PRIVACY POLICY

Effective Date: September 7, 2025

Koʻolauloa Health Center (“KHC,” “we,” “us,” or “our”) is committed to protecting the privacy of all visitors to our website and safeguarding personal information in compliance with the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH), and applicable state and federal laws.

This Privacy Policy describes how we collect, use, disclose, and protect information when you use our website, patient portal, and related online services (collectively, the “Site”).

01/ INFORMATION WE COLLECT

a. Personal Information (PII/PHI)
We may collect personally identifiable information (PII) and protected health information (PHI) that you voluntarily provide, such as when you:

  • Request an appointment

  • Register for the patient portal

  • Submit forms, applications, or inquiries

  • Subscribe to newsletters or updates

  • Make a payment

This may include your name, contact information, health information, insurance information, and other details necessary to provide health care services.

b. Non-Personal Information (Usage Data)
We automatically collect limited, non-personal information to help us improve the Site, including:

  • Browser type, operating system, and IP address

  • Pages visited, links clicked, and time spent on the Site

  • Referring website or search engine
    This data is aggregated and does not identify you personally.

c. Cookies and Tracking Technologies
We use cookies, pixel tags, and similar technologies to enhance website functionality, improve user experience, and analyze traffic. You may disable cookies in your browser, but some features may not function properly.

d. Google Analytics & Third-Party Tools
We use Google Analytics and similar tools to understand website usage. Data collected may include IP address, device identifiers, and browsing activity. Google may transfer this information to third parties when required by law. You may opt out at: tools.google.com/dlpage/gaoptout.

02/ HOW WE USE INFORMATION
We may use information collected to:

  • Provide and improve our services and patient care

  • Process requests, payments, and inquiries

  • Send updates, health information, and newsletters (with your consent)

  • Operate and secure the Site and patient portal

  • Conduct data analysis and research (in de-identified or aggregate form)

  • Comply with applicable laws, regulations, and reporting obligations

03/ HOW WE SHARE INFORMATION
We do not sell or trade your personal information. We may share information only as permitted by law, including:

  • Treatment, Payment, and Health Care Operations (as defined under HIPAA)

  • Service Providers that perform functions on our behalf (e.g., IT, billing, hosting, analytics) under strict confidentiality agreements

  • Public Health and Safety reporting (e.g., disease prevention, abuse reporting, FDA reporting)

  • Legal Requirements (e.g., in response to subpoenas, court orders, or regulatory inquiries)

  • Business Transfers (e.g., merger, acquisition, or asset transfer)

Any disclosures will comply with HIPAA’s minimum necessary rule.

04/ PATIENT RIGHTS
Consistent with HIPAA, you have the right to:

  • Access and receive a copy of your medical record

  • Request corrections to your record

  • Request confidential communications

  • Restrict disclosure to health insurers for services paid out-of-pocket in full

  • Receive an accounting of disclosures

  • Obtain a copy of this Privacy Policy at any time

  • File a complaint with us or with the U.S. Department of Health and Human Services if you believe your privacy rights have been violated

05/ CHILDREN’S PRIVACY
Our Site is not intended for children under 13. We do not knowingly collect personal information from children. If such information is discovered, it will be deleted promptly.

06/ SECURITY
We use physical, electronic, and procedural safeguards to protect your information, including encryption, access controls, and monitoring. However, no system can be guaranteed 100% secure. By using the Site, you acknowledge and accept these risk.

07/ COMMUNICATIONS

  • Email: Standard email is not always secure. Do not send sensitive health information via unsecured email.

  • Fundraising: We may contact you for fundraising efforts, but you may opt out of further communications at any time.

  • Do Not Track: Our Site does not respond to browser “Do Not Track” signals.

08/ LINKS TO OTHER WEBSITES
Our Site may include links to third-party websites. We are not responsible for the privacy practices or content of those sites. Please review their policies before providing information.

09/ DATA PROCESSING & STORAGE
All information is stored and processed in the United States. If you are located outside the U.S., by using our Site you consent to the transfer and processing of your information in accordance with U.S. law.

10/ CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised effective date. Your continued use of the Site constitutes acceptance of any changes.

11/ CONTACT INFORMATION
If you have questions, concerns, or complaints about this Privacy Policy, please contact:

Koʻolauloa Health Center
Mailing Address: P.O. Box 395, Kahuku, HI 96731
Phone: 808-293-9231
Email: [email protected]

You may also file a complaint with:
U.S. Department of Health and Human Services, Office for Civil Rights
200 Independence Avenue, S.W., Washington, D.C. 20201
Phone: 1-877-696-6775
Website: www.hhs.gov/ocr/privacy/hipaa/complaints

We will not retaliate against you for filing a complaint.