Behavioral Health Innovation, Inc. (“BHI”) knows that you care about how your personal information is used and shared and takes your privacy seriously.
Adaptive Telehealth is a HIPAA-compliant (HIPAA-secure) platform that connects clients and patients with affiliated mental health professionals (“Providers”) to obtain medical care, online counseling and therapy services. “Providers” includes employees, agents, or independent contractors of Treatment Providers. “Behavioral Health Innovation” or the terms “we” or “us” or similar terms refer to Behavioral Health Innovation, Inc. “You” or “your” or similar terms refer to you as a user of our Services (defined below).
1. Our Promise to You.
We know you are entrusting us with some of your most personal and valuable information, including your personal health information. Your trust is built, in part, on our commitment to respect the privacy and confidentiality of your health information. We are committed to safeguarding and protecting your personal information, including health information.
The platform includes, without limitation, the following services (collectively, the “Services”):
(a) the facilitation of electronic or telephonic communications with Treatment Providers,
(b) the provision of appointment scheduling and reminders, claims submission and processing, and other services related to online counseling and therapy for both our registered users and Treatment Providers, and
(c) the provision of other information about Behavioral Health Innovation and our products and services through the Site.
2. Collection and Use of Information. In General.
When using our Services, we will ask you for certain personally identifiable information. This refers to information about you that can be used to contact or identify you, and information on your use or potential use of the Services and related services (collectively, “Personal Information”). Personal Information that we might collect would include things like your name, phone number, gender, occupation, hometown, personal interests, credit card or other billing information, your email address and the email address of your contacts, home and business postal addresses, website URLs, insurance data (such as your insurance carrier and insurance plan), certain health information (such as health care providers you have seen, your reason for scheduling an appointment with a Treatment Provider, and your medical history), and any other information or data that you provide when using the Services. We also collect the information you provide voluntarily in free-form text boxes on the Site and through responses to surveys, questionnaires and the like. If you communicate with us by, for example, email, facsimile or letter, any information provided in such communication may be collected as Personal Information.
The main reason we collect Personal Information from you is to provide you a safe, smooth, efficient, and customized user experience. The collection of Personal Information also enables our users to establish a user account and profile that can be used to interact with Treatment Providers and other users through the Site. We only collect Personal Information we consider important to achieve that goal. You always have the option not to provide some, or any, Personal Information by either choosing not to become a registered user of the Services or else by skipping the particular feature of the Services for which the Personal Information is being collected. You can use some of the Services anonymously, but once you become a registered user of the Services, we will ask you to provide Personal Information, such as:
- Contact and identity information (e.g., mailing address and phone number)
- Insurance and other billing information (e.g., credit card number)
- Health information (e.g., date of birth, past health history, allergies)
- Other personal information as indicated (our forms indicate what information is required, and what information is optional)
3. How We Use Your Non-Medical Personal Information.
Some of the Personal Information we collect from you is unrelated to your receipt of counseling and therapy services through the Services. Examples of how we may use your Personal Information include, but are not limited to, the following:
- Enable you to easily navigate the Services
- Resolve service and billing problems via telephone or email
- Troubleshoot technical problems
- Bill any amounts due from you
- Better understand users’ needs and interests
- Personalize your experience
- Detect and protect us against error, fraud, and other criminal activity
- Enforce our Terms
- Provide you with a system or administrative messages, and as otherwise described to you at the time of collection
- Provide you with further information and offers from us that we believe you may find useful or interesting
If you decide at any time that you no longer wish to receive certain communications from us, please follow the unsubscribe instructions provided in any of the communications or select the appropriate option in your user profile. (See “Changing or Deleting Your Information,” below.) You cannot elect to unsubscribe some administrative communications, such as notification of new messages from your Treatment Providers. To stop receiving these communications, you will need to deactivate your account.
4. How We Use Your Protected Health Information (PHI).
5. Log Data.
When you visit the Services, our servers automatically record information that your browser sends whenever you visit a website (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, or the webpage you were visiting before you came to our Services, pages of our website and Services that you visit, the time spent on those pages, the information you search for on our Services, access times and dates, and other statistics. We use this information to monitor and analyze the use of the Services and for the Services’ technical administration, to increase our Services’ functionality and user-friendliness, and to better tailor it to our visitor’s needs. For example, some of this information is collected so that when you visit the Services again, it will recognize you and provide information appropriate to your interests. We also use this information to verify that visitors to the Services meet the criteria required to process their requests.
Generally, our service automatically collects usage information, such as the numbers and frequency of visitors to our site and its components, similar to TV ratings that indicate how many people watched a particular show. BHI only uses these data in aggregate form, that is, as a statistical measure, and not in a manner that would identify you personally. These types of aggregate data enable us to figure out how often users use parts of the Site or the Services so that we can improve the Services.
You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all portions or all functionality of the Services.
7. Web Beacons.
We may also occasionally use “web beacons” (also known as “clear gifs,” “web bugs,” “1-pixel gifs,” etc.) that allow us to collect non-personal information about your response to our email communications, and for other purposes. Web beacons are tiny images, placed on a Web page or e-mail, that can tell us if you have visited a particular area of the Services. For example, if you have given us permission to send you emails, we may send you an email urging you to use a certain feature of the Services. If you do respond to that email and use that feature, the web beacon will tell us that our email communication with you has been successful. We do not collect any PHI with a web beacon and do not link web beacons with any PHI you have given us.
Because Web beacons are used in conjunction with persistent cookies (described above), if you set your browser to decline or deactivate cookies, Web beacons cannot function.
If you have provided an email address to Adaptive Telehealth or to someone for the purposes of using Adaptive Telehealth, you are agreeing to allow Adaptive Telehealth to send an email to that provided email address to confirm that your email address is a valid email address. If a message is sent from/from anyone within Adaptive Telehealth, for example, a provider to a Patient, the message will remain on the Adaptive Telehealth server and send an email notifying the receiver that a message is waiting (post-login) on the server. You are agreeing that Adaptive Telehealth can send you these message alerts that require the receiver to log in to Adaptive Telehealth’s secure site to read the message content. You are also agreeing that Adaptive Telehealth support staff may send you a direct email from Adaptive Telehealth in regard to software-support related issues.
9. Messages and Transactions.
Comments or questions sent to us using email or secure messaging forms will be shared with our staff who are most able to address your concerns. We will archive your messages once we have made our best effort to provide you with a complete and satisfactory response. However, these communications will not become part of your medical record (or another appropriate treatment record).
Only permitted users can access these messages and transactions post login. When you use a service on the secure section of the Services to interact directly with Providers, some information you provide may be documented in your medical record or another appropriate treatment record, and available for use to guide your treatment as a patient.
10. Information Sharing and Disclosure.
We will not rent, sell, or share Personal Information about you with other people or nonaffiliated companies except to provide the Services when we otherwise have your permission, or under the following circumstances:
- Providers. When you use the Site to access mental health services, you will be sharing your Personal Information with a Provider via the Services. By using the Services, you expressly consent to share your Personal Health Information with your Provider, and you understand that all information shared with your Provider is subject to your Provider’s professional and legal duties of confidentiality and responsibility, which Behavioral Health Innovation does not control. To increase coordination of care and reduce overhead for you, you authorize the sharing of this information with other Providers who you elect to contact or request us to contact.
- Group Sessions. If you enter a group session, any information you provide during the session, which could include posts, video, and audio, will be shared with the other group participants.
- User Profiles. User profile information, including your name, location, and other information you enter in your profile, may be displayed to your Providers to facilitate user interaction with the Site.
- Communications in Response to User Submissions. As part of the Site and the Services, you may receive from Behavioral Health Innovation and other users email and other communications relating to your requests, medical care, mental health services, and other transactions. When you transmit information relating to your medical or mental health services needs, Behavioral Health Innovation and the Providers you select may send you emails and other communications that they determine in their sole discretion relate to your services needs.
- Aggregate Information and Non-Identifying Information. We may share aggregated information that does not include Personal Information and we may otherwise disclose non-identifying Information and Log Data with third parties for industry analysis, demographic profiling, and other purposes. Any aggregated information shared in these contexts will not contain your Personal Information.
- Service Providers. We may employ third-party companies and individuals to process your payments, facilitate our Services, provide the Services on our behalf, to perform Service-related services (including, without limitation, maintenance services, database management, web analytics and improvement of the Services’ features), or to assist us in analyzing how our Services are used. These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
- Compliance with Laws and Law Enforcement. We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to the government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of Behavioral Health Innovation or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, any illegal, unethical or legally actionable activity. This includes, without limitation, exchanging information with Providers and law enforcement in response to a Providers’s professional and legal responsibilities.
- Business Transfers. We may sell, transfer or otherwise share some or all of our assets, including your Personal Information, in connection with a merger, acquisition, reorganization or sale of assets, or in the event of bankruptcy.
11. Changing or Deleting Your Information.
You may review, update, correct or delete some portions of your Personal Information in your registration profile by making the appropriate modifications in your user account settings or by contacting us at [email protected] Some Personal Information, such as your answers to online assessments, may not be updateable or deleted once submitted. If you delete certain information required to receive Services, such as a credit card on file, then you may no longer be able to receive Services and your account may be deactivated. If you would like us to remove your records from our system, please contact us and we will attempt to accommodate your request if we do not have any legal obligation to retain the records.
Please note that we may need to retain certain information for record-keeping purposes, and there may also be residual information that will remain within our databases and other records, which, irrespective of any efforts by us to delete information, will not be removed from them. We also reserve the right, from time to time, to re-contact former users of the Site. Finally, we are not responsible for removing information from the databases of third parties with whom we have already shared Personal Information about you.
We employ administrative, physical, and technical measures designed to safeguard and protect information under our control from unauthorized access, use, and disclosure. Except for appointment reminders, treatment referrals, and prescription information, these measures include encrypting your communications by utilizing Secure Sockets Layer (“SSL”) software, and using a secured messaging service when we send your Personal Information electronically. In addition, when we collect, maintain, access, use, or disclose your Personal Information, we will do so using systems and processes consistent with information privacy and security requirements under applicable federal and state laws, including, without limitation, HIPAA. All electronic PHI will be encrypted when we store it or transmit it, and we will use secure servers that we will back up regularly, encrypting backed up data in transit and at rest.
We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your Personal Information, including, without limitation, breaches of your unencrypted electronically stored “personal information” (including but not limited to PHI or “medical information” (as defined in applicable state statutes on security breach notification)). To the extent permitted by applicable laws, we will make such disclosures to you via email or conspicuous posting on the Services in the most expedient time possible and without unreasonable delay, insofar as consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
Despite these measures, the confidentiality of any communication or material transmitted to or from us via the Services by Internet or email, or any electronic storage system, cannot be guaranteed. As a result, although we strive to protect your Personal Information, we cannot ensure or warrant the security of any information you transmit to us through or in connection with the Site or that is stored by us. You acknowledge and agree that any information you transmit through the Site or upload for storage in connection with the Site is so transmitted or stored at your own risk. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any Account you might have with us has been compromised), you must immediately notify us of the problem by contacting us in accordance with the “Contacting Us” section below (note that if you choose to notify us via physical mail, this will delay the time it takes for us to respond to the problem). In addition, if you have privacy or data security related questions, please feel free to contact the office identified at the end of this document.
13. Our Employees.
Every one of our employees, whose job might allow them to come into contact with your Personal Information has completed HIPAA training and job-specific training on how to protect and respect your Personal Information, including your PHI. We have clear policies in place in the event of a privacy or security concern regarding your Personal Information, so we can react quickly and resolve the issue appropriately. We will limit access to your Personal Information to personnel who have a need to know it for purposes of delivering our Services. All of our personnel must comply with our restrictions on access, use, and disclosure of PHI or face disciplinary action, up to and including termination.
14. International Transfer.
Your information may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide information to us, we may transfer your Personal Information to the United States and process it there. Your submission of such information represents your agreement to that transfer.
15. Links to Other Sites.
The Services are not directed to children. We do not knowingly allow or solicit anyone under the age of 13 to participate independently in any of the Services. We do not knowingly collect personally identifiable information from children, except in the context of a Treatment Provider’s mental health consultation through the Services when a parent is present and has consented to treatment. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, please contact us at [email protected]. Access to the Services for dependents (children over the age of 3 or a spouse or domestic partner) is only permitted through the primary account holder’s username and password. Minors are not allowed to use the Services without parental consent and assistance. If we become aware that a user of the Services is under the age of 13 and has provided us with Personal Information without verifiable parental consent, we may delete such information from our files and may deactivate the related account.
17. Agreement and Changes.
18. Contacting Us.
Last Revised: March 10, 2017