HIPPA - Compliant Privacy Policy

HIPAA‑Compliant Privacy Policy for btgamhs.ca

Effective Date: March 1, 2026
Last Updated: March 1, 2026

1. Scope

This policy explains how Bridge the Gap Addiction and Mental Health Services (BTGAMHS) protects your personal information when you visit the website btgamhs.ca (the “Website”).
This policy applies to:

• Information you provide through contact or “Request an Appointment” forms.

• Information collected automatically (IP address, browser type, pages visited).

• Email and other communications sent through the Website.

This policy does not replace our clinical Notice of Privacy Practices, which governs protected health information (PHI) used and disclosed in treatment, payment, and health‑care operations.

2. Information We Collect

We may collect the following types of information:

• Personal‑identifying information: name, phone number, email address, date of birth, and sometimes mailing address when you submit a form or email our office.

• Health‑related information: brief clinical or referral details you voluntarily include in messages or forms (for example, type of concern or requested service).

• Technical information: IP address, browser and device information, pages visited, and cookies to improve site performance and user experience.

Information submitted through the Website is not encrypted by default and may not be fully secure; we therefore advise against sending highly sensitive or time‑sensitive clinical details via unencrypted email or web forms.

3. How We Use Your Information

We use the information you provide to:

• Respond to your inquiries and schedule appointments.

• Provide information about our services and programs.

• Comply with legal and regulatory requirements, including HIPAA and state privacy laws.

• Improve the Website’s functionality and user experience (e.g., analytics, error tracking).

We do not sell, rent, or share your personal information or PHI for marketing or unrelated commercial purposes.

4. Disclosure of Information

We may disclose information:

• To our team and authorized personnel who need it to provide care or support services.

• To third‑party service providers (e.g., website hosting, IT support, scheduling or email platforms) that are bound by confidentiality and HIPAA‑compliant business‑associate agreements (BAAs), where applicable.

• When required by law, such as reporting certain threats to health or safety, or responding to valid court orders or subpoenas.

• In de‑identified or aggregated form (where no individual can be reasonably identified) for quality‑improvement or research purposes.

We do not disclose PHI via the Website to unrelated third parties without your written authorization, except where permitted by HIPAA or state law.

5. Security Protections

We take reasonable technical and administrative safeguards to protect your information, including:

• Secure servers and industry‑standard encryption for data in transit (HTTPS) and, where appropriate, at rest.

• Access controls limiting who can view or modify personal and health‑related information.

• Regular review of security configurations and updates.

Despite these measures, no method of transmission over the Internet can be guaranteed to be 100% secure. We strongly recommend that you avoid sending highly sensitive clinical information (e.g., detailed trauma history, medication lists, or crisis‑related details) through unsecured email or website forms.

6. Your Rights Regarding Your Information

Under HIPAA and California privacy law, you may have the right to:

• Request access to or copies of your PHI held in our records.

• Request an amendment (correction) of PHI if it is inaccurate or incomplete.

• Receive a written explanation of how we use and disclose your PHI (via our Notice of Privacy Practices in the clinic).

• Request restrictions on certain uses or disclosures of PHI, if permitted by law.

• Submit a complaint if you believe your privacy rights have been violated (both to our office and to the U.S. Department of Health and Human Services, Office for Civil Rights).

This Website‑level policy does not limit any of these statutory rights, which are governed by HIPAA and applicable state law.

7. Cookies and Tracking Technologies

We may use cookies and similar technologies to:

• Remember your preferences and settings.

• Analyze traffic and improve the Website’s performance.

• Prevent fraudulent activity.

You can manage or disable cookies through your browser settings, but disabling them may affect some Website features. We do not use cookies or tracking to identify or profile individual patients for marketing outside of our services.

8. Retention of Your Information

We retain information collected through the Website:

• For as long as necessary to respond to your inquiry or provide services.

• As required by applicable law, including HIPAA and California record‑retention requirements.

• Until you request deletion, where legally permissible and consistent with our obligations.

9. Changes to This Policy

We may update this policy from time to time. The “Effective Date” and “Last Updated” dates at the top will reflect any changes. Material changes will be posted on the Website and, where appropriate, communicated through other channels.

10. Contact Us

If you have questions about this policy or about how we handle your personal information, please contact:

Bridge the Gap Addiction and Mental Health Services
Email: info@btgamhs.ca
Phone: 707-774-1463
Office address: 1121 Tabor Avenue, Fairfield, CA 94533

If you believe your privacy rights have been violated, you may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights.