Cookie Policy

What Are Cookies?

Cookies are small data files placed on your device (computer, tablet, or mobile) when you visit a website. These files store information about your browsing activity and preferences to support website functionality, enhance user experience, and enable analytics.

Cookies used on this website do not store Protected Health Information (PHI) or any data that could be used to identify a user individually, in compliance with HIPAA requirements.

Types of Cookies We Use

We categorize the cookies used on our website based on their function, impact on privacy, and necessity for website operation. When applicable, cookies are disabled by default and require explicit user consent, as indicated by our cookie banner.

Essential Cookies

These cookies are critical to the basic operation of the website and enable core features such as secure browsing, form submissions, and accessibility options. Without these cookies, our website cannot function properly.

Purpose: Session management, load balancing, authentication, security
Data Collected: Session identifiers, CSRF tokens, preference flags
Consent Requirement: No (strictly necessary under HIPAA and NIST guidelines)
HIPAA/NIST Alignment: Compliant with HIPAA Security Rule and NIST SP 800-53 (e.g., AC-2, SC-12, SC-23)

Performance and Functional Cookies

These cookies enhance the usability and personalization of the website. They remember user preferences and settings such as language, display options, and accessibility tools.

Purpose: Enable language preferences, font sizing, and saved settings
Data Collected: Browser type, screen resolution, UI preferences
Consent Requirement: Yes (opt-in)
HIPAA/NIST Alignment: No PHI stored; adheres to the principle of data minimization

Analytics and Customization Cookies

These cookies collect information on how visitors interact with the website. We use this data to enhance the website's structure, content, and user experience. The collected data is aggregated and anonymized. We do not store IP addresses in a recognizable form.

Purpose: Site usage trends, heatmaps, click behavior
Data Collected: Page views, navigation patterns, device type
Consent Requirement: Yes (opt-in required)
HIPAA/NIST Alignment: No PHI captured; analytics tools configured for privacy (e.g., GA4 with IP anonymization or open-source alternatives like Matomo)

Advertising Cookies

These cookies are used only if third-party marketing services are employed (e.g., public service announcements or awareness campaigns). These help deliver relevant messages based on limited anonymized interactions.

Purpose: Measure ad campaign effectiveness, public service awareness
Data Collected: Aggregated click data, timestamp, referral source
Consent Requirement: Yes (opt-in only)
HIPAA/NIST Alignment: No use of PHI or individual targeting; strict vendor vetting and compliance review

Note: Our site currently does not serve commercial ads; however, this category is included for policy completeness.

Social Networking Cookies

These cookies enable the embedding or interaction with social media content (e.g., YouTube, Facebook, Twitter) and allow content sharing across platforms. These are only activated after the user opts in.

Purpose: Embed videos, share buttons, and follow widgets
Data Collected: Interaction timestamps, content views
Consent Requirement: Yes (opt-in only)
HIPAA/NIST Alignment: Embedded content held to third-party privacy controls; external scripts blocked until consent is given

Unclassified Cookies

These are cookies that are still under evaluation. They may be added by third-party tools or during the development process. We maintain a running inventory of all cookies deployed on our site and regularly review these for classification.

Purpose: Currently under review
Consent Requirement: Disabled by default
HIPAA/NIST Alignment: No data use permitted until classification is complete

Cookie Consent and User Control

When you first visit our website, you are presented with a Cookie Consent Banner that allows you to:

Accept all cookies
Reject optional cookies
Customize your cookie settings

You may also change your preferences at any time via the “Cookie Settings” link in the footer of the website.

Do-Not-Track and Browser Privacy Settings

Many modern browsers provide Do-Not-Track (DNT) signals and anti-tracking features. Our website:

Respects DNT signals and adjusts tracking scripts accordingly
Does not override browser-level privacy settings
Avoids loading optional third-party scripts until explicit consent is provided

NIST Alignment: Complies with the “Consumer Privacy Controls” category (CT.DP-P5)

Third-Party Cookies

We minimize the use of third-party cookies. If used (e.g., embedded maps or videos), these are only loaded after you provide consent. Third parties may set their cookies, subject to their privacy policies.

Example: YouTube video embeds, Google Maps widgets (disabled by default)

Data Protection and Security

We implement appropriate technical and organizational safeguards to ensure that cookie data is:

Anonymized where possible
Stored securely
Not shared with unauthorized parties

Our cookie practices are aligned with:

HIPAA Security Rule (e.g., access control, integrity, audit controls)
NIST SP 800-53 Rev. 5 controls (especially SI-8, SC-12, SC-28)

How to Manage or Delete Cookies

You can control or delete cookies directly via your browser settings. Most browsers allow you to:

View and clear stored cookies
Block cookies by default
Receive alerts when cookies are being set

For more information:

Policy Updates

We reserve the right to update this Cookie Policy to reflect any changes in law, technology, or operational requirements. We will notify you of any significant changes via the website.

Contact Information

If you have any questions about this Cookie Policy or your privacy rights, please contact:

Greene County Public Health HIPAA Compliance Team

📧 Email: hipaa@greenecophoh.gov

📞 Phone: (937) 374-5666

📬 Mail: 360 Wilson Dr, Xenia, OH 45385