Effective Date: September 2025
This Privacy Policy explains how Duran ADHD & Behavioral Health Clinic PLLC (“Duran ADHD & Behavioral Health Clinic,” “we,” “our,” “us”) collects, uses, discloses, and safeguards information when you use https://duranadhdclinic.com/ (the “Site”) and when you interact with our services. This Privacy Policy is separate from our HIPAA Notice of Privacy Practices (NPP), which describes how we use and disclose Protected Health Information (“PHI”) for treatment, payment, and healthcare operations.
Contact
Phone: (425) 361-4294
Applies to visitors and users of the Site and to individuals who contact us through the Site.
PHI collected and used in connection with clinical services is handled in accordance with HIPAA and our NPP.
Certain non-HIPAA data related to health (e.g., when you interact with the Site but are not receiving care) may be subject to Washington’s My Health My Data Act (MHMDA).
Personal Information: name, email, phone number, date of birth, and information you submit via Site forms (e.g., appointment requests).
Health Information (PHI): information provided or generated in connection with care (symptoms, history, treatment).
Technical/Usage Data: IP address, device identifiers, browser type, pages viewed, timestamps, referring/exit pages.
Cookies and Similar Technologies: used to operate the Site, remember preferences, and analyze usage.
Aggregated/De-identified Data: created for lawful purposes that do not identify you.
Directly from you when you submit forms, schedule, message us, or otherwise provide information.
Automatically via cookies, pixels, and analytics tools when you navigate the Site.
From service providers supporting Site hosting, analytics, forms, scheduling, secure messaging, billing, or communications.
Provide, operate, and improve the Site.
Respond to inquiries, schedule appointments, and communicate with you.
Provide clinical services and manage treatment, billing, and operations (PHI per HIPAA/NPP).
Maintain security, prevent fraud, and comply with law.
Conduct analytics to understand Site performance and plan improvements.
Send administrative messages (e.g., confirmations, policy updates).
Send marketing communications only with required permissions; you can opt out at any time.
We disclose information only as permitted by law and contract.
PHI (HIPAA-regulated):
To healthcare providers involved in your care.
To payers for billing purposes.
To business associates who support our operations, including PracticeQ EHR, our electronic health record and practice management system provider. PracticeQ helps us manage scheduling, clinical documentation, secure messaging, billing, and patient communications under HIPAA-compliant agreements.
As required by law (e.g., public health reporting, court orders, preventing or mitigating a serious threat).
Non-PHI (Site/consumer data):
To vendors who host, maintain, or analyze our Site or facilitate communications, subject to confidentiality obligations.
In connection with organizational changes (e.g., merger or acquisition), subject to legal requirements.
When required by law or to protect rights, safety, and security.
We do not sell your personal information. We do not permit third parties to use PHI or personal information for their own independent marketing purposes without your authorization where required.
We may use first-party cookies for essential Site functions and preferences.
We may use analytics tools (configured to limit data where appropriate) to measure Site usage.
You can manage cookies via browser settings; if you block cookies, certain features may not work.
For PHI areas (e.g., the PracticeQ patient portal), we limit tracking consistent with HIPAA guidance.
Marketing emails: unsubscribe via links in messages or by contacting us.
Cookie controls: adjust browser settings.
Do Not Track: the Site may not respond to all DNT signals; use browser tools and cookie settings.
HIPAA Rights (for PHI in our records): access and obtain a copy of your PHI; request amendments; request restrictions; request confidential communications; receive an accounting of certain disclosures; receive a paper copy of the NPP. Submit HIPAA requests to the Privacy Officer.
Washington and Other Applicable State Rights (non-PHI/consumer data): subject to eligibility under applicable law (including MHMDA), you may have the right to know what consumer health data we collect, access it, delete it, or withdraw consent for certain processing. We will verify your request as required by law.
We use administrative, technical, and physical safeguards designed to protect information against unauthorized access, use, alteration, and disclosure. PracticeQ EHR provides HIPAA-compliant data hosting and encryption for patient records. No method of transmission or storage is fully secure. If legally required, we will notify you of a breach.
We retain information as needed to fulfill the purposes described in this Policy, comply with legal/recordkeeping requirements, resolve disputes, and enforce agreements. Medical records are retained consistent with applicable healthcare record-retention laws and professional standards.
The Site is not directed to children under 13. PHI of minor patients collected for treatment is handled under HIPAA and applicable state law and requires appropriate consents.
The Site may link to third-party websites or services. Review their privacy policies before providing information. We are not responsible for their practices.
We operate in the United States. If you access the Site from outside the U.S., your information may be processed in the U.S., where laws may differ from those in your jurisdiction.
We may update this Policy from time to time. The “Effective Date” reflects the latest version. Continued use of the Site after changes means you accept the revised Policy.
HIPAA complaints may also be filed with the U.S. Department of Health and Human Services, Office for Civil Rights.
For information on how we use and disclose PHI for treatment, payment, and healthcare operations and for your HIPAA rights, refer to our Notice of Privacy Practices.