Privacy Policy

Wellspace website is owned by Wellspace LLC, which is a data controller of your personal data.

Introduction
At Wellspace LLC (hereinafter “we,” “us,” or “our”), we respect your privacy and are committed to protecting your personal and health information. This Privacy Policy describes how we collect, use, maintain, protect, and disclose information collected from clients, prospective clients, and website users (collectively “you” or “your”) in the course of providing therapeutic services in Idaho. It also describes your rights with respect to your information, how you may access, amend or request deletion of your information, and how to contact us with questions or concerns. In carrying out our responsibilities, we comply with the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) (including the HIPAA Privacy Rule, 45 C.F.R. Parts 160 and 164) and related regulations, as well as applicable Idaho statutes and administrative rules regarding confidentiality of health information.Personal information we collect:

When you visit Wellspace, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the installed cookies on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products you view, what websites or search terms referred you to the Site, and how you interact with the Site. We refer to this automatically-collected information as “Device Information.” Moreover, we might collect the personal data you provide to us (including but not limited to Name, Surname, Address, payment information, etc.) during registration to be able to fulfill the agreement.

Cookies / Website and Portal Use
When you visit our website or use our client portal, we may use cookies, log files and analytics services to understand usage, enhance user experience, and operate the site. We do not use cookies to collect extra sensitive health data without your consent. We may share aggregated, de-identified data for analytics or improvement purposes.

Information collected via our website or electronic systems. If you use our website, online portal or complete any electronic forms, we may collect:

• Your IP address, browser type, device type, and usage data (for website analytics)

• Information you submit via contact or intake forms

• If you communicate via email or secure portal, the content of those communications.

Why do we process your data?

Our top priority is customer data security, and, as such, we may process only minimal user data, only as much as it is absolutely necessary to maintain the website. Information collected automatically is used only to identify potential cases of abuse and establish statistical information regarding website usage. This statistical information is not otherwise aggregated in such a way that it would identify any particular user of the system.

You can visit the website without telling us who you are or revealing any information, by which someone could identify you as a specific, identifiable individual. If, however, you wish to use some of the website’s features, or you wish to receive our newsletter or provide other details by filling a form, you may provide personal data to us, such as your email, first name, last name, city of residence, organization, telephone number. You can choose not to provide us with your personal data, but then you may not be able to take advantage of some of the website’s features. For example, you won’t be able to receive our Newsletter or contact us directly from the website. Users who are uncertain about what information is mandatory are welcome to contact us via contact@wellspaceidaho.com.

Use of Your Information
We use your information for the following purposes:

• To provide therapeutic services, treatment planning, scheduling, administrative support and follow-up

• To bill and collect payment for services rendered

• To maintain our records of services provided and to comply with legal/regulatory requirements

• To communicate with you (appointment reminders, treatment updates, notifications)

• To comply with applicable legal obligations (reporting child abuse/neglect, threats to safety, involvement in legal proceedings, etc.)

• For internal quality assurance, training, safety, and business operation purposes, provided that any PHI used for such purposes is handled in accordance with HIPAA and other applicable confidentiality laws

• To analyse website usage and improve our website or service delivery (in respect of your consent where required).

Disclosure of Your Information – Who We Share With
We share your information only as described below and as permitted or required by law:

a) Within our practice. Your records may be accessed by our clinicians, administrative staff and other authorized personnel on a “need-to-know” basis for the purposes of your treatment, billing, scheduling or quality assurance.

b) With third-party service providers / business associates. We may share your PHI and/or PII with external service providers who support our operations (for example: electronic health record/therapy software vendors, billing services, secure portal providers, record storage vendors). These third parties are required to safeguard the information and may only use or disclose it as permitted by our agreement and applicable law. Under HIPAA we enter into Business Associate Agreements (BAAs) with such vendors.

c) With other health care providers. With your authorization (i.e., written consent), we may disclose your PHI to your other health care providers, referral sources, or specialists as necessary for coordination of care.

d) When required or permitted by law without your authorization. For example, in accordance with HIPAA’s permitted disclosures provisions, 45 C.F.R. § 164.512 and related rules, we may disclose PHI:

• to avert a serious and imminent threat to health or safety;

• for public health activities (e.g., reporting communicable diseases);

• for law enforcement purposes under certain conditions;

• for judicial and administrative proceedings by subpoena or court order;

• for abuse or neglect of a child or vulnerable adult (e.g., pursuant to Idaho law). HH Health Law Blog+2healthinfolaw.org+2
  In Idaho, the confidentiality of health‐care records is addressed in e.g., Idaho Code Ann. § 54-2314 (privileged communication – psychologists) and Idaho Admin. Code r. 16.05.01.050 et seq. (Consent to gather, use and disclose information). healthinfolaw.org+1

e) With your authorization. Except as described above, we will not disclose your PHI/PII without your written authorization. If you execute an authorization (which may be revoked by you at any time in writing, subject to legal limitations), we may share information consistent with that authorization.

Data Retention — How Long We Keep Your Information

• We retain treatment records and operational records in accordance with applicable professional licensing, health‐care record retention requirements, and our internal policies.

• Under Idaho rules for hospitals, for example, medical records must be maintained (in a hospital context) but therapy practices should refer to their governing board’s requirements. For client therapy records, many practices retain records for a minimum of seven years after the date of the last treatment or after a minor client reaches majority; you should verify your state licensing board’s requirement.

• When we no longer need to retain identifiable records for treatment, legal, administrative, or regulatory purposes, we will securely destroy or de-identify them in accordance with our policies and applicable law.

• In all cases, we will keep information for as long as is necessary for legitimate business, legal, regulatory, ethical and clinical purposes.

You have the following rights related to your personal data:

• The right to be informed.

• The right of access.

• The right to rectification.

• The right to erasure.

• The right to restrict processing.

• The right to data portability.

• The right to object.

• Rights in relation to automated decision-making and profiling.

If you would like to exercise this right, please contact us through the contact information below.

Links to other websites:

Our website may contain links to other websites that are not owned or controlled by us. Please be aware that we are not responsible for such other websites or third parties' privacy practices. We encourage you to be aware when you leave our website and read the privacy statements of each website that may collect personal information.

Information security:

We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We keep reasonable administrative, technical, and physical safeguards to protect against unauthorized access, use, modification, and personal data disclosure in its control and custody. However, no data transmission over the Internet or wireless network can be guaranteed.

Legal disclosure:

We will disclose any information we collect, use or receive if required or permitted by law, such as to comply with a subpoena or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Contact information:

If you would like to contact us to understand more about this Policy or wish to contact us concerning any matter relating to individual rights and your Personal Information, you may send an email to contact@wellspaceidaho.com.