Welcome
Natalie Baldwin PMHNP-BCPsychiatric Mental Health Nurse Practitioner
Effective Date: April 24, 2024
This privacy policy (“Privacy Policy”) describes the collection of personal information by Natalie Baldwin Nurse Practitioner in Psychiatry PLLC, a Professional Limited Liability Company (“we,” “us”, or “our”) from users (“you”, “your”) of our website at www.nataliebaldwinnp.com (our “Site”) along with other services provided by us and on which a link to this Privacy Policy is displayed (collectively, our “Services”).
This Privacy Policy also describes your rights as a data subject to inquire about your personal information that we process and describes certain rights that you, as the data subject, have regarding this information.
Please read this Privacy Policy carefully to understand our practices regarding your personal information and how we will use it. By accepting this Privacy Policy, you agree to the collection, storage, use and disclosure of your personal information as described in this Privacy Policy.
If you have any questions or comments about this Privacy Policy, please contact us using the following contact information:
Natalie Baldwin Nurse Practitioner in Psychiatry PLLC
1 Pine West Plaza, Suite 110
Albany NY, 12205
Phone: 518 362 7818
We are committed to protecting the privacy of all individuals therefore we have expanded the level of protection we provide for all patients to be compliant with HIPAA and various Data Privacy Laws. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) defines “protected health information” as information that identifies an individual or that reasonably can be used to identify an individual, and that relates to the individual’s past, present, or future health or condition, healthcare provided to the individual, or the past, present, or future payment for healthcare provided to the individual. The following personal data is considered ‘sensitive information’ and is subject to specific processing conditions:
▪ personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs;
▪ trade-union membership;
▪ genetic data, biometric data processed solely to identify a human being;
▪ health-related data;
▪ data concerning reproductive health
▪ data concerning a person’s sex life or sexual orientation.
For simplicity, we will refer to protected information simply as “sensitive information” in this Notice.
• We will safeguard the privacy of sensitive information that we have created or received as required by law.
• We will explain how, when and why we use and/or disclose your sensitive information.
• We will comply with the provisions of this Notice and only use and/or disclose your sensitive information as described in this Notice.
• We will provide notice of a Natalie Baldwin Nurse Practitioner in Psychiatry PLLC breach of unsecured sensitive information.
Natalie Baldwin Nurse Practitioner in Psychiatry PLLC utilizes AdvancedMD as our Electronic Health Record (EHR) provider which stores sensitive information of our patients. You may consult their privacy policy at: https://info.advancedmd.com/rs/332-PCG-555/images/AdvancedMD-Online-Privacy-Statement.pdf
AdvancedMD HIPAA Privacy Statement: https://info.advancedmd.com/rs/332-PCG-555/images/AdvancedMD-HIPAA-Privacy-Statement.pdf
Natablie Baldwn NP PLLC Policies: https://nataliebaldwinnp.com/policies.html
The following categories describe different ways that we may use and disclose sensitive information. For each category of uses or disclosures, we will explain what we mean and try to give some examples. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose health information will fall within at least one of the categories.
For Treatment. We may use your sensitive information to provide, coordinate or manage your healthcare treatment and related services. This may include communication with other health care providers regarding your treatment and coordinating and managing your healthcare with others. For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process. The doctor may need to tell the dietitian if you have diabetes so that we can arrange for appropriate meals.
For Payment. We may use and disclose your sensitive information in order to bill and collect payment for treatment and services provided to you by the Natalie Baldwin Nurse Practitioner in Psychiatry PLLC. We may also disclose your sensitive information to other providers so they may bill and collect payment for treatment and services they provided to you. Before you receive scheduled services, we may share sensitive information about these services with your health plan(s) to obtain prior approval or to determine whether your insurance will cover the treatment. We may also share your sensitive information with billing and collection departments or agencies, insurance companies and health plans to collect payment for services, departments that review the appropriateness of the care provided and the costs associated with that care and to consumer reporting agencies (e.g., credit bureaus). For example, if you have a broken leg, we may need to give your health plan(s) health information about your condition, supplies used (medications or crutches) and services you received (x-rays or surgery). This sensitive information is given to our billing agency and your health plan so we can be paid or you can be reimbursed.
Contacting You. We may use and disclose sensitive information to contact you about appointments, prescription reminders, clinical instructions, surveys, billing, or general communications. We may contact you by mail, telephone, email, or text message when you provide your address, telephone number, email address, or mobile phone number. There is a risk that someone else could read or access unencrypted emails or text messages. You may opt-out of these communications using the patient portal or opt-out links provided in the communication.
Electronic Health Information Exchange (HIE) and other de-identified data partnerships. We may participate in certain HIEs that permit health care providers or other health care entities, such as your health plan or health insurer, to share your health information for treatment, payment and other purposes permitted by law, including those described in this Notice.
Individuals Involved in Your Care or Payment for Your Care. We may share with a family member, relative, friend, or other person identified by you, sensitive information that is directly relevant to that person’s involvement in your care or payment for your care. We may use or disclose sensitive information in order to notify a family member, personal representative, or other person responsible for your care of your location, general condition or death. In addition, we may disclose sensitive information about you to an entity assisting in a disaster relief effort so that your family, personal representative or others responsible for your care can be notified about your location, general condition or death. If you do not want sensitive information about you used or disclosed in the above circumstances, please notify our practice in writing. We will comply with additional state law confidentiality protections if you are a minor and receive treatment for pregnancy, drug and/or alcohol abuse, communicable disease, or mental health.
We may use and/or disclose sensitive information about you for a number of circumstances in which you do not have to consent, give authorization or otherwise have an opportunity to agree or object. Those circumstances include:
As Required by Law. We will disclose your sensitive information when required to do so by federal, state, or local law or other judicial or administrative proceedings. For example, we may disclose your sensitive information in response to an order of a court or administrative tribunal.
We will not disclose sensitive data for either of the following activities:
. To conduct a criminal, civil, or administrative investigation into or impose criminal, civil, or administrative liability on any person for the mere act of seeking, obtaining, providing, or facilitating reproductive health care, where such health care is lawful under the circumstances in which it is provided.
. The identification of any person for the purpose of conducting such investigation or imposing such liability.
To Avert a Serious Threat to Health or Safety. We may use and disclose your sensitive information when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent or reduce the threat.
Public Health Risks. We may disclose your sensitive information to appropriate government authorities for public health activities. These activities generally include the following:
• To prevent or control disease, injury or disability.
• To report births and deaths.
• To report child abuse or neglect.
• To report reactions to medications or problems with products.
• To notify people of recalls of products they may be using.
• To notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease.
• To notify the appropriate government authority if we believe an adult patient has been the victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
• To support public health surveillance and combat bioterrorism.
Health Oversight Activities. We may disclose your sensitive information to a federal or state health oversight agency for oversight activities authorized by law.
Law Enforcement. We may release sensitive information to a law enforcement official for certain law enforcement purposes. For example, we may disclose your sensitive information to report a gunshot wound.
Lawsuits and Disputes. In the course of any judicial or administrative proceeding, we may disclose your sensitive information in response to a court or administrative order, subpoena, discovery request, or other lawful process.
Coroners, Medical Examiners and Funeral Directors. We may release sensitive information to a coroner or medical examiner. This may be necessary to identify a deceased person or determine the cause of death. We may also release sensitive information to funeral directors as necessary for them to carry out their duties.
Organ and Tissue Donation. We may release sensitive information to organizations that handle organ procurement or organ, eye or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.
Specialized Government Functions. We may disclose sensitive information about you if it relates to military and veterans’ activities, national security and intelligence activities, protective services for the President, and medical suitability determinations of the Department of State.
Workers’ Compensation. We may release your sensitive information for workers’ compensation or similar programs. These programs provide benefits for work-related injuries or illness.
Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release your sensitive information to the correctional institution or law enforcement official. This release is required: (1) for the institution to provide you with health care; (2) to protect your health and safety or the health and safety of others; and (3) for the safety and security of the correctional institution.
You have the following rights regarding the information we maintain about you:
Right to Inspect and Copy. You have the right to inspect and obtain a copy of your sensitive information. (requests for medical records may take up to 10 business days)
Right to Amend. You have the right to request that we make amendments to clinical, billing and other records used to make decisions about you.
Right to an Accounting of Disclosures. Obtain an accounting of disclosures of your sensitive information as provided by law
Right to Request Restrictions. You have the right to request that we restrict the use and disclosure of your sensitive information.
Right to Revoke Authorization. You have the right to revoke your authorization to use or disclose health information except to the extent that action has already been taken
Right to erasure. the right to obtain the erasure of your personal information without undue delay in certain circumstances, such as where the personal information is no longer necessary in relation to the purposes for which it was collected or processed.
Rights in relation to automated decision making and profiling. You have the right not to be subject to a decision that affects you based solely on automated processing. See the section ‘Automated Decision-making and profiling’ in this Privacy Policy for more information.
Automated decision making refers to a decision that is taken solely on the basis of automated processing of your personal data, for example using software, artificial intelligence or other rating or scoring algorithms. Profiling uses automated processing which sometimes results in automated decision making, and in some cases does not. We do not perform any automated decision-making and profiling on your personal information.
Unless otherwise specifically stated elsewhere in this Privacy Policy, we will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
California law requires us to let you know how we respond to web browser Do Not Track (DNT) signals. Because there currently isn’t an industry or legal standard for recognizing or honoring DNT signals, we don’t respond to them at this time. We await the result of work by the privacy community and industry to determine when such a response is appropriate and what form it should take.
A California resident who has provided personal information to a business with whom he/she has established a business relationship for personal, family, or household purposes (“California Customer”) is entitled to request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes, subject to certain exceptions. In general, subject to certain exceptions, if the business has made such a disclosure of personal information, upon receipt of a request by a California Customer, the business is required to provide, free of charge, a list of all third parties to whom personal information was disclosed in the preceding calendar year, as well as a list of the categories of personal information that were disclosed. California Customers may request further information about our compliance with this law by contacting our practice.
We use your personal information to carry out the obligations arising from providing our Services. This section describes the types and categories of personal information we may collect, and how we may use that information.
We collect personal information that you provide when you use the patient portal on our Site and when you use our Services. We use this personal information in a variety of ways, and this personal information includes the following:
If you use our Services, we may store correspondence, notes, files and other documentation containing your sensitive information.
Information entered into the patient portal, which may contain sensitive information.
When you visit our Site, some information is collected automatically and is not provided directly by you. For example, when you access our Site, we automatically collect your browser’s Internet Protocol (IP) address, your browser type, the nature of the device from which you are visiting the Service (e.g., a personal computer or a mobile device), the identifier for any handheld or mobile device that you may be using, the web site that you visited immediately prior to accessing our Site, the actions you take on our Site, and the content, features, and activities that you access and participate in on our Site.
We may collect this information passively in our server logs. We may also collect information passively using technologies such as cookies, clear image files, or Javascript tags, as described in the section “Cookies and Similar Technologies” in this Privacy Policy. We use passively-collected information to administer, operate, and improve our Site and systems, If we link or associate any information gathered through passive means with personal information, or if applicable laws require us to treat any information gathered through passive means as personal information, we treat the combined information as personal information under this Privacy Policy. Otherwise, we use and disclose information collected by passive means in aggregate form or otherwise in a non-personally identifiable form.
We use cookies and similar technologies to enable the Site to function, and gain insights into your usage of the Site, and to distinguish you from other users of the Site. Cookies are small files that allow for personalization of the Site by saving your information such as user ID and other preferences. The Site also uses a related technology called local storage which allows preferences and cached information to be stored locally on your computer or mobile device.
Also, please be aware that third parties, such as the sites or services provided by third parties (“Third-Party Sites”) that may be linked to from the Site, may set cookies or use other means of passively collecting information about your use of their services, Third-Party Sites or content. We do not have access to, or control over, these third-party means of passive data collection.
Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites function, to work more efficiently, as well as to provide reporting information.
Cookies set by the operator of a website (in this case, Natalie Baldwin Nurse Practitioner in Psychiatry PLLC) are called “first party cookies”. Cookies set by parties other than Natalie Baldwin Nurse Practitioner in Psychiatry PLLC are called “third-party cookies”. Third-Party cookies enable third party features or functionality to be provided on or through the Site (for example advertising, interactive content, interaction with social media sites, and analytics). The parties that set these third party cookies can recognize your computer or mobile device both when you visit our Site, and also when you visit certain other websites.
We use first-party and third-party cookies for several reasons. Some cookies are required for technical reasons in order for our Site to operate, and we refer to these as “essential” or “strictly necessary” cookies. These cookies are strictly necessary for our Site to operate. Essential cookies allow you to use our Site and provide essential functionality and security features. We serve these cookies directly, and they are described as follows:
cf_clearance
Clearance Cookie stores the proof of challenge passed. It is used to no longer issue a challenge if present. It is required to reach an origin server.
We utilize Cloudflare services as our security provider for our website. You may consult their cookies policy at https://www.cloudflare.com/cookie-policy/ and their privacy policy at https://www.cloudflare.com/privacypolicy/
Cookies are not the only way we can store information on your computer or mobile device. We store additional information that is essential to the functionality of the Site in local storage. Local storage is similar to storing information in cookies, but the information never expires until our Site deletes it, or you delete it yourself. Please refer to the instructions specific to the type of browser you are using, or the specific mobile phone operating system you are using for instructions on how to delete local storage.
The following categories of information are stored in local storage when using our Site:
• Cached information used to improve the performance of the Site
You have the right to decide whether to allow cookies when using our Site. Most browsers allow you to control cookies as part of their settings and preferences. Please refer to your specific browser for instructions on how to disable, limit and delete cookies.
The following links are provided for your convenience. Click on the relevant link below to access detailed information regarding cookie settings. Should your browser not be listed here, you should review the help pages for your specific browser to see what features are offered for adjusting your cookie settings:
1. Firefox
2. Brave
3. Microsoft Edge
4. Google Chrome
5. Safari
Note that if you disable, limit or delete cookies, our Websites may not function properly, and this may prevent you from using our Services.
You can learn more about cookies at the following third-party websites:
• AllAboutCookies: http://www.allaboutcookies.org
• Network Advertising Initiative: http://www.networkadvertising.org
• Wikipedia: https://en.wikipedia.org/wiki/HTTP_cookie
The website may contain links to other websites, products, or services that we do not own or operate. The website also may contain links to Third-Party Sites. If you choose to visit or use any Third-Party Sites or products or services available on or through such Third-Party Sites, please be aware that this Policy will not apply to your activities or any information you disclose while using those Third-Party Sites or any products or services available on or through such Third-Party Sites. We are not responsible for the privacy practices of these Third-Party Sites or any products or services on or through them. Additionally, please be aware that the website may contain links to websites and services that we operate but that are governed by different privacy policies. We encourage you to carefully review the privacy policies applicable to any website or service you visit other than this website before providing any personal information on them.
To help protect your data, we use commercially reasonable steps to protect the data that we collect, including your personal information. The reasonable steps include protecting this data against accidental loss, unauthorized use, and disclosure, and restricting access to personal information by our staff. The website is hosted by a third-party hosting company that we have determined maintains adequate security controls and utilizes TLS encryption for all internet communications. We also require all staff that administer and develop the website follow industry-standard controls, including strong passwords, the use of anti-virus and anti-malware software, disk encryption and other best practices.
We use various 3rd party processors to enable us to provide the site, and as part of our vendor due-diligence, we review the security controls these processors have in place and ensure they meet industry standards appropriate for the type of data we collect.
You should keep in mind, however, that the website utilizes software, hardware, and networks, which from time to time require maintenance and experience problems beyond our control. Note that no data transmission over the public internet or encryption method can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information that you provide to us. You transmit information to us at your own risk.
We may occasionally update this Policy. When we do, we will also revise the “last updated” date at the beginning of the Policy. Your continued use of our website after such changes will be subject to the then-current policy. If we change this Policy in a manner that is material, we will use reasonable efforts to notify you via the contact methods you have provided of the change prior to applying the change to any personal information that we collected from you prior to the date the change becomes effective. We encourage you to periodically review this Privacy Policy to stay informed about how we collect, use, and disclose personal information.