Privacy Policy

1. Introduction

IRIS Autism and Developmental Services, LLC ("IRIS," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit our website, use our services, or otherwise interact with us. This policy applies to all information collected through our website, client portal, and any related services, applications, or communications.

By accessing our website or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access our website or use our services.

2. Information We Collect

2.1 Protected Health Information (PHI)

In providing psychological assessment and testing services, we collect Protected Health Information as defined by the Health Insurance Portability and Accountability Act (HIPAA). PHI refers to information in your health record that could identify you. This includes:

• Demographic information (name, date of birth, address, phone number, email)
• Medical and developmental history
• Clinical interview notes and behavioral observations
• Psychological testing results, scores, and interpretations
• Diagnostic assessments and evaluation reports
• Insurance information and billing records
• Parent/guardian information for minor clients

2.2 Website and Technical Information

When you visit our website, we may automatically collect certain technical information, including:

• IP address and browser type
• Device information and operating system
• Pages visited and time spent on our website
• Referring website addresses
• Cookies and similar tracking technologies

2.3 Communication Information

We collect information you provide when communicating with us, including contact form submissions, email correspondence, phone calls, text messages, and voicemails.

3. How We Use Your Information

3.1 Treatment

We use your PHI to provide, coordinate, and manage your health care and related services. This includes conducting psychological assessments, coordinating care with other healthcare providers when authorized, and preparing evaluation reports.

3.2 Payment

We use and disclose your PHI to obtain reimbursement for services, including billing your insurance provider, verifying coverage eligibility, and collecting outstanding balances.

3.3 Health Care Operations

We use your PHI for activities related to the performance and operation of our practice, including quality assessment, administrative services, case management, and care coordination.

3.4 Business Operations

We use non-PHI information to improve our website and services, respond to inquiries, send appointment reminders and scheduling communications, and comply with legal obligations.

4. Disclosure of Your Information

4.1 Disclosures Requiring Authorization

Except as described below, we will obtain your written authorization before using or disclosing your PHI for purposes outside of treatment, payment, or health care operations. You may revoke any authorization in writing at any time, except to the extent that we have already taken action in reliance on the authorization.

4.2 Disclosures Without Authorization

We may use or disclose your PHI without consent or authorization in the following limited circumstances:

• Child Abuse or Neglect: If we know or have reasonable cause to suspect that a child has been or is in immediate danger of being abused or neglected, we are required by North Carolina law to report such information to the appropriate authorities.
• Adult and Domestic Abuse: If we believe that an adult is in need of protective services because of abuse or neglect, we must report this to the appropriate authorities.
• Serious Threat to Health or Safety: If disclosure is necessary to protect you or another individual from a substantial risk of imminent and serious physical injury.
• Health Oversight Activities: If the NC Board of Psychology or other regulatory body is investigating our practice.
• Judicial and Administrative Proceedings: In response to a court order or valid subpoena. We will not release information without your written authorization unless compelled by court order.

5. Your Rights Regarding Your Information

Under HIPAA and applicable state law, you have the following rights:

• Right to Request Restrictions: You may request restrictions on certain uses and disclosures of your PHI. However, we are not required to agree to a restriction you request.
• Right to Confidential Communications: You may request to receive communications of PHI by alternative means or at alternative locations.
• Right to Inspect and Copy: You have the right to inspect or obtain a copy of your PHI in your clinical and billing records. We may deny access under certain circumstances as permitted by law.
• Right to Amend: You may request an amendment to your PHI. We may deny your request under certain circumstances.
• Right to an Accounting: You have the right to receive an accounting of disclosures of your PHI.
• Right to a Paper Copy: You may obtain a paper copy of this Privacy Policy upon request.
• Right to Restrict Disclosures for Out-of-Pocket Payments: If you pay out-of-pocket in full for services, you may request that we not disclose PHI to your health plan.
• Right to Breach Notification: You have the right to be notified if there is a breach of your unsecured PHI.

6. Data Security

We implement appropriate administrative, technical, and physical safeguards to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted data transmission, secure storage systems, access controls, and regular security assessments. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Third-Party Services and Business Associates

We may use third-party service providers who assist in operating our practice, such as electronic health record systems, practice management software, and communication platforms. These business associates are required to maintain the confidentiality and security of your PHI pursuant to Business Associate Agreements as required by HIPAA.

8. Cookies and Tracking Technologies

Our website may use cookies and similar tracking technologies to enhance your browsing experience and analyze website traffic. You can control cookies through your browser settings. Disabling cookies may limit your ability to use certain features of our website.

9. Children's Privacy

Our clinical services include assessments for children and adolescents. For clients under 18 years of age, a parent or legal guardian must provide consent for services and for the collection and use of their child's information. We are committed to protecting the privacy of minors and comply with all applicable laws regarding children's information, including HIPAA and the Children's Online Privacy Protection Act (COPPA) where applicable.

10. Communication Preferences

With your consent, we may communicate with you via phone calls, voicemails, text messages (SMS), and email for scheduling, reminders, and service-related communications. While we use reasonable safeguards to protect your privacy, SMS and email communications may not be fully secure. You have the right to request alternative communication methods or opt out of text or email communication at any time by notifying us in writing. Standard text messaging and data rates may apply based on your mobile plan.

11. Data Retention

We retain your PHI and other records in accordance with applicable federal and state laws, professional standards, and our record retention policies. For minor clients, records are retained for the period required by law, which in North Carolina is typically until the minor reaches adulthood plus additional years as required by law.

12. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Changes will be effective immediately upon posting to our website. Your continued use of our website or services after any changes indicates your acceptance of the modified Privacy Policy. We encourage you to review this Privacy Policy periodically.

13. Complaints

If you believe your privacy rights have been violated or if you disagree with a decision we made about access to your records, you may file a complaint with us, the North Carolina Department of Health and Human Services, or the Secretary of the U.S. Department of Health and Human Services. We will not retaliate against you for filing a complaint.

14. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of North Carolina and applicable federal law, including HIPAA, without regard to conflicts of law principles.

15. Contact Information

If you have questions about this Privacy Policy, wish to exercise your rights, or have concerns about our privacy practices, please contact us at:

16. Acknowledgment

By using our website or services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.