Receive or directly invoice for your treatment and care (e.g., private insurance);
- Plan, administer and manage our internal operations;
- Comply with legal and regulatory requirements;
- Fulfill other purposes permitted or required by law;
You may access and correct your personal health records or withdraw your consent for some of the above uses and disclosures (subject to legal exceptions) by contacting our contact person.
- We take steps to protect your personal health and financial information from theft, loss, unauthorized access, copying, modification, use, disclosure, and disposal.
- We conduct audits to monitor and manage our privacy compliance
- We take steps to ensure that everyone who performs services for us protects your privacy and only uses your personal health information for the purposes you consented.
Statement of Privacy
Privacy of personal information is an important principle to PhirePhly Massage and Bodywork. We are committed to collecting, using and disclosing personal information responsibly and only to the extent necessary for the goods and services we provide. We comply with HIPAA regulations. This document describes our privacy policies.
WHAT IS PERSONAL INFORMATION?
Personal information is information about identifiable individuals. Personal information includes information that relates to:
- an individual’s personal characteristics (e.g., gender, age, home address or telephone number, family status);
- health (e.g., health history, health conditions, health services received by them);
- activities and views (e.g., opinions expressed by an individual, an opinion or evaluation of an individual).
Personal information is different from business information (e.g., an individual’s business address and telephone number). This is not protected by privacy legislation.
WHO WE ARE?
PhirePhly Massage and Bodywork is a mobile massage therapy company serving the Northern Virginia / Washington DC Metropolitan area, offering various massage therapy services to the general public.
WE COLLECT PERSONAL INFORMATION:
Like all medical professions, we collect, use and disclose personal information in order to serve our clients. For our clients, the primary purpose for collecting personal information is to provide treatment. For example, we collect information about a client’s health history, including their family history, physical condition, function and social situation in order to help us assess what their health needs are, to advise them of their options and then to provide the health care they choose to have. A second primary purpose is to obtain a baseline of health and social information so that in providing ongoing health services we can identify changes that occur over time.
WE COLLECT PERSONAL INFORMATION:
RELATED AND SECONDARY PURPOSES
Like most organizations, we also collect, use and disclose information for purposes related to or secondary to our primary purposes. The most common examples of our related and secondary purposes are as follows:
- To invoice clients for those goods and services that were not paid for at the time, to process credit card payments, or to collect unpaid accounts.
- To advise clients and others of special events or opportunities (e.g., a seminar, development of a new service, arrival of a new product) that we have available.
- Our business reviews client and other files for the purpose of ensuring that we provide high quality services, including assessing the performance of our staff. In addition, external consultants (e.g., lawyers, auditors, practice consultants) may on our behalf do audits and continuing quality improvement reviews of our business, including reviewing client files and interviewing our staff.
- Licensed Massage Therapists in Virginia are regulated by the Virginia Board of Nursing, who may inspect our records and interview staff as a part of their regulatory activities in the public interest. In addition, as professionals, we will report serious misconduct, incompetence or incapacity of other practitioners, whether they belong to other organizations or our own. Also, our organization believes that it should report information suggesting illegal behavior to the authorities. External regulators have their own strict privacy obligations. Sometimes these reports include personal information about our clients, or other individuals, to support our concern (e.g., improper services). In these circumstances, we may consult with professionals (e.g., accountants, lawyers) who will investigate the matter and report back to us.
- The cost of some goods/services provided by the organization to clients may be paid for by third parties (e.g., motor vehicle accident insurance, private insurance). These third-party payers often have your consent or legislative authority to direct us to collect and disclose to them certain information in order to demonstrate client entitlement to this funding.
- Clients or other individuals we deal with may have questions about our goods and services after they have been received. We also provide ongoing services for many of our clients over a period of months or years for which our previous records are helpful. We retain and archive our client information for a minimum of ten years after the last contact to enable us to respond to those questions and provide these services.
- While your information is archived, we will not access or process it in any way accept if needed for legal protection or if I’m required to do so by law.
You can choose not to be part of some of these related or secondary purposes (e.g., by declining to receive notice of special events or opportunities, by paying for your services in advance). We do not, however, have much choice about some of these related or secondary purposes (e.g., external regulation).
WHAT INFORMATION DO WE COLLECT?
- We do not collect any Personally Identifiable Information when browsing our site. We may, however, collect information such as time of day, browser type and IP address. This information is used to make improvements on our site.
- When you book an appointment online, we collect personal information necessary to provide you with the service you have requested.
- When you buy a gift certificate, we collect personal details such as your name, email, recipient’s name and possibly a postal address. This information is used to identify you and provide the service you have requested.
We may employ third-party companies and individuals due to the following reasons:
- To facilitate our Service;
- To provide the Service on our behalf;
- To perform Service-related services; or
- To assist us in analyzing how our Service is used.
We want to inform our Service users that these third parties may have access to your Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.
We value your trust by providing us with your Personal Information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the Internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.
Links to Other Sites
Our site does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. In the case we discover that a child under 13 has provided us with personal information, we immediately delete this information. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to take necessary actions.
PROTECTING PERSONAL INFORMATION
We understand the importance of protecting personal information. For that reason, we have taken the following steps:
- Paper information is either under supervision or secured in a locked or restricted area.
- Electronic hardware is either under supervision or secure in a locked or restricted area at all times. In addition, passwords are used on computers.
- Electronic information is transmitted either through a direct line or has identifiers removed or is encrypted.
- External consultants and agencies with access to personal information must enter into privacy agreements with us.
RETENTION AND DESTRUCTION OF PERSONAL INFORMATION
- We need to retain personal information for some time to ensure that we can answer any questions the client may have about the services provided and for our own accountability to external regulatory bodies.
- We keep our client’s files for ten years according to our state regulations.
- We destroy paper files containing personal information by shredding. We destroy electronic information by deleting it from hardware and hard drive.
YOU CAN LOOK AT YOUR INFORMATION
With only a few exceptions, you have the right to see what personal information we hold about you. We can help you identify what records we might have about you. We will also try to help you understand any information you do not understand (e.g., short forms, technical language, etc.). We will need to confirm your identity, if we do not know you, before providing you with this access. We reserve the right to charge a nominal fee for such requests.
If there is a problem, we may ask you to put your request in writing. If we cannot give you access, we will tell you within 30 days if at all possible and tell you the reason, as best we can, as to why we cannot give you access.
If you believe there is a mistake in the information, you have the right to ask for it to be corrected. This applies to factual information and not to any professional opinions we may have formed. We may ask you to provide documentation that our files are wrong. Where we agree that we made a mistake, we will make the correction and notify anyone to whom we sent this information. If we do not agree that we have made a mistake, we will still agree to include in our file a brief statement from you on the point and we will forward that statement to anyone else who received the earlier information.
If this business is acquired or merged with another business, your information may be transferred to the new owners so that they may continue to provide you with the massage services you have requested.
Do you have a Question?
Our point of contact is, Morgana Alexander. She can be reached at 571-814-5186 or Morgana@PhirePhlyMassage.com
She will attempt to answer any questions or concerns you might have.
If you wish to make a formal complaint about our privacy practices, you may make it in writing to our point of contact. She will acknowledge receipt of your complaint; ensure that it is investigated promptly and that you are provided with a formal decision and reasons in writing.
If you have a concern about the professionalism or competence of our services or the mental or physical capacity of any of our professional staff, we would ask you to discuss those concerns with us. However, if we cannot satisfy your concerns, you are entitled to complain to our regulatory body:
Virginia Board of Nursing
Perimeter Center, 9960 Mayland Drive, Suite 300, Henrico, Virginia 23233-1463
1-800-533-1560, (804) 367-4691, firstname.lastname@example.org, www.dhp.virginia.gov