Sunflower Mountain Mental Health
Privacy Policy
Effective Date: 3/12/2025
Last Updated: 3/12/2025
1. Introduction
Sunflower Mountain Mental Health (SMMH) ("we," "our," or "us") values your privacy and is committed to protecting the personal and health information of our visitors and clients. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website, www.sunflowermountainmentalhealth.com, and how we comply with applicable privacy laws, including the Health Insurance Portability and Accountability Act (HIPAA).
By using our website, you agree to the terms outlined in this Privacy Policy. If you do not agree, please discontinue use of the site.
2. Compliance with HIPAA
As a provider of mental health services, we comply with HIPAA regarding the collection, use, and disclosure of Protected Health Information (PHI).
However, our WIX-hosted website does not store or transmit PHI, as WIX does not provide a Business Associate Agreement (BAA) and is not considered a HIPAA-compliant platform.
We use secure, HIPAA-compliant platforms for PHI collection and storage, including:
✅ Google Workspace (including Google Forms, Google Drive, and Gmail for Healthcare Use) (covered under a BAA with Google)
✅ CharmHealth (Electronic Health Records & Medical Information Storage) (covered under a BAA)
✅ Spruce (Secure Messaging, Telehealth, and Faxing) (covered under a BAA)
✅ Headway (Insurance and Payment Processing) (covered under a BAA)
✅ Square (Payment Processing for Medical Services) (covered under a BAA)
If you are a patient, please avoid submitting PHI through general website forms, live chat, or email. Instead, use designated HIPAA-compliant platforms for secure communication.
3. Information We Collect
We collect two types of information:
-
Marketing and General Inquiries (Non-PHI):
-
Name and email address (collected via our website for marketing purposes).
-
Name, email, phone number, and message (if submitted through Google Forms for general inquiries).
-
-
Protected Health Information (PHI):
-
Personal identifying information and medical details required for patient intake, scheduling, treatment coordination, insurance verification, and secure messaging.
-
This information is collected through Google Workspace (for patient intake & secure inquiries), CharmHealth (EHR), Spruce (messaging & faxes), and Headway (insurance & payment processing).
-
4. How We Collect Information
We collect information through the following methods:
-
Website Forms (Non-PHI only): Name and email are collected for marketing communications.
-
Google Workspace (PHI Collection & Storage): Used for secure patient intake and general inquiries requiring personal or medical information.
-
CharmHealth (EHR & PHI Storage): Used to store medical records, treatment history, and other sensitive healthcare information.
-
Spruce (PHI Messaging & Faxes): Used for secure messaging and fax communications between patients, providers, and external healthcare organizations.
-
Headway (PHI & Insurance Processing): Used to manage insurance verification, payment processing, and provider coordination.
-
Square (Payment Processing for Medical Services): Used for handling payments, under HIPAA compliance.
5. Why We Collect Information
We collect your information for the following purposes:
-
To respond to inquiries and provide requested services.
-
To securely store PHI for treatment purposes in HIPAA-compliant platforms.
-
To schedule appointments, verify insurance, and manage medical records.
-
To process payments for services rendered (via Square and Headway).
-
To communicate important updates, promotions, or service information (if opted-in).
-
To comply with legal or regulatory obligations.
We do not sell, rent, or trade any personal information.
6. How We Store and Protect Your Information
We implement security measures to protect your information:
-
Marketing & General Inquiry Data (Non-PHI): Stored on WIX’s secure servers but not used for PHI storage.
-
PHI from Intake, Messaging & Medical Records: Stored in Google Workspace, CharmHealth, Spruce, Headway, and Square under HIPAA-compliant protections.
-
Encryption & Access Control: All PHI is encrypted, and access is restricted to authorized personnel only.
Despite these safeguards, no online system is 100% secure. If you suspect a data breach, contact us immediately.
7. Sharing and Disclosure of Information
We may share data under the following circumstances:
-
Service Providers: We may share website analytics or non-PHI with third-party vendors for marketing and operational purposes.
-
Legal Compliance: If required by law (e.g., court orders, subpoenas, law enforcement).
-
HIPAA-Compliant Partners: PHI is only shared with third parties under a valid BAA for treatment, payment, or healthcare operations.
We do not share PHI with third parties for marketing purposes.
8. Cookies and Tracking Technologies
Our website uses cookies and tracking technologies to analyze traffic and improve user experience.
Cookies may collect:
-
IP addresses
-
Browser type
-
Pages visited
-
Time spent on site
We may use Google Analytics or other tools to track performance, but these third-party services have their own privacy policies.
Managing Cookies: You can disable cookies through your browser settings. However, some website features may not function properly.
9. How to Manage Your Information
You have the right to:
-
Opt-out of Marketing Emails: Click "unsubscribe" at the bottom of our emails.
-
Request Data Changes or Deletion: Text (719) 679-5022 to request updates or deletion of your personal data.
-
Access Your PHI: If you are a patient, you can request access to your PHI under HIPAA guidelines by texting (719) 679-5022.
10. Privacy Policy Updates
We may update this Privacy Policy periodically. Any changes will be posted with a revised "Last Updated" date. Continued use of our website after changes constitutes acceptance of the updated policy.
11. Contact Information
For privacy-related questions, contact us:
Sunflower Mountain Mental Health (SMMH)
📞 Phone/Text: (719) 679-5022