PRIVACY NOTICE
Last updated May 01, 2025

1. Introduction

Thank you for choosing to engage with Greene County Public Health (“GCPH”, “we”, “us”, or “our”). We are committed to maintaining the privacy, confidentiality, and security of your personal and health-related information in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), applicable Ohio state privacy laws, and the National Institute of Standards and Technology (NIST) privacy and security standards.

This Privacy Policy outlines how we collect, use, disclose, and safeguard information when you visit our website (https://www.greenecophoh.gov) and interact with our services (“Services”). If you have any questions, please get in touch with us at hipaa@greenecophoh.gov.

2. Scope of This Policy

This policy applies to all information we collect through:

  • Our website and associated platforms
  • Public health services and communications
  • Health education, outreach, events, and surveys
  • Electronic systems (e.g., portals, forms, email)

It also includes any information classified as Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA).

3. What Information We Collect

a. Information You Provide

We may collect:

  • Contact details (e.g., name, email, phone)
  • Demographic data (e.g., age, zip code)
  • Medical and health-related information (PHI)
  • User preferences, communication settings

b. Information Automatically Collected

    We may collect:

    • IP address, browser type, and device identifiers
    • Access times, pages viewed, and referring links
    • Location data (if permitted by device settings)

     c. Cookies and Tracking Technologies

    We use cookies and related technologies in accordance with our [Cookie Policy] to ensure site functionality, security, and user experience.

    4. Use of Information

    We use your data to:

    • Deliver public health services
    • Respond to inquiries and service requests
    • Maintain operational and cybersecurity integrity
    • Comply with legal, regulatory, or contractual obligations
    • Analyze usage for service improvement and risk reduction
    • Provide relevant public health alerts or outreach

     Our processing activities are aligned with the principles of data minimization, purpose limitation, and access control.

    5. Lawful Basis for Data Use

    We only use your information when:

    • You have provided consent
    • Required for public health service delivery
    • Permitted under HIPAA and Ohio Revised Code
    • Required to comply with legal or regulatory obligations
    • Necessary to protect public health and safety

    6. Sharing and Disclosure of Information

    We do not sell or rent personal information. We may share it with:

    • Authorized public health partners (e.g., CDC, ODH)
    • Third-party service providers under HIPAA-compliant Business Associate Agreements (BAAs)
    • Legal authorities as required by subpoenas, court orders, or applicable law
    • Emergency services when necessary to protect life and safety

    7. Data Security Measures

    We apply rigorous administrative, physical, and technical safeguards in accordance with NIST SP 800-53 and the HIPAA Security Rule, including:

    • Encryption at rest and in transit
    • Role-based access controls
    • Network and endpoint protection
    • Regular security assessments and audits
    • Incident response and data breach procedures

    Despite these measures, no system is entirely secure. We urge users to exercise caution when transmitting data online.

     8. Retention of Information

    We retain personal and health data only as long as necessary to fulfill the intended purpose, unless a longer retention period is mandated by:

    • Federal or Ohio law
    • Public records retention schedules
    • Legal, financial, or operational requirements

    9. Your Privacy Rights

    Depending on your jurisdiction and applicable laws, you may have the right to:

    • Access, review, or receive a copy of your data
    • Request correction of inaccurate or incomplete data
    • Request deletion of non-essential data
    • Restrict or object to specific data uses
    • Withdraw consent where processing is based on consent
    • File a complaint with a supervisory authority

    You may exercise these rights by contacting us at hipaa@greenecophoh.gov.

    10. HIPAA Notice of Privacy Practices

    For individuals whose PHI is collected or processed as part of our healthcare operations, our HIPAA Notice of Privacy Practices governs our use and disclosure of PHI. This Privacy Policy supplements—but does not replace—those HIPAA provisions.

    To view the HIPAA notice, visit: [HIPAA Notice]

    11. Do Not Track (DNT)

    Most web browsers, as well as some mobile operating systems and applications, offer a Do-Not-Track ("DNT") feature or setting that allows you to indicate your preference for privacy, particularly to prevent the monitoring and collection of data related to your online browsing activities. Currently, a uniform technological standard for recognizing and implementing Do Not Track (DNT) signals has not been established. Therefore, we do not respond to DNT browser signals or any other mechanisms that automatically convey your choice not to be tracked online. If a standard for online tracking is adopted that we need to follow in the future, we will update this privacy notice. 

     

    12. Rights for California Residents

    Under the California Consumer Privacy Act (CCPA), if applicable, California residents may request:

    • A list of personal information collected and its use
    • Access to or deletion of specific personal data
    • Information on third parties with whom data was shared

    We do not share personal information for commercial purposes or cross-context behavioral advertising.

    13. Data Transfers

    Data may be processed or stored in the United States. When data is accessed or stored in other jurisdictions, we apply equivalent safeguards.

    14. Children’s Privacy

    Our services are not directed to children under 13. If we learn that we have collected personal data from a child without verifiable parental consent, we will promptly delete it.

    15. Updates to This Policy

    We may update this policy periodically to reflect changes in law, technology, or operations. The “Revised” date at the top will be updated accordingly.

    16. Contact Information

    Data Protection Officer

    Bob Brooks
    Greene County Public Health
    hipaa@greenecophoh.gov
    📞 (937) 374-5666