NOTICE OF PRIVACY PRACTICES
Last updated: February 7, 2024
This notice describes how medical information about you may be used and disclosed by Nulli Secundus Health, Inc. d/b/a Birches Health (“Birches Health”) and how you can get access to this information. Please review it carefully.

We are required by law to:

  • Ensure that PHI that identifies you is kept private and safe.

  • Let you know promptly if a breach occurs that may have compromised the privacy or security of your information.

  • Give you this Notice of our legal duties and privacy practices with respect to your protected health information (“PHI”).

  • Follow the terms of the Notice that is currently in effect.

  • Not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Please let us know in writing if you change your mind.

To download this notice, please click here to create a downloadable version.

YOUR PRIVACY INFORMATION RIGHTS

When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.

You have the right to: 

  • Get a copy of your paper or electronic medical record

    • You can ask to see or get an electronic or paper copy of your medical record and certain other health information we have about you. Ask us how to do this.

    • We will provide a copy or a summary of your health information, usually within 30 days of your request. You need to submit your request in writing by sending an email to our Privacy Officer, Elliott Rapaport, at elliott@bircheshealth.com or mailing it to Birches Health, 2 North Central Avenue, Suite 1800, Phoenix AZ, 85004

    • If we cannot provide a copy within 30 days, we will let you know in writing why we need more time. We will provide you with records or health information within 60 days of your original request.

    • We may charge a reasonable, cost-based fee as permitted by law.

  • Correct your paper or electronic medical record

    • You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this.

    • We are permitted to say “no” to your request, but we will tell you why in writing within 60 days as required by law.

  • Request confidential communication in a particular manner

    • You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address. 

    • We will accommodate reasonable requests, but do not have to agree to requests that make it more expensive to communicate with you than most other patients (for example, sending all communications via private courier or registered mail).

  • Ask us to limit the information we use or share

    • You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say “no” if it would affect your care.

  • The Right to Request Restrictions for Out-of-Pocket Expenses Paid for In-Full. 

    • If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless the law requires us to share that information.

  • Get a list of those with whom we’ve shared your information

    • You can ask for a list (accounting) of the times we’ve shared your health information for up to six years prior to the date you ask, who we shared it with, and why.

    • We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make or you agreed to permit us to make). We may charge a reasonable, cost-based fee if you ask for more than one accounting each year.

  • Get a copy of this privacy notice

    • You can email yourself a copy of this notice at any time, or request a paper copy be mailed to you at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.

  • Choose someone to act on your behalf

    • If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices on your behalf about your health information.

    • We will make sure the person you have designated in writing is recognized to have such authority and can act for you before we take any action.

  • File a complaint if you believe your privacy rights have been violated

    • You can complain if you feel we have violated your rights by contacting our Privacy Officer at elliott@bircheshealth.com or (833) 483-3838.

    • You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.

    • We will not retaliate against you in any way for filing a complaint.


 YOUR CHOICES

Regarding certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will work with you to develop reasonable instructions.

In these cases, you have both the right and choice to tell us how to:

  • Share information with your family, close friends, or others involved in your care

    • We may provide your PHI to a family member, friend, or other person that you indicate is involved in your care or the payment for your care, unless you object in whole or in part. The opportunity to consent may be obtained retroactively in emergency situations. For example, if you are unconscious or otherwise unable to state your preference, we may go ahead and share your relevant PHI if we believe it is in your best interest. We may also share your relevant PHI when needed to lessen a serious and imminent threat to your health or safety or that of others.  This could also apply with regard to sharing PHI in a disaster relief situation.

  • Offer you the opportunity to participate in research

  • Interpret test results and past health care history

  • Market our services and sell your information

OUR LEGAL RESPONSIBILITIES

  • We are required by law to maintain the privacy and security of your protected health information. 

  • We will let you know promptly if a breach occurs that has compromised the privacy or security of your information.

  • We must follow the duties and privacy practices described in this notice and provide you with a paper copy.

  • We will not use or share your information other than as described here unless you tell us we can. You may change your mind at any time, but you need to let us know we can’t use your information any more in writing. 

  • There may be some instances where we have already used or disclosed information as you permitted or directed, and we can’t get that information back. For example, if the information is being used in research, the information can’t be withdrawn from the project.

OUR USES AND DISCLOSURES

The following categories describe different ways that we can use and disclose PHI without your authorization as permitted by law. For each category of uses or disclosures we will try to explain what we mean and give some examples. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose PHI will fall within one of the categories.

  • When You Authorize Us to Do So.  

    • We will disclose your PHI when you provide us written authorization, and do so in the manner you state, unless it conflicts with our requirements under the law.  In that situation, we will comply with your instructions to the extent we can.

  • For Treatment, Payment, or Healthcare Operations: 

    • Federal privacy rules (regulations) allow healthcare providers who have a direct treatment relationship with the patient/client to use or disclose the patient/client’s PHI without the patient’s written authorization in order to carry out the healthcare provider’s own treatment, payment, or healthcare operations. We may disclose your PHI for the treatment activities of any healthcare provider providing you care. This can be done without your written authorization. For example, if your practitioner were to consult with another licensed healthcare provider about your condition, we would be permitted to use and disclose your PHI, which is otherwise confidential, in order to assist the practitioner in diagnosis and treatment of your mental health condition, or assist the provider in treating you with the knowledge of your mental health condition being taken into consideration.  Disclosures for treatment purposes are not limited to the “minimum necessary” standard regarding the release of PHI because practitioners and other healthcare providers need access to the full record and/or full and complete information in order to provide quality care. The word “treatment” includes, among other things, the coordination and management of healthcare providers with a third party, consultations between healthcare providers, and referrals of a patient for healthcare from one healthcare provider to another.

    • We can use and share your PHI to bill for and obtain payment from health plans, government health plans, or other entities.  Such “payors” may require certain documentation in order to approve payment such as diagnoses, testing results, and/or need for a particular medication.  This permitted use also covers payor audits and investigations.

    • We can also use and share your PHI for practice operations purposes which includes uses necessary for running the practice, audits and internal investigations, improving your care, scheduling your appointments, providing you telehealth services if you choose to engage in them, providing necessary or potentially beneficial information like a new treatment option, sending appointment reminders, and contacting you when necessary, among other such things.   The operations disclosure exception also covers lawsuits and disputes.  If you are involved in a lawsuit, Birches Health and your practitioner may disclose PHI in response to a court or administrative order. We may also disclose PHI about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the confidentiality of the information requested.

  • When Disclosure is Required by State or Federal Law.  

    • The use or disclosure must comply with and be limited to the relevant requirements of such law.

  • For Public Health Activities

    • This includes reporting suspected child, elder or dependent adult abuse, or preventing or reducing a serious threat to anyone’s health or safety.

    • Preventing disease

    • Helping with product recalls

    • Reporting adverse reactions to medications

    • Reporting suspected abuse, neglect, or domestic violence

    • Preventing or reducing a serious threat to anyone’s health or safety

  • For Judicial and Administrative Proceedings

    • This includes responding to a court or administrative order, although we will inform you of the request before doing so.

  • For Law Enforcement Purposes. 

    • This includes reporting crimes or other imminent dangerous conditions that may occur or arise on a practitioner’s premises.

  • To Coroners or Medical Examiners.  

    • Information will be disclosed pursuant to a valid request when such individuals are performing duties authorized by law.

  • For Research Purposes. 

    •  This includes studying and comparing the mental health of patients who received one form of therapy versus those who received another form of therapy for the same condition, including medication therapies.

  • Specialized Government Functions.  

    • This includes ensuring the proper execution of military missions, protecting the President of the United States, conducting intelligence or counter-intelligence operations, or helping to ensure the safety of those working within or housed in correctional institutions, and coordinates with the exception for law enforcement purposes.

  • For Workers' Compensation Purposes. 

    • Although our preference is to obtain an authorization from you, we may provide your PHI in order to comply with workers' compensation laws.

We never share your information in the following instances unless you give us written permission to do so:

  • Marketing purposes

    • Birches Health and its practitioners will not use or disclose your PHI for marketing purposes.

  • Sale of your information

    • Birches Health and its practitioners will not ever sell your PHI. 

  • Sharing of psychotherapy notes and mental health records (subject to some legal exceptions)

    • Birches Health and its practitioners may keep “psychotherapy notes” as that term is defined in 45 CFR § 164.501, and any use or disclosure of such notes requires your authorization, with the exception of disclosure in the following circumstances:

    • For use in training or supervising mental health practitioners to help them improve their skills in group, joint, family, or individual counseling or therapy.

    • For use by the Secretary of Health and Human Services to investigate our compliance with HIPAA.

    • As required by law and the use or disclosure is limited to the requirements of such law.

    • As required by law for certain health oversight activities pertaining to the originator of the psychotherapy notes.

For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.

21St Century Cures Act Compliance

Birches Health does not use an electronic health record (“EHR")  system that utilizes information blocking technology, and does not otherwise engage in information blocking among and between providers or other healthcare organizations or entities.

Birches Health is permitted to change the terms of this Notice, and such changes will apply to all information we have about you. The new Notice will be available upon request from the practice or your counselor/therapist, in the practice office, and on the practice website.

Privacy Officer Elliott Rapaport:  elliott@bircheshealth.com (833) 483-3838


INFORMATION PRIVACY POLICY
Last updated: February 7, 2024
INTERPRETATION AND DEFINITIONS

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
Definitions

For the purposes of this Information Privacy Policy:

  • Account means a unique account created for You to access our Service or parts of our Service.
    Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Birches Health.

  • Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.

  • Country refers to: United States

  • Device means any device that can access the Service such as a computer, a cellphone or a digital tablet. 

  • Personal Data is any information that relates to an identified or identifiable individual.
    Service refers to the Website.

  • Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by Birches Health to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist Birches Health in analyzing how the Service is used.

  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

  • We refer to Nulli Secundus Health, Inc. d/b/a Birches Health.

  • Website refers to Birches Health, accessible from bircheshealth.com

  • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

COLLECTING AND USING YOUR PERSONAL DATA

Types of Data Collected:

  • Personal Data

  • While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to

  • Email address

  • First name and last name

  • Phone number

  • Usage Data 

Usage Data

Usage Data is collected automatically when using the Service. Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data. When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data. We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may includes:

  • Cookies or Browser Cookies

    • A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.

    • Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. 

  • We use both Session and Persistent Cookies for the purposes set out below.

Necessary / Essential Cookies:

  • Type: Session Cookies 

  • Administered by: Us 

  • Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.

Cookies Policy / Notice Acceptance Cookies:

  • Type: Persistent Cookies

  • Administered by: Us 

  • Purpose: These Cookies identify if users have accepted the use of cookies on the Website. 

Functionality Cookies: 

  • Type: Persistent Cookies 

  • Administered by: Us 

  • Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website. 

Use of Your Personal Data

Birches Health may use Personal Data for the following purposes: To provide and maintain our Service, including to monitor the usage of our Service. To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user. For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service. To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation. To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information. To manage Your requests: To attend and manage Your requests to Us. For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred. For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience. We may share Your personal information in the following situations: With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, to contact You. For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company. With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us. With business partners: We may share Your information with Our business partners to offer You certain products, services or promotions. With other users: when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside. With Your consent: We may disclose Your personal information for any other purpose with Your consent.

Retention of Your Personal Data

Birches Health will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. Birches Health will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction. Your consent to this Information Privacy Policy followed by Your submission of such information represents Your agreement to that transfer. Birches Health will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Information Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Delete Your Personal Data

You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You. Our Service may give You the ability to delete certain information about You from within the Service. You may update, amend, or delete Your information at any time by signing in to Your Account, if you have one, and visiting the account settings section that allows you to manage Your personal information. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us. Please note, however, that We may need to retain certain information when we have a legal obligation or lawful basis to do so.

Disclosure of Your Personal Data

Business Transactions
If Birches Health is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law Enforcement
Under certain circumstances, Birches Health may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other Legal Requirements

  • Birches Health may disclose Your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation

  • Protect and defend the rights or property of the Company

  • Prevent or investigate possible wrongdoing in connection with the Service

  • Protect the personal safety of Users of the Service or the public

  • Protect against legal liability

Security of Your Personal Data

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

Children's Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers. If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Information Privacy Policy of every site You visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

Changes to this Information Privacy Policy

We may update Our Information Privacy Policy from time to time. We will notify You of any changes by posting the new Information Privacy Policy on this page. We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Information Privacy Policy. You are advised to review this Information Privacy Policy periodically for any changes. Changes to this Information Privacy Policy are effective when they are posted on this page.

CONTACT US

If you have any questions about this Information Privacy Policy, you can contact us by email: elliott@bircheshealth.com

NOTICE OF PRIVACY PRACTICES
Last updated: February 7, 2024
This notice describes how medical information about you may be used and disclosed by Nulli Secundus Health, Inc. d/b/a Birches Health (“Birches Health”) and how you can get access to this information. Please review it carefully.

We are required by law to:

  • Ensure that PHI that identifies you is kept private and safe.

  • Let you know promptly if a breach occurs that may have compromised the privacy or security of your information.

  • Give you this Notice of our legal duties and privacy practices with respect to your protected health information (“PHI”).

  • Follow the terms of the Notice that is currently in effect.

  • Not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Please let us know in writing if you change your mind.

To download this notice, please click here to create a downloadable version.

YOUR PRIVACY INFORMATION RIGHTS

When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.

You have the right to: 

  • Get a copy of your paper or electronic medical record

    • You can ask to see or get an electronic or paper copy of your medical record and certain other health information we have about you. Ask us how to do this.

    • We will provide a copy or a summary of your health information, usually within 30 days of your request. You need to submit your request in writing by sending an email to our Privacy Officer, Elliott Rapaport, at elliott@bircheshealth.com or mailing it to Birches Health, 2 North Central Avenue, Suite 1800, Phoenix AZ, 85004

    • If we cannot provide a copy within 30 days, we will let you know in writing why we need more time. We will provide you with records or health information within 60 days of your original request.

    • We may charge a reasonable, cost-based fee as permitted by law.

  • Correct your paper or electronic medical record

    • You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this.

    • We are permitted to say “no” to your request, but we will tell you why in writing within 60 days as required by law.

  • Request confidential communication in a particular manner

    • You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address. 

    • We will accommodate reasonable requests, but do not have to agree to requests that make it more expensive to communicate with you than most other patients (for example, sending all communications via private courier or registered mail).

  • Ask us to limit the information we use or share

    • You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say “no” if it would affect your care.

  • The Right to Request Restrictions for Out-of-Pocket Expenses Paid for In-Full. 

    • If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless the law requires us to share that information.

  • Get a list of those with whom we’ve shared your information

    • You can ask for a list (accounting) of the times we’ve shared your health information for up to six years prior to the date you ask, who we shared it with, and why.

    • We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make or you agreed to permit us to make). We may charge a reasonable, cost-based fee if you ask for more than one accounting each year.

  • Get a copy of this privacy notice

    • You can email yourself a copy of this notice at any time, or request a paper copy be mailed to you at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.

  • Choose someone to act on your behalf

    • If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices on your behalf about your health information.

    • We will make sure the person you have designated in writing is recognized to have such authority and can act for you before we take any action.

  • File a complaint if you believe your privacy rights have been violated

    • You can complain if you feel we have violated your rights by contacting our Privacy Officer at elliott@bircheshealth.com or (833) 483-3838.

    • You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.

    • We will not retaliate against you in any way for filing a complaint.


 YOUR CHOICES

Regarding certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will work with you to develop reasonable instructions.

In these cases, you have both the right and choice to tell us how to:

  • Share information with your family, close friends, or others involved in your care

    • We may provide your PHI to a family member, friend, or other person that you indicate is involved in your care or the payment for your care, unless you object in whole or in part. The opportunity to consent may be obtained retroactively in emergency situations. For example, if you are unconscious or otherwise unable to state your preference, we may go ahead and share your relevant PHI if we believe it is in your best interest. We may also share your relevant PHI when needed to lessen a serious and imminent threat to your health or safety or that of others.  This could also apply with regard to sharing PHI in a disaster relief situation.

  • Offer you the opportunity to participate in research

  • Interpret test results and past health care history

  • Market our services and sell your information

OUR LEGAL RESPONSIBILITIES

  • We are required by law to maintain the privacy and security of your protected health information. 

  • We will let you know promptly if a breach occurs that has compromised the privacy or security of your information.

  • We must follow the duties and privacy practices described in this notice and provide you with a paper copy.

  • We will not use or share your information other than as described here unless you tell us we can. You may change your mind at any time, but you need to let us know we can’t use your information any more in writing. 

  • There may be some instances where we have already used or disclosed information as you permitted or directed, and we can’t get that information back. For example, if the information is being used in research, the information can’t be withdrawn from the project.

OUR USES AND DISCLOSURES

The following categories describe different ways that we can use and disclose PHI without your authorization as permitted by law. For each category of uses or disclosures we will try to explain what we mean and give some examples. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose PHI will fall within one of the categories.

  • When You Authorize Us to Do So.  

    • We will disclose your PHI when you provide us written authorization, and do so in the manner you state, unless it conflicts with our requirements under the law.  In that situation, we will comply with your instructions to the extent we can.

  • For Treatment, Payment, or Healthcare Operations: 

    • Federal privacy rules (regulations) allow healthcare providers who have a direct treatment relationship with the patient/client to use or disclose the patient/client’s PHI without the patient’s written authorization in order to carry out the healthcare provider’s own treatment, payment, or healthcare operations. We may disclose your PHI for the treatment activities of any healthcare provider providing you care. This can be done without your written authorization. For example, if your practitioner were to consult with another licensed healthcare provider about your condition, we would be permitted to use and disclose your PHI, which is otherwise confidential, in order to assist the practitioner in diagnosis and treatment of your mental health condition, or assist the provider in treating you with the knowledge of your mental health condition being taken into consideration.  Disclosures for treatment purposes are not limited to the “minimum necessary” standard regarding the release of PHI because practitioners and other healthcare providers need access to the full record and/or full and complete information in order to provide quality care. The word “treatment” includes, among other things, the coordination and management of healthcare providers with a third party, consultations between healthcare providers, and referrals of a patient for healthcare from one healthcare provider to another.

    • We can use and share your PHI to bill for and obtain payment from health plans, government health plans, or other entities.  Such “payors” may require certain documentation in order to approve payment such as diagnoses, testing results, and/or need for a particular medication.  This permitted use also covers payor audits and investigations.

    • We can also use and share your PHI for practice operations purposes which includes uses necessary for running the practice, audits and internal investigations, improving your care, scheduling your appointments, providing you telehealth services if you choose to engage in them, providing necessary or potentially beneficial information like a new treatment option, sending appointment reminders, and contacting you when necessary, among other such things.   The operations disclosure exception also covers lawsuits and disputes.  If you are involved in a lawsuit, Birches Health and your practitioner may disclose PHI in response to a court or administrative order. We may also disclose PHI about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the confidentiality of the information requested.

  • When Disclosure is Required by State or Federal Law.  

    • The use or disclosure must comply with and be limited to the relevant requirements of such law.

  • For Public Health Activities

    • This includes reporting suspected child, elder or dependent adult abuse, or preventing or reducing a serious threat to anyone’s health or safety.

    • Preventing disease

    • Helping with product recalls

    • Reporting adverse reactions to medications

    • Reporting suspected abuse, neglect, or domestic violence

    • Preventing or reducing a serious threat to anyone’s health or safety

  • For Judicial and Administrative Proceedings

    • This includes responding to a court or administrative order, although we will inform you of the request before doing so.

  • For Law Enforcement Purposes. 

    • This includes reporting crimes or other imminent dangerous conditions that may occur or arise on a practitioner’s premises.

  • To Coroners or Medical Examiners.  

    • Information will be disclosed pursuant to a valid request when such individuals are performing duties authorized by law.

  • For Research Purposes. 

    •  This includes studying and comparing the mental health of patients who received one form of therapy versus those who received another form of therapy for the same condition, including medication therapies.

  • Specialized Government Functions.  

    • This includes ensuring the proper execution of military missions, protecting the President of the United States, conducting intelligence or counter-intelligence operations, or helping to ensure the safety of those working within or housed in correctional institutions, and coordinates with the exception for law enforcement purposes.

  • For Workers' Compensation Purposes. 

    • Although our preference is to obtain an authorization from you, we may provide your PHI in order to comply with workers' compensation laws.

We never share your information in the following instances unless you give us written permission to do so:

  • Marketing purposes

    • Birches Health and its practitioners will not use or disclose your PHI for marketing purposes.

  • Sale of your information

    • Birches Health and its practitioners will not ever sell your PHI. 

  • Sharing of psychotherapy notes and mental health records (subject to some legal exceptions)

    • Birches Health and its practitioners may keep “psychotherapy notes” as that term is defined in 45 CFR § 164.501, and any use or disclosure of such notes requires your authorization, with the exception of disclosure in the following circumstances:

    • For use in training or supervising mental health practitioners to help them improve their skills in group, joint, family, or individual counseling or therapy.

    • For use by the Secretary of Health and Human Services to investigate our compliance with HIPAA.

    • As required by law and the use or disclosure is limited to the requirements of such law.

    • As required by law for certain health oversight activities pertaining to the originator of the psychotherapy notes.

For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.

21St Century Cures Act Compliance

Birches Health does not use an electronic health record (“EHR")  system that utilizes information blocking technology, and does not otherwise engage in information blocking among and between providers or other healthcare organizations or entities.

Birches Health is permitted to change the terms of this Notice, and such changes will apply to all information we have about you. The new Notice will be available upon request from the practice or your counselor/therapist, in the practice office, and on the practice website.

Privacy Officer Elliott Rapaport:  elliott@bircheshealth.com (833) 483-3838


INFORMATION PRIVACY POLICY
Last updated: February 7, 2024
INTERPRETATION AND DEFINITIONS

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
Definitions

For the purposes of this Information Privacy Policy:

  • Account means a unique account created for You to access our Service or parts of our Service.
    Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Birches Health.

  • Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.

  • Country refers to: United States

  • Device means any device that can access the Service such as a computer, a cellphone or a digital tablet. 

  • Personal Data is any information that relates to an identified or identifiable individual.
    Service refers to the Website.

  • Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by Birches Health to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist Birches Health in analyzing how the Service is used.

  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

  • We refer to Nulli Secundus Health, Inc. d/b/a Birches Health.

  • Website refers to Birches Health, accessible from bircheshealth.com

  • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

COLLECTING AND USING YOUR PERSONAL DATA

Types of Data Collected:

  • Personal Data

  • While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to

  • Email address

  • First name and last name

  • Phone number

  • Usage Data 

Usage Data

Usage Data is collected automatically when using the Service. Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data. When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data. We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may includes:

  • Cookies or Browser Cookies

    • A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.

    • Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. 

  • We use both Session and Persistent Cookies for the purposes set out below.

Necessary / Essential Cookies:

  • Type: Session Cookies 

  • Administered by: Us 

  • Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.

Cookies Policy / Notice Acceptance Cookies:

  • Type: Persistent Cookies

  • Administered by: Us 

  • Purpose: These Cookies identify if users have accepted the use of cookies on the Website. 

Functionality Cookies: 

  • Type: Persistent Cookies 

  • Administered by: Us 

  • Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website. 

Use of Your Personal Data

Birches Health may use Personal Data for the following purposes: To provide and maintain our Service, including to monitor the usage of our Service. To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user. For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service. To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation. To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information. To manage Your requests: To attend and manage Your requests to Us. For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred. For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience. We may share Your personal information in the following situations: With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, to contact You. For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company. With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us. With business partners: We may share Your information with Our business partners to offer You certain products, services or promotions. With other users: when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside. With Your consent: We may disclose Your personal information for any other purpose with Your consent.

Retention of Your Personal Data

Birches Health will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. Birches Health will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction. Your consent to this Information Privacy Policy followed by Your submission of such information represents Your agreement to that transfer. Birches Health will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Information Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Delete Your Personal Data

You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You. Our Service may give You the ability to delete certain information about You from within the Service. You may update, amend, or delete Your information at any time by signing in to Your Account, if you have one, and visiting the account settings section that allows you to manage Your personal information. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us. Please note, however, that We may need to retain certain information when we have a legal obligation or lawful basis to do so.

Disclosure of Your Personal Data

Business Transactions
If Birches Health is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law Enforcement
Under certain circumstances, Birches Health may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other Legal Requirements

  • Birches Health may disclose Your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation

  • Protect and defend the rights or property of the Company

  • Prevent or investigate possible wrongdoing in connection with the Service

  • Protect the personal safety of Users of the Service or the public

  • Protect against legal liability

Security of Your Personal Data

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

Children's Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers. If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Information Privacy Policy of every site You visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

Changes to this Information Privacy Policy

We may update Our Information Privacy Policy from time to time. We will notify You of any changes by posting the new Information Privacy Policy on this page. We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Information Privacy Policy. You are advised to review this Information Privacy Policy periodically for any changes. Changes to this Information Privacy Policy are effective when they are posted on this page.

CONTACT US

If you have any questions about this Information Privacy Policy, you can contact us by email: elliott@bircheshealth.com

NOTICE OF PRIVACY PRACTICES
Last updated: February 7, 2024
This notice describes how medical information about you may be used and disclosed by Nulli Secundus Health, Inc. d/b/a Birches Health (“Birches Health”) and how you can get access to this information. Please review it carefully.

We are required by law to:

  • Ensure that PHI that identifies you is kept private and safe.

  • Let you know promptly if a breach occurs that may have compromised the privacy or security of your information.

  • Give you this Notice of our legal duties and privacy practices with respect to your protected health information (“PHI”).

  • Follow the terms of the Notice that is currently in effect.

  • Not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Please let us know in writing if you change your mind.

To download this notice, please click here to create a downloadable version.

YOUR PRIVACY INFORMATION RIGHTS

When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.

You have the right to: 

  • Get a copy of your paper or electronic medical record

    • You can ask to see or get an electronic or paper copy of your medical record and certain other health information we have about you. Ask us how to do this.

    • We will provide a copy or a summary of your health information, usually within 30 days of your request. You need to submit your request in writing by sending an email to our Privacy Officer, Elliott Rapaport, at elliott@bircheshealth.com or mailing it to Birches Health, 2 North Central Avenue, Suite 1800, Phoenix AZ, 85004

    • If we cannot provide a copy within 30 days, we will let you know in writing why we need more time. We will provide you with records or health information within 60 days of your original request.

    • We may charge a reasonable, cost-based fee as permitted by law.

  • Correct your paper or electronic medical record

    • You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this.

    • We are permitted to say “no” to your request, but we will tell you why in writing within 60 days as required by law.

  • Request confidential communication in a particular manner

    • You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address. 

    • We will accommodate reasonable requests, but do not have to agree to requests that make it more expensive to communicate with you than most other patients (for example, sending all communications via private courier or registered mail).

  • Ask us to limit the information we use or share

    • You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say “no” if it would affect your care.

  • The Right to Request Restrictions for Out-of-Pocket Expenses Paid for In-Full. 

    • If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless the law requires us to share that information.

  • Get a list of those with whom we’ve shared your information

    • You can ask for a list (accounting) of the times we’ve shared your health information for up to six years prior to the date you ask, who we shared it with, and why.

    • We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make or you agreed to permit us to make). We may charge a reasonable, cost-based fee if you ask for more than one accounting each year.

  • Get a copy of this privacy notice

    • You can email yourself a copy of this notice at any time, or request a paper copy be mailed to you at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.

  • Choose someone to act on your behalf

    • If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices on your behalf about your health information.

    • We will make sure the person you have designated in writing is recognized to have such authority and can act for you before we take any action.

  • File a complaint if you believe your privacy rights have been violated

    • You can complain if you feel we have violated your rights by contacting our Privacy Officer at elliott@bircheshealth.com or (833) 483-3838.

    • You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.

    • We will not retaliate against you in any way for filing a complaint.


 YOUR CHOICES

Regarding certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will work with you to develop reasonable instructions.

In these cases, you have both the right and choice to tell us how to:

  • Share information with your family, close friends, or others involved in your care

    • We may provide your PHI to a family member, friend, or other person that you indicate is involved in your care or the payment for your care, unless you object in whole or in part. The opportunity to consent may be obtained retroactively in emergency situations. For example, if you are unconscious or otherwise unable to state your preference, we may go ahead and share your relevant PHI if we believe it is in your best interest. We may also share your relevant PHI when needed to lessen a serious and imminent threat to your health or safety or that of others.  This could also apply with regard to sharing PHI in a disaster relief situation.

  • Offer you the opportunity to participate in research

  • Interpret test results and past health care history

  • Market our services and sell your information

OUR LEGAL RESPONSIBILITIES

  • We are required by law to maintain the privacy and security of your protected health information. 

  • We will let you know promptly if a breach occurs that has compromised the privacy or security of your information.

  • We must follow the duties and privacy practices described in this notice and provide you with a paper copy.

  • We will not use or share your information other than as described here unless you tell us we can. You may change your mind at any time, but you need to let us know we can’t use your information any more in writing. 

  • There may be some instances where we have already used or disclosed information as you permitted or directed, and we can’t get that information back. For example, if the information is being used in research, the information can’t be withdrawn from the project.

OUR USES AND DISCLOSURES

The following categories describe different ways that we can use and disclose PHI without your authorization as permitted by law. For each category of uses or disclosures we will try to explain what we mean and give some examples. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose PHI will fall within one of the categories.

  • When You Authorize Us to Do So.  

    • We will disclose your PHI when you provide us written authorization, and do so in the manner you state, unless it conflicts with our requirements under the law.  In that situation, we will comply with your instructions to the extent we can.

  • For Treatment, Payment, or Healthcare Operations: 

    • Federal privacy rules (regulations) allow healthcare providers who have a direct treatment relationship with the patient/client to use or disclose the patient/client’s PHI without the patient’s written authorization in order to carry out the healthcare provider’s own treatment, payment, or healthcare operations. We may disclose your PHI for the treatment activities of any healthcare provider providing you care. This can be done without your written authorization. For example, if your practitioner were to consult with another licensed healthcare provider about your condition, we would be permitted to use and disclose your PHI, which is otherwise confidential, in order to assist the practitioner in diagnosis and treatment of your mental health condition, or assist the provider in treating you with the knowledge of your mental health condition being taken into consideration.  Disclosures for treatment purposes are not limited to the “minimum necessary” standard regarding the release of PHI because practitioners and other healthcare providers need access to the full record and/or full and complete information in order to provide quality care. The word “treatment” includes, among other things, the coordination and management of healthcare providers with a third party, consultations between healthcare providers, and referrals of a patient for healthcare from one healthcare provider to another.

    • We can use and share your PHI to bill for and obtain payment from health plans, government health plans, or other entities.  Such “payors” may require certain documentation in order to approve payment such as diagnoses, testing results, and/or need for a particular medication.  This permitted use also covers payor audits and investigations.

    • We can also use and share your PHI for practice operations purposes which includes uses necessary for running the practice, audits and internal investigations, improving your care, scheduling your appointments, providing you telehealth services if you choose to engage in them, providing necessary or potentially beneficial information like a new treatment option, sending appointment reminders, and contacting you when necessary, among other such things.   The operations disclosure exception also covers lawsuits and disputes.  If you are involved in a lawsuit, Birches Health and your practitioner may disclose PHI in response to a court or administrative order. We may also disclose PHI about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the confidentiality of the information requested.

  • When Disclosure is Required by State or Federal Law.  

    • The use or disclosure must comply with and be limited to the relevant requirements of such law.

  • For Public Health Activities

    • This includes reporting suspected child, elder or dependent adult abuse, or preventing or reducing a serious threat to anyone’s health or safety.

    • Preventing disease

    • Helping with product recalls

    • Reporting adverse reactions to medications

    • Reporting suspected abuse, neglect, or domestic violence

    • Preventing or reducing a serious threat to anyone’s health or safety

  • For Judicial and Administrative Proceedings

    • This includes responding to a court or administrative order, although we will inform you of the request before doing so.

  • For Law Enforcement Purposes. 

    • This includes reporting crimes or other imminent dangerous conditions that may occur or arise on a practitioner’s premises.

  • To Coroners or Medical Examiners.  

    • Information will be disclosed pursuant to a valid request when such individuals are performing duties authorized by law.

  • For Research Purposes. 

    •  This includes studying and comparing the mental health of patients who received one form of therapy versus those who received another form of therapy for the same condition, including medication therapies.

  • Specialized Government Functions.  

    • This includes ensuring the proper execution of military missions, protecting the President of the United States, conducting intelligence or counter-intelligence operations, or helping to ensure the safety of those working within or housed in correctional institutions, and coordinates with the exception for law enforcement purposes.

  • For Workers' Compensation Purposes. 

    • Although our preference is to obtain an authorization from you, we may provide your PHI in order to comply with workers' compensation laws.

We never share your information in the following instances unless you give us written permission to do so:

  • Marketing purposes

    • Birches Health and its practitioners will not use or disclose your PHI for marketing purposes.

  • Sale of your information

    • Birches Health and its practitioners will not ever sell your PHI. 

  • Sharing of psychotherapy notes and mental health records (subject to some legal exceptions)

    • Birches Health and its practitioners may keep “psychotherapy notes” as that term is defined in 45 CFR § 164.501, and any use or disclosure of such notes requires your authorization, with the exception of disclosure in the following circumstances:

    • For use in training or supervising mental health practitioners to help them improve their skills in group, joint, family, or individual counseling or therapy.

    • For use by the Secretary of Health and Human Services to investigate our compliance with HIPAA.

    • As required by law and the use or disclosure is limited to the requirements of such law.

    • As required by law for certain health oversight activities pertaining to the originator of the psychotherapy notes.

For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.

21St Century Cures Act Compliance

Birches Health does not use an electronic health record (“EHR")  system that utilizes information blocking technology, and does not otherwise engage in information blocking among and between providers or other healthcare organizations or entities.

Birches Health is permitted to change the terms of this Notice, and such changes will apply to all information we have about you. The new Notice will be available upon request from the practice or your counselor/therapist, in the practice office, and on the practice website.

Privacy Officer Elliott Rapaport:  elliott@bircheshealth.com (833) 483-3838


INFORMATION PRIVACY POLICY
Last updated: February 7, 2024
INTERPRETATION AND DEFINITIONS

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
Definitions

For the purposes of this Information Privacy Policy:

  • Account means a unique account created for You to access our Service or parts of our Service.
    Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Birches Health.

  • Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.

  • Country refers to: United States

  • Device means any device that can access the Service such as a computer, a cellphone or a digital tablet. 

  • Personal Data is any information that relates to an identified or identifiable individual.
    Service refers to the Website.

  • Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by Birches Health to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist Birches Health in analyzing how the Service is used.

  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

  • We refer to Nulli Secundus Health, Inc. d/b/a Birches Health.

  • Website refers to Birches Health, accessible from bircheshealth.com

  • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

COLLECTING AND USING YOUR PERSONAL DATA

Types of Data Collected:

  • Personal Data

  • While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to

  • Email address

  • First name and last name

  • Phone number

  • Usage Data 

Usage Data

Usage Data is collected automatically when using the Service. Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data. When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data. We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may includes:

  • Cookies or Browser Cookies

    • A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.

    • Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. 

  • We use both Session and Persistent Cookies for the purposes set out below.

Necessary / Essential Cookies:

  • Type: Session Cookies 

  • Administered by: Us 

  • Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.

Cookies Policy / Notice Acceptance Cookies:

  • Type: Persistent Cookies

  • Administered by: Us 

  • Purpose: These Cookies identify if users have accepted the use of cookies on the Website. 

Functionality Cookies: 

  • Type: Persistent Cookies 

  • Administered by: Us 

  • Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website. 

Use of Your Personal Data

Birches Health may use Personal Data for the following purposes: To provide and maintain our Service, including to monitor the usage of our Service. To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user. For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service. To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation. To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information. To manage Your requests: To attend and manage Your requests to Us. For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred. For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience. We may share Your personal information in the following situations: With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, to contact You. For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company. With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us. With business partners: We may share Your information with Our business partners to offer You certain products, services or promotions. With other users: when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside. With Your consent: We may disclose Your personal information for any other purpose with Your consent.

Retention of Your Personal Data

Birches Health will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. Birches Health will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction. Your consent to this Information Privacy Policy followed by Your submission of such information represents Your agreement to that transfer. Birches Health will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Information Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Delete Your Personal Data

You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You. Our Service may give You the ability to delete certain information about You from within the Service. You may update, amend, or delete Your information at any time by signing in to Your Account, if you have one, and visiting the account settings section that allows you to manage Your personal information. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us. Please note, however, that We may need to retain certain information when we have a legal obligation or lawful basis to do so.

Disclosure of Your Personal Data

Business Transactions
If Birches Health is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law Enforcement
Under certain circumstances, Birches Health may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other Legal Requirements

  • Birches Health may disclose Your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation

  • Protect and defend the rights or property of the Company

  • Prevent or investigate possible wrongdoing in connection with the Service

  • Protect the personal safety of Users of the Service or the public

  • Protect against legal liability

Security of Your Personal Data

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

Children's Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers. If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Information Privacy Policy of every site You visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

Changes to this Information Privacy Policy

We may update Our Information Privacy Policy from time to time. We will notify You of any changes by posting the new Information Privacy Policy on this page. We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Information Privacy Policy. You are advised to review this Information Privacy Policy periodically for any changes. Changes to this Information Privacy Policy are effective when they are posted on this page.

CONTACT US

If you have any questions about this Information Privacy Policy, you can contact us by email: elliott@bircheshealth.com