Privacy Policy
Effective Date: July 30, 2025
1. Introduction
Klarity Clinic (“we,” “us,” “our”) is dedicated to protecting your privacy and securing your Protected Health Information (“PHI”) in compliance with the Health Insurance Portability and Accountability Act (HIPAA). This Privacy Policy explains the types of information we collect, how we use and share it, and your rights regarding your information.
2. Definitions
- Personal Data: Identifiers such as your name, address, email, and phone number.
- Protected Health Information (PHI): Health data about your medical history, conditions, treatments, and questionnaire responses that can identify you.
- Business Associate: A third party (e.g. Google Forms) that processes PHI on our behalf under a HIPAA Business Associate Agreement (BAA).
3. Information We Collect
- Contact & Demographic: Name, date of birth, mailing address, email, phone.
- Health & Medical: Medical history, provider details, condition-specific questionnaire responses.
- Usage & Device: IP address, browser type, device information, analytics data.
4. How We Use Your Information
We use collected data to:
- Provide and coordinate your care, including reviewing intake questionnaires and contacting you.
- Communicate appointment details, treatment options, and follow-up reminders.
- Conduct internal analytics to improve our services and website usability.
- Comply with legal obligations and HIPAA requirements.
5. HIPAA & PHI Safeguards
We implement administrative, physical, and technical safeguards to protect PHI, including:
- Encryption: All form submissions and emails containing PHI are encrypted in transit (TLS) and at rest.
- Access Controls: Access to PHI is restricted to authorized personnel only; unique user IDs and strong passwords are required.
- Audit Logs: We maintain records of who accessed PHI and when, to detect unauthorized access.
- Business Associate Agreements: We only use third-party processors (e.g. Google Forms) that sign a BAA guaranteeing HIPAA compliance.
- Data Minimization: We collect only the information necessary for treatment and coordination of care.
6. Sharing & Disclosure
We do not sell or rent your PHI. We share information only as follows:
- With Your Providers: To coordinate your care with physicians, therapists, or specialists you’ve authorized.
- Business Associates: Under HIPAA BAAs (e.g. Google Forms, email service providers).
- Legal Requirements: When required by law (e.g. court orders, public health reporting).
- Emergencies: To prevent a serious threat to health or safety, if necessary.
7. Your Rights Under HIPAA
You have the following rights regarding your PHI:
- Access: Request a copy of your PHI in electronic or paper form.
- Amendment: Request corrections to inaccurate or incomplete PHI.
- Accounting: Receive an accounting of disclosures of your PHI outside of treatment, payment, and healthcare operations.
- Restriction: Request restrictions on uses or disclosures of PHI for treatment, payment, or operations.
- Confidential Communications: Request alternative methods or locations for communications (e.g. only via email or to a different address).
- File a Complaint: If you believe your rights are violated, you may file a complaint with us or with the U.S. Department of Health and Human Services.
To exercise any rights, contact us at records@klarityclinic.com or call (844) 552-7489. We will respond within 30 days.
8. Data Retention & Destruction
We retain PHI for at least the minimum period required by law (usually 6 years). When no longer needed, PHI is securely destroyed or de-identified.
9. Security Incident & Breach Notification
In the event of an unauthorized disclosure of PHI, we will:
- Immediately contain and mitigate the breach.
- Notify affected individuals within 60 days, describing the breach and steps to protect yourself.
- Report to HHS OCR and, if required, state regulators.
- Review and enhance safeguards to prevent future incidents.
10. Children’s Privacy
We do not knowingly collect PHI from children under 13 without parental consent. If you believe we have, please contact us to have the information removed.
11. Changes to This Policy
We may update this policy as laws or our practices change. When we do, we’ll revise the “Effective Date” at the top. We encourage you to review this page periodically.
12. Contact Information
If you have questions about this policy or your PHI rights, please contact:
📞 (844) 552-7489
✉️ records@klarityclinic.com