Data Protection Policy

Effective Date: February 2026

Ariel (“we,” “our,” or “us”) is committed to protecting your privacy and safeguarding all information you share with us, including Protected Health Information (PHI) under HIPAA and general personal data shared through our website. This policy explains how we collect, use, protect, and disclose information, as well as your rights regarding your data.

1. Information We Collect

We collect two types of information:

A. Protected Health Information (PHI)

Collected only when you:

  • Complete secure intake forms
  • Communicate with us through encrypted channels
  • Receive services that require clinical, medical, or billing information
  • Use our patient/client/provider portals

PHI may include your name, contact information, health details, treatment information, billing details, and insurance information.

B. General Personal Information (Website & Non-PHI Data)

Collected when you interact with our website:

  • Name, email, phone number submitted through contact forms
  • IP addresses and browsing behavior
  • Cookie and tracking data (non-PHI)
  • Device and browser information
  • Service usage analytics

We do not intentionally collect PHI through public website forms unless those forms are set up as secure, HIPAA-compliant submissions.

2. How Your Information Is Used

We use data for the following purposes:

A. For PHI (HIPAA-regulated information)

  • To provide treatment or services
  • To coordinate care with providers involved in your services
  • For billing, insurance claims, and payment processing
  • For healthcare operations, quality improvement, and auditing
  • To meet legal or regulatory requirements

We only use the minimum necessary information.

B. For general website or non-PHI data

  • To respond to your inquiries
  • To improve website performance and user experience
  • For analytics and site functionality
  • For security and fraud prevention
  • To understand user engagement
  • To provide requested services or information

We do not sell personal data.

3. Cookie & Tracking Technology Usage

Ariel’s website may use cookies and similar technologies to support site functionality. These may include:

  • Session cookies (for basic website operation)
  • Analytics cookies (to understand traffic and usage trends)
  • Preference cookies (to remember basic settings)

Cookies do NOT collect, store, or transmit PHI.

Users may disable cookies in their browser settings; however, some website functions may be limited.

4. Third-Party Services & Disclosures

We may use trusted third-party vendors to support our operations, including:

  • Website hosting services
  • Email or communication platforms
  • Analytics and security tools
  • Billing or payment processors
  • Electronic health record (EHR) systems
  • Secure messaging or portal providers

HIPAA Compliance

Any third-party vendor that handles PHI signs a Business Associate Agreement (BAA) and must uphold strict HIPAA security standards.

Non-PHI Data

For general website analytics or functionality tools, data may be processed under the vendor’s privacy practices—but no PHI is shared with these tools.

We do not sell user information and we do not allow third parties to use data for their own marketing without consent.

5. Data Protection Practices

Ariel uses administrative, technical, and physical safeguards to protect all data:

Administrative Safeguards

  • HIPAA training for all staff
  • Access limited to authorized personnel
  • Regular audits and risk assessments
  • Breach response and notification procedures

Technical Safeguards

  • Encryption of PHI in transit and at rest
  • Firewalls, intrusion detection, and secure servers
  • Multi-factor or role-based access controls
  • Continuous monitoring and security updates
  • Logged access activity and system monitoring

Physical Safeguards

  • Secure office spaces and storage
  • Restricted server and record access
  • Secure disposal of electronic and paper records

Website Security

  • HTTPS encryption
  • No PHI collected through non-secure forms
  • Routine vulnerability and security reviews
  • Policies prohibiting staff from using unsecured devices

6. User Rights Regarding Their Data

Depending on whether the information is PHI (HIPAA-covered) or website/general data, you may have the following rights:

PHI Rights (Under HIPAA)

  • Right to Access: Request copies of your health information
  • Right to Amend: Request corrections to inaccurate PHI
  • Right to Restrict: Request limits on certain uses or disclosures
  • Right to Confidential Communications: Choose alternative contact methods
  • Right to an Accounting of Disclosures
  • Right to Receive a Paper Copy of this policy
  • Right to Request PHI Not Be Submitted to Insurance if paying out-of-pocket in full

Website / Non-PHI Data Rights

  • Right to know what personal data has been collected
  • Right to request deletion of data we are not legally required to keep
  • Right to opt out of certain data collection (e.g., cookies)
  • Right to correct personal information
  • Right to withdraw consent for non-essential data uses

To exercise any of these rights, contact us using the information below.

7. Changes to This Policy

Ariel may update this Privacy & Data Protection Policy from time to time. Updates will be posted on our website with a revised effective date.

8. Contact Information

Ariel Clinical Services
Phone: (970) 245-1616
Address: 2938 North Avenue, Suite G Grand Junction CO 81504

For concerns about privacy or to exercise your rights, please contact us directly.