Five Journeys^® Privacy Policy

1. Overview

Five Journeys^® (“we,” “us,” or “our”) is committed to protecting the privacy and security of your information.
This Privacy Policy describes how we collect, use, and disclose your information, including Protected Health
Information (“PHI”), in accordance with applicable laws, including the Health Insurance Portability and Accountability Act (HIPAA).

When we provide healthcare services, we act as a Covered Entity under HIPAA.

2. Information We Collect

a. Personal Information

• Name, address, phone number, email
• Date of birth and demographic information
• Insurance and billing information

b. Health Information (PHI)

• Medical history, diagnoses, treatment information
• Appointment records and clinical notes

c. Automatically Collected Information

• IP address, browser type, device information
• Website usage data (via cookies or similar technologies)

3. How We Use Information

Treatment, Payment, and Healthcare Operations (TPO)

• Provide and coordinate care
• Process billing and insurance claims
• Manage our practice operations

Other Uses

• Communicate with you about appointments or services
• Send administrative messages
• Improve our website and services

We use and disclose PHI only as permitted by law and follow the minimum necessary standard where applicable.

4. Sharing of Information

Healthcare Providers

For treatment and care coordination

Business Associates (Vendors)

Service providers who support our operations (e.g., electronic health record systems, billing providers, secure cloud hosting).
These vendors are required to safeguard your information and, where applicable, enter into Business Associate Agreements (BAAs).

As Required by Law

• Public health reporting
• Legal obligations or law enforcement requests

We do not sell your personal or health information.

5. Cookies and Tracking

Our website may use basic cookies or similar technologies to ensure website functionality and understand general usage.
We do not use cookies to collect PHI. You may adjust your browser settings to refuse cookies.

6. Data Retention

We retain your information for as long as necessary to provide services and comply with legal, regulatory, and professional requirements.

Medical records are typically retained for at least 6–10 years, or longer if required by state law.

7. Data Security

We use reasonable administrative, technical, and physical safeguards to protect your information, including:

• Access controls
• Secure systems and encryption where appropriate
• Workforce training on privacy practices

No system is completely secure, but we take appropriate steps to protect your information.

8. Breach Notification

In the event of a breach involving your unsecured PHI, we will notify you as required by law, including
without unreasonable delay and no later than 60 days when applicable.

9. Your Rights

• Access and obtain a copy of your records
• Request corrections to your information
• Request restrictions on certain uses or disclosures
• Receive a list of certain disclosures
• Request confidential communications

To exercise these rights, contact us using the information below.

10. Marketing Communications

We may send general communications about our services. We will not use or disclose your PHI for marketing purposes
without your written authorization, except as permitted by law.

11. Children’s Privacy

Our services are provided in accordance with applicable laws regarding minors. We collect and use information about children only with appropriate authorization.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised effective date.

13. Contact Information

Five Journeys LLC
181 Wells Avenue
Newton, MA 02459
[email protected]
617-934-6400

14. Notice of Privacy Practices

A more detailed Notice of Privacy Practices, as required by HIPAA, is available upon request and describes how your medical information may be used and disclosed and how you can access that information.

15. Advertising and Analytics

We may use third-party services, including Google Ads, to help us understand how users interact with our website and to improve our advertising efforts.

These services may use cookies or similar technologies to collect information such as:

• General website usage
• Pages visited
• Interactions with our website

We do not share Protected Health Information (PHI) with advertising or analytics providers.

Third-party vendors, including Google, may use cookies to serve ads based on a user’s prior visits to our website.
Users can opt out of personalized advertising by visiting:

https://adssettings.google.com.

You can also control cookies through your browser settings.