top of page

Privacy Policy

Notice of Privacy Practices & Website Privacy Policy

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Our Commitment to Privacy

At Ember Health, we understand that your privacy is fundamentally important. This document serves two purposes:

  1. Notice of Privacy Practices (HIPAA): Explains how we handle the Protected Health Information (PHI) of our patients.

  2. Website Privacy Policy: Explains how we handle general Personally Identifiable Information (PII) collected from visitors to our website and digital platforms.

If you have questions about this policy, please contact us using the contact form. Note: Please do not send sensitive health information via unsecured email.
 

PART 1: HIPAA Notice of Privacy Practices (For Patients)

This section applies to the Protected Health Information (PHI) we collect, create, and maintain about you as a patient of Ember Health to provide you with healthcare services. Our privacy practices are designed to comply with the Health Insurance Portability and Accountability Act (HIPAA) and Washington State law (RCW 70.02).

How We May Use and Disclose Your PHI

Under HIPAA, we are permitted to use and disclose your PHI for the following core purposes without your written authorization:

  • Treatment: We may use your PHI to provide, coordinate, or manage your healthcare. For example, we may share your information with other physicians, specialists, or labs involved in your care.

  • Payment: We may use and disclose your PHI to bill and collect payment for the services we provide. For example, we may share details of your treatment with your health insurance plan to receive reimbursement.

  • Healthcare Operations: We may use your PHI for our internal business operations to ensure we provide quality care. For example, we may use your records to evaluate the performance of our staff or for clinical quality improvement.

  • As Required by Law: We will disclose your PHI when required by federal, state, or local law, including for public health reporting, preventing a serious threat to health or safety, reporting suspected abuse/neglect, or responding to court orders.
     

Washington State Specific Protections

Washington State law (RCW 70.02) provides additional, stricter confidentiality protections for certain highly sensitive health information. Unless specifically permitted by law, we will obtain your explicit written authorization before disclosing records related to:

  • Mental health treatment

  • Substance use disorder treatment

  • Sexually transmitted diseases (including HIV/AIDS)

  • Reproductive health services
     

Your Health Information Rights Under HIPAA

As a patient, you have the following rights regarding your medical records:

  • Right to Inspect and Copy: You have the right to request access to view or receive a copy of your medical records and billing information.

  • Right to Amend: If you believe your PHI is incorrect or incomplete, you may request that we amend the information. (Note: Medical records cannot be deleted or erased, but an amendment can be added).

  • Right to an Accounting of Disclosures: You have the right to request a list of certain disclosures we have made of your PHI outside of treatment, payment, or healthcare operations.

  • Right to Request Restrictions: You may request that we limit how we use or disclose your PHI. We are not legally required to agree to your request, except when you pay for a service fully out-of-pocket and request we not share it with your insurance.

  • Right to Request Confidential Communications: You can request that we communicate with you in a specific way (e.g., calling your cell phone instead of home, or mailing to a P.O. Box).

  • Right to a Paper Copy: You are entitled to receive a paper copy of this Notice at any time.
     

How to File a Complaint

If you believe your privacy rights have been violated, you have the right to file a formal complaint. You will not be penalized or retaliated against for filing a complaint.

PART 2: Website & Consumer Privacy Policy (For All Users)

This section outlines how we collect, use, and protect general Personal Data and Personally Identifiable Information (PII) when you visit our website, use our app, or communicate with us outside of a clinical setting.
 

Information We Collect

To enhance your experience, we may collect:

  • Information You Provide: Full name, mailing address, email, phone number, and contact form submissions.

  • Usage & Technical Data: IP address, browser type, operating system, and analytics regarding how you interact with our website.

  • Cookies and Tracking: We use temporary and persistent cookies to support site functionality and track user activity. You may block cookies via your browser, though this may limit functionality.

SMS / Text Messaging Consent (OPT-IN)

By entering your mobile phone number and submitting our forms, you agree to receive recurring automated text messages from Ember Health regarding care coordination, health reminders, appointment follow-ups, and program support. Message & data rates may apply. Reply STOP to unsubscribe or HELP for help. Consent to text messaging is not required to receive medical care.

  • Do Not Share Statement: No mobile or messaging consent information will be shared with third parties or affiliates for marketing/promotional purposes. This excludes text messaging originator opt-in data and consent; this specific information will not be shared with any third parties.


How We Use General Personal Data

We use your non-medical PII to:

  • Provide, maintain, and improve our digital services.

  • Manage your user account.

  • Contact you regarding updates, security alerts, and requested information.

  • Perform aggregated, anonymized analysis of user demographics.
     

Your Consumer Privacy Rights

  • Access & Correction: Request to view or update your PII.

  • Withdraw Consent: Revoke previously given consent for marketing or cookies.

  • Right to Deletion: Request deletion of your general marketing/website PII. (Note: This right to deletion does NOT apply to Protected Health Information or medical records, which we are required to retain by state and federal medical board laws).

  • California Privacy Rights: Under Civil Code Section 1798.83, California residents may request details about how their data is shared with third parties for marketing (limit one per year). We honor "Do Not Track" signals.

  • Washington My Health My Data Act (MHMDA): For consumers who are not patients, any "Consumer Health Data" collected via our website is governed strictly by our MHMDA Consumer Health Data Privacy Policy [Link to separate MHMDA policy if applicable].
     

PART 3: Security & Retention

Data Security We take your data security seriously. We implement physical, technical, and administrative safeguards (including encryption and secure servers) to protect your data from unauthorized access. However, no method of internet transmission is 100% secure. You transmit personal data over the internet at your own risk.
 

How You Can Protect Your Data

  • Secure your personal devices with passwords and encryption.

  • Protect your Ember Health user ID and password.

  • Beware of Phishing: We will never ask for sensitive information like full social security numbers or passwords via unsecured email.
     

Data Retention
We retain your general PII only as long as necessary for service delivery. Medical records and PHI are retained in accordance with strict state and federal medical retention laws (typically 6 to 10 years after the last date of service, or longer for minors).
 

Policy Updates

We reserve the right to update this Privacy Policy. Significant changes will be highlighted on our website or communicated via email. All changes apply to the data we manage at that time.

bottom of page