- What personal information do we collect from the people that visit our blog, website, or app?
When ordering or registering on our site you may be asked to enter your name, email address, phone number or other details to help you with your experience.
- When do we collect information?
We collect information from you when you register on our site or sign up for a program, subscribe to a newsletter, fill out a form, or enter information on our site.
- How do we use your information?
We may use the information we collect from you when you register, sign up for our newsletter, respond to a survey or communication, review the website, or use certain other site features in these ways:
• To administer a survey or other site feature.
• To send periodic emails regarding our services.
- How do we protect your information?
We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information. Our website is scanned regularly for security holes and known vulnerabilities in order to make your visit to our site as safe as possible. While we cannot guarantee that loss, misuse, or alteration to data will not occur, we use industry standards, such as Secure Socket Layer (SSL) technology, to help safeguard against such occurrences.
- Do we use ‘cookies’?
• Compile aggregate data about site traffic and site interactions to offer better site experiences and tools. We may also use trusted third-party services like Google that track and analyze this information on our behalf.
You can have your computer warn you each time a cookie is being sent, or you can turn off all cookies. You do this through your browser settings. Since each browser is a little different, look at your browser’s Help Menu to learn the correct way to modify your cookies. If you turn cookies off, some features that make your site experience more efficient may not function properly.
- Third-party disclosure
We do not sell, trade, loan, rent or otherwise transfer your Personally Identifiable Information to outside parties. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when such release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property or safety.
- Third-party links
We do not include or offer third-party products or services on our website.
- Credit Card Information
We do not process credit card information for payment for any products or services ordered from our website. WGA contracts with a third-party service provider that complies with the payment card industry data security standards (PCI DSS) to collect and process your credit card information. We do not store or maintain any credit card information.
- How does our site handle Do Not Track signals?
We cannot honor Do Not Track signals and therefore cannot honor such requests.
- Does our site allow third-party behavioral tracking?
We do not allow third-party behavioral tracking
- COPPA (Children Online Privacy Protection Act)
With the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under the age of 13 years old and no one under age 13 may provide information to or on the website.
If at any time you would like to unsubscribe from receiving future emails, you can follow the instructions at the bottom of each email. and we will promptly remove you from ALL correspondence.
|Policy Name and Number:||Client Privacy, Confidentiality & Release of Information|
|Date last reviewed:||6/1/2018|
|Approval or last revision:||6/23/15|
|Approved by:||Robert Candelaria, CEO|
Handling of Public Health Information
In the course of delivering its services and programs, WGA collects personal information from its clients. Personal information means any information that could be used on its own, or with other information, to establish the identity of a client, the client’s service provider or the client’s substitute decision maker. Personal information also includes any other information about a client including information that is contained in a client record.
WGA collects, uses and shares client’s personal information for the following purposes:
- Providing quality programs and services to clients
- Providing information to other people or organizations with client consent (for example, making a referral for service)
- Contacting clients, donors and members to evaluate WGA service and work
- Conducting research to understand the kinds of issues our clients are facing
- Reviewing client files to ensure high quality of service and documentation
WGA may also collect, use and share personal information with consent or as permitted or required by law.
WGA is committed to protecting the privacy of its clients and ensuring that:
- The personal information it receives from clients is kept safe, secure, confidential, accurate and up to date
- Clients understand why their personal information is collected by WGA
- WGA obtains client consent before collecting, using, sharing, or releasing client information, except as set out in this policy or permitted or required by law
- Only the personal information necessary for the purposes listed above is collected from clients, unless otherwise consented to by the client or permitted or required by law
- Access to client information is limited to the WGA employees, volunteers and interns involved in delivering services to clients
- Any external agents to whom WGA releases information have a need to know and only use and disclose client information for the purposes for which it was originally provided
- Clients are able to withdraw their consent at any time to the collection, use and disclosure of their personal information
- Clients have access to their record, except where WGA is entitled to refuse an access request, and are able to copy or correct their record and ask questions about WGA privacy policies and procedures
- Complaints about WGA privacy policies and procedures are handled efficiently and effectively
- All legal and regulatory requirements regarding client information are met and maintained
This policy applies to all WGA employees, interns and volunteers.
1. Obtaining Consent
1.1 As WGA services often involve collaboration and consultation among employees, WGA employees will discuss the following with new clients:
- The nature and extent of consultation and collaboration in the WGA program or service which the new client is accessing
- The personal information that WGA may collect
- The purposes for which WGA collects, uses and shares personal information, as listed above
1.2 Client’s rights and responsibilities including rights related to keeping client’s personal information private will be reviewed with all new clients at their first appointment following intake
1.3 Clients will be asked to use a form indicating that the organization’s privacy policies have been discussed and that the client consents to the collection use and sharing of personal information for the purposes listed in this policy.
1.4 The signed forms will be maintained by the program (e.g., in the client’s paper record, filed centrally within the program). A note will be made in the client’s electronic record that the form has been signed.
1.5 Consent will be that of the individual and must be knowledgeable, relate to the personal information and not be obtained through deception or coercion. A consent to the collection, use or sharing of personal health information about an individual is knowledgeable if it is reasonable in the circumstances to believe that the individual knows, (a) the purposes of the collection, use and/or disclosure, as the case may be; and (b) that the individual may give or withhold consent.
1.6 In the event that employees are concerned that a client does not have the capacity to consent to the collection, use and disclosure of his or her personal information, employees should:
- Consider whether the client understands the decision they are being asked to make
- Question whether the person understands the reasonably foreseeable consequences of the decision or lack of decision
- Consult with their supervisor
2. Client Withholding, Limiting or Withdrawing Consent
2.1 Clients have the right to stipulate who will have access to their personal information. This means that they can withhold, limit or withdraw their consent to the collection, use or disclosure of personal information. The request may cover all or a specific part of a client’s record. When this happens, staff will implement the following “lock-box” procedure.
2.2 Electronic records: The WGA employee receiving the client’s request to withhold, limit or withdraw their consent will:
- Record the written instructions by the client in an activity note in the client’s electronic record
- Scan any written instructions by the client into the client’s electronic record
- Supervisor will notify the Information Technology (IT) Department of the client’s instructions and the IT Department will limit access to the electronic record in compliance with the client’s request (e.g., closing access to the record; limiting access to the individuals specified by the client to be allowed access).
2.3 Paper records: If the client also has a paper file:
The client’s file (either in whole or in part depending on the client’s instructions) to which access is to be limited will be placed inside an envelope that will be sealed with the instructions from the client stapled to the outside of the file. If the client’s request is to withdraw consent, the file will be safeguarded by assigned WGA staff. If the client’s request is to withhold or limit consent, the supervisor responsible for the program will determine how best to comply with the client’s request.
2.4 In cases where the withholding, limiting or withdrawal of consent will limit or prevent WGA from continuing to deliver services, employees will discuss with the client the consequences of their withholding, limiting or withdrawal of consent.
3. Higher Levels of Confidentiality (Use of Aliases)
3.1 WGA serves clients periodically that require a higher level of confidentiality. For example: public figures; staff of WGA funder; former staff, interns and volunteers, who may not wish it to be known that they are accessing WGA services.
3.2 In such situations, programs will provide clients an opportunity to select and use an alias. The alias will be used in the client record and in the client’s interactions with WGA.
3.3 A list of the aliases, clients’ real names and file numbers will be confidentiality maintained by a designated person in each department.
3.4 A higher level of confidentiality designation does not invalidate the normal legal limits to confidentiality, which includes subpoenas, search warrants and the right of government funders to audit client records. Clients must be informed of these limitations on confidentiality.
3.5 The Human Resources Department will provide names of new staff members, volunteers and interns to the WGA Privacy Officer so that a check of the client database can be completed. If the individual has received service from WGA in past, an alias will be assigned to the record in order to maintain the privacy of the new staff member, volunteer or intern.
4. Disclosure without Consent Including Responding to Summons/Subpoenas/Court Orders and Requests from Police
4.1 WGA will not disclose the personal information of clients without their consent, except where:
- It is believed the client or someone else is in imminent danger of serious physical harm (see Duty to Warn policy)
- It is reported or observed by staff or self-disclosure by client(s) is in imminent danger of serious physical harm to self.
- A child under the age of 17 is at risk of or has been abused or neglected (see Child Abuse Reporting and Documentation policy)
- WGA is subpoenaed or is otherwise served with a court order, summons, warrant or a similar requirement issued by a person who has jurisdiction to compel the production of information in a proceeding
- The disclosure is made to medical personnel in a medical emergency;
- The disclosure is made to a qualified person for research, audit, or program evaluation.
- The disclosure is made
- It is otherwise permitted or required by law.
4.2 If WGA employee, intern or volunteer is served with a warrant, summons, subpoena, order or similar requirement issued in a proceeding, the individual must immediately notify their supervisor. WGA employees, interns or volunteers should follow the same procedure in response to requests by police officers for client information.
4.3 In general, where an order, summons, warrant, subpoena or other requirement to produce documents has been served on WGA, WGA will:
- Make every attempt to respond in a way that is respectful of the order or other requirement, while at the same time taking steps to preserve the client’s right to confidentiality
- Make an exact copy of the file to remain at WGA and deliver the documents to the court or other proceeding in a sealed enveloped marked “private and confidential”.
4.4 Where WGA discloses personal information without the client’s consent, the client will be notified of such disclosure as soon as reasonable, practical, safe and/or legally possible in the circumstances.
5. Release of Information with Client Consent
5.1 Subject to Section 4, personal information, whether all or part of a client record, will not be released to third parties without the written consent of the client or the client’s substitute decision maker, where applicable. Clients are required to complete the WGA Authorization to Request or Release Information Form, depending on the nature of the request. Consents provided on these forms are valid for one year, unless otherwise limited or withdrawn by the client in advance of that date. WGA may disclose a client’s personal information, provided that the disclosure, to the best of WGA knowledge, is for a lawful purpose.
5.2 Reports from third parties contained in a client record may not be released without the written consent of the third party. Clients will be encouraged to pursue access to this information directly with the third party.
5.3 In exceptional circumstances, where written consent is not possible, the oral consent of the client to the release of personal information will be accepted and will be recorded in the client’s file.
5.4 In response to requests to release information to third parties, the WGA service provider will ensure that the client understands the purpose for which the information is being released and to whom the information is being released. The WGA service provider will also explain that WGA cannot guarantee the confidentiality of the information once it has been released.
6. Safeguarding of Personal Information
6.1 Client information stored electronically is protected by password. Access to the WGA electronic database is limited on a need to know basis for added security.
6.2 Client information collected in hard copy form is stored in locked cabinets accessible only by staff and program managers designated by Administrative Director.
6.3 Access to client information will be limited to those who need to know the information for the purposes set out in the client’s consent or as otherwise permitted or required by law.
6.4 WGA employees will never leave client personal information, in paper or electronic form, unattended or exposed to anyone other than the client.
6.5 WGA will not send confidential personal information to clients by email without the client’s prior consent. Personal information sent to clients or about clients will employ secure email. (Note that secure e-mail ensures messages are encrypted. WGA regular e-mail program is not secure email.)
6.6 WGA requires external agents, such as third party auditors, to maintain the confidentiality of client information and to refrain from using client information for any purpose other than the purposes for which consent was provided by the client. Where appropriate and necessary, WGA will obtain the consent of the client to disclosure of information to external agents. (External agents are persons or companies with which WGA has contracts and that may come into contact with personal information.)
6.7 When disposal is permitted or required, records of client personal information will be disposed of in a secure manner.
7. Notice to Clients of Theft, Loss, Unauthorized Access, Use or Disclosure of Personal Information
7.1 Employees are required to report to their supervisor any theft, loss, unauthorized access, use or disclosure of personal information of WGA clients. In programs where funders require it, managers will file a serious occurrence report in this situation.
7.2 In the event of such theft, loss, unauthorized access, use or disclosure of personal information of a WGA client, WGA will notify the client as soon as possible.
7.3 Oral contact with the clients will be logged in the client record and will be followed up by a letter, which will be included in the client record.
7.4 In the case of former clients, contact will be made orally, if possible, and also in writing, at the last known address for the client recorded in WGA database.
8. Client Access to and Correction of Personal Information
8.1 Clients wishing to review their records should contact the relevant Human Resources or Program Director.
8.2 Within 30 days of any such request, an appointment will be made for the client to review his/her personal information in a confidential manner on WGA premises, in the presence of a WGA employee, unless WGA is entitled to refuse the request, in which case written notice will be given. Clients may bring a support person to this appointment if they wish. Up to 60 days may be required in the case of complex searches for records. In exceptional circumstances (e.g., a client is unable to come to the WGA office due to health issues), a copy of the record may be sent to the individual with consent.
8.3 WGA is required to retain client personal information that is the subject of a request for access for as long as necessary to allow the client to exhaust any recourse that he or she may have with respect to the request. This may require WGA to maintain the record for longer than the typical client record retention period.
8.4 Clients who wish an explanation of their records may contact their WGA service provider, the relevant program manager.
8.5 Clients will not be permitted to access third party records without the consent of the third party. In such cases, the WGA service provider will direct the client to obtain the requested information directly from the third party.
8.6 Clients wishing to correct information in their file shall provide the correction in writing to WGA. The written correction will be included in the client’s record and, within three weeks of receipt, WGA will notify the client of its response to the correction.
9. Inquiries and Complaints
9.1 Questions, comments or complaints about the WGA privacy policies and procedures or about the collection, use or disclosure of personal information will be directed to the relevant Human Resources or Program Director at the Winslow Guidance Associates, Inc. (928) 289-6789, or in writing to 607 W. Desmond Street, Winslow, AZ 86047.
9.2 WGA staff will follow the procedures set out in the Service User and Community Member Complaints policy in responding to, resolvingand recording privacy-related complaints.
9.3 If the client is not satisfied with the response provided, the client may contact the Human Resources or the Arizona Department of Health Services Division of Licensing Services at 602-364-3030 or in writing to 150 N. 18th Avenue, 4th Floor Phoenix, AZ 85007.