KODIAK KINDNESS PROJECT NOTICE OF PRIVACY PRACTICES
This Notice of Privacy Practices (“Privacy Policy”) describes how information about you collected by KINDNESS may be used and disclosed and how you can get access to this information. Please review it carefully. You have the right to opt out of receiving such communications: If you do not want to receive these materials, please contact us and request that these materials not be sent to you.
OUR POLICY
Our Privacy Policy covers KINDNESS’s treatment of Personal Information, Personally Identifiable Information (both hereto referred to as “PI”) and Personal Health Information (“PHI”) that may be collected or submitted when the web-user or program participant (“you”) are using the KINDNESS’s website or when you receive KINDNESS’s services. We are required by law to maintain the privacy of your PI and your PHI, in any format (verbal, written or electronic). We are also required to notify you of our legal duties and privacy practices regarding your information and abide by the practices of this Privacy Policy, unless more stringent laws or regulations apply. This Privacy Policy does not apply to companies that KINDNESS does not own or control, or to individuals that are not under KINDNESS’s supervisory control.
APPLICATION OF THIS POLICY
The information privacy practices described in this Privacy Policy will be followed by any KINDNESS authorized personnel, such as employees, board members, trainees, students, volunteers and other persons under our direct control, whether or not they are paid by us
HOW WE COLLECT AND PROTECT YOUR INFORMATION
Please understand that whenever you voluntarily disclose PI or PHI online or through interaction with KINDNESS authorized personnel (by phone, email, text or in person), this information cannot be made one-hundred percent secure and, in some cases, that information can be intercepted, collected and used by others. However, we work hard to protect your information at all times, in several ways.
When you use our website:
- If you give us your information through our website (for example, if you donate to us online), we encrypt your information to prevent third parties without authorization from intercepting your information when it is in transit to us.
- PI may also be collected, or your IP address logged, when you visit KINDNESS’s website at kodiakkindness.org. Your IP information allows us to understand how you use our site and to enable us to make changes to our site in order to improve your experience. Information regarding your computer, your connection to our website (such as your browser type, operating system, and platform) and your user history (including, but not limited to, your session information, page errors and the length of your visits to specific pages within our website) may also be collected. We DO NOT use Google analytics or any other type of web tracking/analysis program, so your personally identifiable traffic history on our site is not trackable by us.
- KINDNESS uses cookies to remember certain user information. Cookies are electronic identifiers that are transferred automatically to your computer through your browser that allow our computers to save certain information you provide us and store information about you so we can recognize you when you visit our website in the future. You may, at any time, disable or refuse to accept cookies by changing the preferences or settings on your web browser. If you choose to disable cookies, you will still be able to use our website. However, you will not be able to fully take advantage of certain automation and other functionality features available.
- We collect and use IP addresses to analyze trends, administer the site, track user movement, and gather broad demographic information for reporting and sponsorship purposes. From time to time, we may use this information to better design our website and to share with select advertising partners, sponsors, and/or affiliates. However, IP addresses are not linked to PI or PHI.
- Protecting the privacy of children is especially important to us. For that reason, we do not collect information provided by users under the age of 13, nor do we solicit information from users under the age of 13.
- The KINDNESS website contains links to other third-party websites. Please be aware that KINDNESS does not claim any responsibility for the privacy practices of these third-party sites. We encourage you to be aware when you leave our site and to take reasonable precautions when sharing your personally identifiable information on third party websites.
- When using our website, if it has a user account function, you must choose to “opt in” to receive any newsletters, event notifications or educational information from us; you will not be automatically subscribed to any mailing lists originating from Kodiak KINDNESS. To unsubscribe from mailings, you may go to kindness.org and edit your personal profile, (if our website allows for user accounts) otherwise, you may email us to remove yourself from any electronic or postal mailing list belonging to KINDNESS.
When you receive KINDNESS services as an enrolled family:
- When you enroll to receive KINDNESS services, we collect PI and PHI about you and your baby in order to provide you with guidance on infant feeding. We also collect data on infant feeding practices for research and quality improvement purposes. Your information is stored on a secure Microsoft server that KINDNESS and its authorized personnel can only access through a password with multifactor authentication. KINDNESS and Microsoft have co-signed two documents that additionally protect your information: a Services Agreement Contract, and a Business Associate Agreement, required by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) to further protect your information.
- If you email us, you are entirely responsible for protecting any information you wish to disclose in your email to us. Sending an unencrypted email is like sending a postcard in the mail, and any authorized KINDNESS personnel may see your message.
- If we email you, we will only send you general, publicly available information, or answers to your questions that do not include any PHI. If your questions or concerns pertain to matters that necessitate us to disclose any PHI, we will call you for a phone consult or schedule a secure virtual or in-person consultation. From time to time, KINDNESS may use return email addresses to answer the email we receive from you. Such addresses are not used for any other purpose. Your PI or PHI will not be collected for use that is in violation of the law, or unrelated to that discussed in this Policy, unless you are also provided an opportunity to opt-out or otherwise prohibit such unrelated uses.
- If you call the KINDNESS cell phone “Warm-Line” number at 907-539-2660, we do not create a contact or save any of your information on our phone. Our phones are password-protected, and our voicemail box is only accessed by KINDNESS authorized personnel. We delete voicemails from our phone as soon as we return your call.
- If you text the KINDNESS cell phone, we do not create a contact or save any of your information on our phone. Our phones are password-protected and only accessed by KINDNESS authorized personnel, but it is important for you to understand that text messages are less secure than voicemail. We delete your text message as soon as we call or text you back. If we text you back, we will not include any PHI in our text. We prefer to use text only to confirm appointments and the like; in general, we refrain from providing in-depth education or counseling on infant feeding issues via text.
HOW WE USE YOUR INFORMATION
Uses and disclosures of your health information that we may make WITHOUT your authorization:
To contact you: Your information may be used to contact you by phone, text or email, to provide you with individualized infant feeding services, or to inform you of KINDNESS classes, information sessions, or community awareness/fundraising events.
Coordination of Care: Your PI or PHI may be shared with any health care provider or other community services provider who is providing you with health care or other services. This includes coordinating your care with other health care providers and providing referrals to other health care providers. Examples of health care providers who may need your information to treat you include your doctor, nurse and other providers such as physical or occupational therapists. Examples of community services providers include the Kodiak WIC Program, the Kodiak Infant Learning Program, Parents as Teachers Program, and Public Health. We may share your PI or PHI electronically with your health care providers in order to make sure they have your information as quickly as possible to treat you. We may share your PI or PHI with any family member or friend who is involved in assisting with your care. We will only do this if you agree or do not object, and will only share with them the information they need in order to help you. If you are unable to either agree or object to such a disclosure, we may disclose your PI or PHI as necessary if we determine that it is in your best interest based on our professional judgment.
Program operations: Your PI or PHI may be used in order to support our business activities and to assure that quality health care services are being provided. Some of these activities include quality assessments, peer or employee review, training of medical personnel, licensure and accreditation, data aggregation and audits by regulatory agencies.
Other uses and disclosures that we may make WITHOUT your authorization:
There are a number of ways that your PI or PHI may be used or disclosed without your authorization. Generally, these uses and disclosures are either required by law or for public health and safety purposes.
When required by law: We may use or disclose your PI or PHI when required by law. If this happens, we will comply with the law and will only disclose the information necessary.
Public health: We may disclose your PI or PHI to a public health authority for public health activities. Public health activities include preventing or controlling disease, injury, disability, and responding to reports of abuse, neglect or domestic violence. We may disclose your PI or PHI to a person or agency required to report adverse events, product defects or problems, biologic product deviations, or for product recalls, repairs or replacements. Any disclosures of this nature will be made consistent with state and federal law.
Health oversight: We may disclose your PI or PHI to health oversight agencies for oversight activities authorized by law, such as audits, investigations, and inspections. Health oversight agencies include government agencies that oversee the Health care system, government benefit programs, government regulatory programs and civil rights.
Legal proceedings: We may use or disclose your PI or PHI in response to a court or administrative order in an administrative or judicial proceeding, or in response to a subpoena, discovery request or other legal process.
Law enforcement: We may use or disclose your PI or PHI for law enforcement purposes. Examples include (1) responding to legal processes; (2) providing limited information to identify or locate a suspect; (3) providing information about crime victims; (4) reporting suspicion that death has occurred as a result of criminal conduct; (5) reporting a crime which occurred on our premises; and (6) for medical emergencies, reporting where it appears likely a crime occurred.
Preventing a serious threat: We may use or disclose your PI or PHI if we believe in good faith that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health and safety of a person or of the public. Disclosure may only be made to a person reasonably able to prevent or lessen the threat.
Research: We may disclose your PI or PHI to researchers, provided that the research has been approved by an Institutional Review Board and/or a Privacy Board, and the research protocols have been approved to ensure your privacy. We may disclose PI or PHI about you to people preparing to conduct a research project.
Inmates/arrestees: We may use or disclose your PI or PHI to a correctional institution or law enforcement official if you are an inmate of a correctional facility or are in custody and the information is necessary to treat you or protect the health and safety of you, other inmates, employees at the correctional facility or others.
Uses and disclosures of your health information that we may make WITH your authorization:
Certain uses and disclosures of your PI or PHI, including marketing, fundraising or community awareness initiatives, will be made only with your written authorization. You may revoke an authorization in writing at any time, except to the extent that we have already taken action in reliance on the authorization.
Uses and disclosures not otherwise described in this Privacy Policy will be made only with your written authorization. Federal and state laws may place additional limitations on the disclosure of your PI or PHI for drug or alcohol abuse treatment programs, sexually transmitted diseases, or mental health treatment programs. When required by law, we will obtain your authorization before releasing this type of information.
YOUR RIGHTS
Right to request restrictions: You have the right to ask us to place restrictions on the way we use or disclose your PI and PHI. We will consider your request but are not required to agree to the restriction (except as described below). If we agree to a restriction, we will not use or disclose your PI and PHI in violation of that restriction unless it is needed for an emergency. If a restriction is no longer feasible, we will notify you.
Breach notification: You have the right to receive notification of breaches of your PI and PHI as required by law.
Access to your PI and PHI: You have the right to receive a copy of your PI and PHI that we maintain, with some limited exceptions. You may request access to your information in writing, and you may request a copy of your information in electronic format. We reserve the right to charge a reasonable fee for the cost of producing and providing your PI and PHI. You have the right to request that your PI and PHI be sent to any person or entity, such as another doctor, caregiver or online personal health record.
Amendment of your PI and PHI: You have the right to ask us to amend any of your PI and PHI. You need to request this amendment in writing. We may deny your request in certain situations, such as if we determine your information is accurate and complete. Any denials will be in writing. You have the right to appeal our denial by filing a written statement of disagreement.
Accounting of certain disclosures: You have a right to a listing of the disclosures we make of your PI and PHI, except for those disclosures made pursuant to your authorization. The type of disclosures typically contained in a listing would be disclosures made for mandatory public health purposes, law enforcement, legal proceedings, or for other similar required reporting.
Exercising your rights: To exercise any of the above rights or if you need to share your PI and PHI with someone for purposes other than those listed here, please contact us.
Questions and complaints: If you have questions or are concerned that any of your privacy rights have been violated, please contact us. You will not be retaliated against for filing a complaint.
Changes to this Notice of Privacy Practices: We reserve the right to change the terms of our Privacy Policy at any time. New Privacy Policy provisions will be effective for all protected PI and PHI that we maintain. You may view a copy of our most current Privacy Policy on our website, or request a current copy from us at any time.
Last Reviewed: 11/12/2020