Privacy policy.
Greene Roots Wellness & Telehealth PLLC
Effective Date: October 22, 2025
This Privacy Policy and Notice of Privacy Practices describes how Greene Roots Wellness & Telehealth PLLC (referred to as "the Practice," "we," "us," or "our") handles and protects your information, both Protected Health Information (PHI) and general website data.
SECTION 1: COMMITMENT TO HIPAA (PHI)
The Practice is a Covered Entity under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). We are legally required to maintain the privacy of your Protected Health Information (PHI) and provide you with this notice of our legal duties and Privacy Practices.
1.1 Permitted Uses and Disclosures of PHI
We may use and disclose your PHI for the purposes of:
Treatment: Providing, coordinating, or managing your healthcare, including consultation with other healthcare providers regarding your chronic conditions, medication management, or post-procedure care.
Payment: Billing and collecting payment for the professional services we provide, which may involve disclosing PHI to your health plan, insurance company, or third-party payers.
Healthcare Operations: Conducting our necessary business activities, such as quality assessment, auditing, staff training, and compliance activities related to our telehealth and in-home house call model.
1.2 Uses and Disclosures Requiring Patient Authorization
We will not use or disclose your PHI for marketing purposes or for the sale of PHI without your explicit written authorization.
SECTION 2: WEBSITE AND DIGITAL DATA PRIVACY (Non-PHI)
This section applies to general visitor information collected through the website (www.greenerootswellness.org, .com, .net) and is separate from your medical records.
2.1 Data Collected Automatically (Cookies and Tracking)
We use cookies and similar tracking technologies for site functionality, security, and analytics.
Data Type
Purpose
Restrictions
Essential Cookies, web beacons, usage analytics
Required for site navigation, managing shopping carts, and ensuring the Acuity Scheduling tool functions properly.
Cannot be disabled by the user.
Non-Essential Cookies, web beacons, usage analytics
Used for Squarespace, Google, Bing, and United States (U.S.) website Analytics (traffic sources, page views, device information) to help us improve the patient experience.
Users are given the option to accept or decline these via the cookie banner on the website.
IP Addresses, browser types, operating systems, and device identifiers
Collected automatically for security, analytics, and managing the routing of the .com, .net, and .org domains.
This data is handled in accordance with our Privacy Policy.
2.2 Data Provided Voluntarily (Non-PHI on Marketing Forms)
We collect information you voluntarily provide outside of the scheduling or patient portal process (e.g., in a general inquiry or newsletter sign-up form):
Data Collected: Full name, email address, phone number.
Use: To respond to your inquiry, send marketing updates, and manage customer service (i.e., providing medical services, appointment management, billing and payments, communication, service improvements, general consents).
SECTION 3: SECURITY OF PATIENT DATA
We are committed to securing both your general website data and your sensitive PHI. Your information is shared only under lawful and controlled circumstances including with healthcare providers (doctors and mid-level providers (e.g., nurse practitioners, physician assistants, etc.), billing and insurance entities, legal entities (e.g., courts or regulatory bodies), authorized third parties for specified purposes, and emergency situations for timely care.
3.1 HIPAA-Compliant Systems
All PHI collected through the website is handled exclusively by systems built for compliance and industry-standard protocols to meet or exceed legal privacy requirements:
Secure Forms/Scheduling: All patient intake, consent forms, and medical data are processed via the Premium Plan of Acuity Scheduling and/or a third-party HIPAA-compliant form vendor (FormDr).
Business Associate Agreements (BAAs): We maintain a legally binding BAA with any vendor that creates, receives, maintains, or transmits PHI on our behalf (including Acuity Scheduling and Microsoft 365, for eligible services).
3.2 General Website Security
SSL/HTTPS: Our entire website is secured using SSL encryption (HTTPS) to ensure data transmitted between your browser and our website is protected. Users can manage cookie preferences through browser settings.
Domain Redirection: All brand-related domains (.com, .net) use 301 Permanent Redirects to consolidate traffic to the official, secure .org domain and to track user preferences for delivery of targeted advertisements (if applicable).
Routine Audits: Security reviews and vulnerability assessments.
Site Access: Authorized only for specific personnel under strict confidentiality agreements.
SECTION 4: YOUR RIGHTS REGARDING PHI
As a patient, you have the right to:
Inspect and Copy: You have the right to inspect and obtain a copy of your PHI.
Request Amendments: You have the right to request an amendment of your PHI if you believe it is incomplete or incorrect.
Request Restrictions: You have the right to request a restriction on the uses or disclosures of your PHI for treatment, payment, or healthcare operations.
Right to an Accounting of Disclosures: You have the right to receive a list of certain disclosures of your PHI made by us.
Request Confidential Communications and filing a complaint: You have the right to request that we communicate with you about medical matters in a certain way or at a certain location (e.g., only by telephone to a specific number) and you can file a complaint if you believe that your rights have been violated.
SECTION 5: THIRD-PARTY LINKS
Our website may include links to third-party websites for which we are not responsible for any of the Privacy Practices of those external websites. Please review any Privacy Practices/Policies of external websites before providing personal information.
SECTION 6: CONTACT INFORMATION
If you have any questions about this Notice of Privacy Practices or believe your privacy rights have been violated, please contact our Privacy Officer immediately.
Privacy Officer Contact:
Name: Corey L. Greene / Managing Owner
Greene Roots Wellness & Telehealth PLLC
Address: 60 Woodlore Circle, Little Rock, AR 72211-2354
Email: cgreene@greenerootswellness.onmicrosoft.com
Phone: 501.747.7608