top of page

Privacy Policy

This policy was last updated on 12/10/25.
Effective Date: 12/10/25
Organization: Ocean State Behavioral
Address: 2733 Post Road, Warwick, RI 02886
Phone: 401-921-4825

Introduction

Ocean State Behavioral (“we,” “our,” or “OSB”) is committed to protecting the privacy and security of all personal information we receive. Because we provide behavioral health services, we follow the Health Insurance Portability and Accountability Act (HIPAA) and all applicable federal and Rhode Island state privacy laws.
This Privacy Policy explains how we collect, use, disclose, and safeguard information through our services, website, and communication channels.

Protected Health Information (PHI)

As a healthcare provider, we maintain Protected Health Information (PHI) as defined by HIPAA.
PHI includes any individually identifiable health information such as:

  • Name, birthdate, address, contact information

  • Diagnoses, treatment plans, and clinical notes

  • Insurance information

  • Service history and clinical outcomes
     

We are required by law to:

  • Maintain the privacy of PHI

  • Provide notice of our legal duties

  • Notify you if a breach occurs involving your unsecured PHI

  • Follow the terms of this Privacy Policy (also known as our Notice of Privacy Practices)

How We Use and Disclose PHI

We may use or disclose your PHI for:

Treatment
To coordinate care, deliver services, and communicate with your providers.
 
Payment
To verify eligibility, obtain authorizations, and process claims.
 
Healthcare Operations
For quality improvement, staff training, accreditation, audits, and compliance.

As Required by Law
Including:

  • Court orders

  • Mandatory reporting

  • Government and regulatory agencies
     

Other uses or disclosures will require your written authorization, which you may revoke at any time.

Your HIPAA Privacy Rights

You or your authorized representative have the right to:

  • Access and receive a copy of your PHI

  • Request amendments to your record

  • Request restrictions on certain uses

  • Request confidential communication methods

  • Receive an accounting of disclosures

  • File a complaint without fear of retaliation
     

To exercise these rights, contact us at:
Phone: 401-921-4825
Email: info@oceanstatebehavioral.com

Information We Collect Through Our Website

When you visit our website, we may collect:
Information You Voluntarily Provide

  • Contact forms

  • Applications

  • Referral or inquiry submissions
     

We strongly discourage submitting PHI through the website unless using a secure, encrypted form.
 
Automatically Collected Technical Data
(Non-PHI)

  • Browser type, device information

  • IP address

  • Pages visited

  • Cookies and analytics tools
     

This data helps us improve the website and does not identify you as a clinical client.

Cookies and Tracking

Our website may use:

  • Functional cookies

  • Analytics tools (Google Analytics, Wix analytics)

  • Social media pixels

These tools help us understand website traffic and improve user experience. They do not give us access to PHI and are never used to determine healthcare eligibility or decisions.

Users can adjust cookie settings through their browser.

How We Protect Information

We use administrative, technical, and physical safeguards including:

  • HIPAA-compliant electronic health record systems

  • Encrypted data transmission and storage

  • Role-based access controls

  • Staff confidentiality training

  • Secure disposal practices

  • Regular risk assessments

While no system is 100% secure, we follow industry best practices to protect all information we maintain.

Third-Party Services

We may use third-party vendors for:

  • Billing

  • Secure messaging

  • Website hosting

  • Analytics

  • Appointment systems

  • Cloud storage

All vendors handling PHI must sign a Business Associate Agreement (BAA) as required by HIPAA.

We are not responsible for privacy practices of external websites linked from ours.

Data Retention

We retain records according to:

  • Federal HIPAA rules

  • Rhode Island state law

  • Professional licensing requirements

PHI is retained for the minimum time required and securely destroyed thereafter.

Breach Notification

If a breach of unsecured PHI occurs, we will notify:

  • Affected individuals

  • The U.S. Department of Health & Human Services (HHS)

  • The media, if required (for breaches affecting 500+ residents)

Notifications will be made in accordance with HIPAA Breach Notification Rules.

Children’s Privacy (Website Use)

Our website is not designed to collect personal information from minors without parental consent.
Clinical services for minors are handled offline through secure, regulated processes.

Changes to This Privacy Policy

We may update this Privacy Policy periodically. Updates will be posted on our website with a revised “Effective Date.”

bottom of page