RadleyCare.com Privacy Policy

---

Effective Date: October 9, 2025

Radley Health Inc., doing business as RadleyCare.com, is committed to protecting the privacy and confidentiality of your information. We understand the sensitivity of the health information you share with us, particularly regarding Serious Mental Illness (SMI) and peer support services.

This Privacy Policy describes how we collect, use, and disclose Protected Health Information (PHI) and Personally Identifiable Information (PII) through our digital platform, telehealth services, and website (RadleyCare.com).

As a healthcare provider operating in Ohio, RadleyCare is a Covered Entity and is bound by:

• The Health Insurance Portability and Accountability Act (HIPAA): We adhere to all privacy and security rules established by HIPAA and its implementing regulations.
• Ohio State Law: We comply with all applicable Ohio state laws governing health records and privacy.
• 42 CFR Part 2 (as applicable): For clients receiving services for Substance Use Disorder (SUD), we adhere to the strict confidentiality requirements of 42 CFR Part 2.
• CARF Standards: Our internal technology and data practices are guided by CARF standards to ensure the security, integrity, and availability of your data.

We collect information necessary to provide you with high-quality, continuous peer support services. This includes two main categories:

A. Protected Health Information (PHI)

This is the health and demographic data we collect from you or that is created by our Peer Recovery Supporters in the course of providing treatment. It includes, but is not limited to:

• Name, address, contact information, and date of birth.
• Mental health and substance use disorder history, diagnoses, and treatment plans.
• Telehealth visit records, chat transcripts, and case notes documented by your Peer Recovery Supporter.
• Billing, payment, and insurance information.

B. Personally Identifiable Information (PII)

This is general data collected through website usage or registration, such as:

• Technical information (IP address, browser type, device information).
• Website usage data (pages viewed, time spent on the site).
• Non-clinical contact information (when you submit a form or job application).

We use and disclose your PHI primarily for the purposes of Treatment, Payment, and Healthcare Operations (TPO), and as otherwise permitted or required by law.

Treatment:| To provide, coordinate, and manage your peer support and telehealth services, including matching you with a Peer Recovery Supporter and facilitating digital visits. 

Payment: To process claims, verify insurance eligibility, and collect fees for services rendered by RadleyCare. 

Healthcare Operations: For internal business functions such as quality assessment and improvement, training and credentialing of staff, compliance monitoring, data backup, and business continuity planning (as per CARF and internal policies). 

Business Associates/Contractors: We share limited PHI with our independent contractors (Peer Recovery Supporters) and vendors who perform services on our behalf (e.g., cloud platform hosting, billing). These parties are legally required to protect your information under specific Business Associate Agreements and internal security policies. 

Required by Law:  We may disclose information when required by federal, state, or local law, such as to respond to a court order, subpoena, or specific public health concerns. 

Important Note on Peer Support Boundaries: Our Peer Recovery Supporters and staff maintain strict professional boundaries. As outlined in our internal policies, RadleyCare personnel will not attempt to "friend," follow, or engage with clients on personal social media platforms (e.g., Facebook, Twitter) to preserve the professional, therapeutic relationship and protect your confidentiality.

You have the following rights regarding the PHI we maintain about you, subject to certain limitations:

1. Right to Access: You have the right to inspect and receive a copy of your PHI (including your clinical and billing records). We may charge a reasonable, cost-based fee for copies.
2. Right to Request Amendment: If you believe your PHI is incorrect or incomplete, you may request an amendment to your records. We may deny this request, but we will notify you in writing of the reason for the denial and how you can submit a statement of disagreement.
3. Right to Request Restrictions: You may request restrictions on the use or disclosure of your PHI for treatment, payment, or healthcare operations. We are not required to agree to all requests, but we will honor a request to restrict disclosures to a health plan if the disclosure pertains to an item or service for which you have paid in full out-of-pocket.
4. Right to Request Confidential Communications: You have the right to request that we communicate with you about health matters in a certain way or at a certain location (e.g., by email instead of phone, or at a work address). We will honor all reasonable requests.
5. Right to an Accounting of Disclosures: You have the right to receive an accounting of certain disclosures we have made of your PHI over the past six (6) years.
6. Right to a Paper Copy of this Notice: You have the right to obtain a paper copy of this policy upon request.

RadleyCare utilizes a cloud-based platform for telehealth, scheduling, record-keeping, and peer matching. We implement robust physical, administrative, and technical safeguards to protect your PHI and PII, consistent with HIPAA Security Rule and CARF standards.

• Encryption: All data transmitted via our platform is secured using industry-standard encryption protocols (e.g., SSL/TLS).
• Access Control: Access to client data is strictly limited to authorized personnel (employees and independent contractors) who require the information for their job duties. All users are trained and sign agreements (like the Authorized Use of Technology Policy) mandating strict compliance.
• Secure Use: Our staff and contractors are explicitly prohibited from using unsecured public networks to access client data, installing unauthorized software, or taking screenshots or recordings of telehealth visits or client records.
• Breach Reporting: We have policies and procedures in place to immediately detect, respond to, and report any suspected or actual breach of confidentiality or security incident to the affected parties and relevant regulatory bodies.

While we use secure channels for the RadleyCare platform, routine electronic communication carries inherent risks:

• Email and Text: As noted in our internal policies, unencrypted email and text messaging are generally less secure forms of communication, and the confidentiality of information sent via these methods cannot be guaranteed. By engaging in these communications, you accept the risk.
• Right to Alternative Contact: If you prefer that we only contact you via the secure RadleyCare platform, by telephone, or by mail, you have the right to request that restriction in writing. We will accommodate all reasonable requests for alternative methods of contact.

RadleyCare offers optional SMS (text message) communications to provide you with timely service updates and information. Your use of our SMS services is subject to the following terms and conditions:

SMS consent is not shared with third parties. We do not share your mobile number or consent status with any third parties or affiliates for promotional purposes.

Types of Messages: Messages you can expect to receive include appointment reminders, account notifications, service alerts, and customer care communications.

Opt-In Agreement: By opting into SMS from a web form or other medium, you are agreeing to receive recurring SMS messages from RadleyCare, including messages for customer care. Message frequency may vary depending on your service needs and appointments.

Pricing and Rates: Message and data rates may apply, depending on your individual mobile carrier plan.

Instructions:

• To Opt Out: Reply STOP to any message to opt out of future SMS communications.
• For Assistance: Reply HELP or visit our website for further assistance at https://radleycare.com.

For our full privacy practices, please visit this page at https://radleycare.com/privacy-policy. 

RadleyCare reserves the right to change the terms of this Privacy Policy at any time. Any changes will apply to all PHI we maintain, including information we already have. We will post the revised policy on our website at RadleyCare.com with a new effective date.

If you have questions about this Privacy Policy, want to exercise any of your privacy rights, or believe your privacy rights have been violated, please contact our Privacy Officer immediately:

Privacy Officer

Radley Health Inc. (dba RadleyCare.com)

8044 Montgomery Rd, Cincinnati, OH 45236

Phone: 513-607-5128

Email: info@radleycare.com

You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services (HHS) if you believe your privacy rights have been violated. RadleyCare will not retaliate against you for filing a complaint.