Sunflower Mountain Mental Health
Privacy Policy
Effective Date: 1/1/2025
Last Updated: 5/29/2025
1. Purpose
Sunflower Mountain Mental Health (SMMH) is committed to protecting the privacy and security of visitors to our website. This policy explains how we collect, use, store, and protect information in compliance with HIPAA, the No Surprises Act (NSA), Colorado consumer protection laws, and federal online privacy regulations.
2. Scope
This policy applies to all visitors using SMMH’s website (www.sunflowermountainmentalhealth.com) and governs the collection, storage, and use of personal and health-related information.
3. Compliance with HIPAA & Privacy Laws
-
SMMH follows HIPAA regulations regarding the collection, use, and disclosure of Protected Health Information (PHI).
-
Certain forms available through the website may collect PHI; however, PHI is not stored on website servers and is transmitted securely to HIPAA-compliant platforms.
-
For PHI security, refer to the HIPAA Privacy Practices Policy and Secure Electronic Communication & Patient Consent Policy.
4. Information We Collect
We collect two types of information:
-
General Website Inquiries (Non-PHI)
-
Name and email address (submitted through general inquiry forms)
-
Phone number (if voluntarily provided for communication requests)
-
Messages submitted via contact forms (for non-medical inquiries)
-
-
Cookies & Tracking Technologies
-
SMMH uses cookies and other tracking technologies to enhance user experience and analyze site performance.
-
Types of Cookies Used:
-
Essential Cookies: Necessary for core website functions.
-
Performance Cookies: Help us understand user behavior to improve our website.
-
Analytics Cookies: Track visitor data using tools like Google Analytics.
-
Marketing Cookies: May be used for advertising or promotional purposes.
-
-
How to Manage Cookies:
-
Users can disable cookies via browser settings.
-
Some website features may not function properly if cookies are disabled.
-
-
5. How We Use Your Information
We collect information for the following purposes:
-
Responding to inquiries submitted through the website.
-
Providing general information about SMMH services (not medical advice).
-
Securely transmitting PHI to HIPAA-compliant platforms for authorized purposes.
-
Processing patient payments for services outside of Headway through Square and those provided by third-party vendors under a Business Associate Agreement with SMMH.
-
Analyzing website traffic to improve functionality.
-
Ensuring compliance with privacy laws and regulations.
6. Third-Party Services & Data Sharing
-
SMMH does not sell, rent, or trade personal information.
-
We may share limited, non-PHI data with third-party vendors (e.g., Google Analytics) for website optimization.
-
HIPAA-compliant platforms (Google Workspace, CharmHealth, Spruce, Headway, and Square and platforms used by third-party vendors under a Business Associate Agreement with SMMH) are used for PHI-related communication and payment processing.
-
For more details, refer to the Secure Electronic Communication & Patient Consent Policy.
7. Protection & Security of Information
SMMH takes reasonable measures to protect information collected via our website:
-
SSL encryption for secure browsing.
-
Restricted data access (only authorized personnel can view submitted inquiries).
-
Regular security audits to ensure compliance with privacy laws.
However, no website or online platform can guarantee complete security. Users should only submit PHI through designated secure forms linked through our website.
8. Third-Party Links
-
SMMH’s website may contain links to third-party websites, including resources, payment platforms, or external services.
-
These external sites are not controlled by SMMH, and we are not responsible for their privacy practices or content.
-
We encourage users to review the privacy policies of any third-party website before submitting personal information.
9. No Surprises Act Compliance
Under the No Surprises Act (NSA), self-pay and uninsured patients have the right to:
-
A Good Faith Estimate (GFE) of expected charges before receiving non-emergency services.
-
Dispute resolution for charges exceeding the estimate by $400 or more.
-
Visit the No Surprises Act (NSA) Compliance Policy for further details.
10. Managing Your Information
Users have the right to:
-
Opt out of marketing emails (unsubscribe at the bottom of messages).
-
Request deletion of submitted contact form data (by texting (719) 679-5022).
-
Access PHI through the HIPAA-compliant patient portal (CharmHealth).
11. Changes to This Policy
SMMH may update this policy periodically. Any changes will be posted with a revised “Last Updated” date. Continued use of our website after changes constitutes acceptance of the updated policy.
12. Contact Information
For privacy-related questions, contact us:
Sunflower Mountain Mental Health (SMMH)
📞 Phone/Text: (719) 679-5022