Privacy Policy of ELAK Health, Inc.

Privacy Policy of ELAK Health, Inc.

Effective Date: September 2025

ELAK Health, Inc. (“ELAK Health,” “we,” “our,” or “us”) is committed to protecting the confidentiality, integrity, and security of information entrusted to us. This Privacy Policy explains how we collect, use, disclose, and safeguard information, including Protected Health Information (“PHI”), in compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the California Confidentiality of Medical Information Act (“CMIA”), the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, “CCPA/CPRA”), and other applicable state and federal laws.

Scope of This Policy

This Policy applies to:

  1. Public Use of Our Website. When you visit our website (www.elakhealth.org) for informational purposes only.
  2. Enrollment and Service Use. When you sign up for services, communicate with our clinicians, or otherwise engage as a member or patient.

Important Distinction: We do not collect PHI through the public portions of our website. PHI is collected only when you enroll for services, communicate directly with our clinical staff, or authorize us to coordinate with other providers.

Information We Collect

A. Public Website Visitors

When you browse our website without enrolling, we may collect limited non-identifiable information:

  • Usage Data: pages visited, access times, referring website, browser type.
  • Device Data: operating system, browser version.
  • Cookies / Analytics: technical data to enhance site performance and security.
  • Location Data: generalized geographic data, not precise GPS.

We do not collect PHI from public browsing.

B. Members and Clinical Service Users

When you engage with our services, we may collect:

  • Personal Information: name, contact details, billing and payment information.
  • PHI: medical history, diagnoses, medications, lab results, treatment plans, and related clinical information you choose to provide.
  • Communication Data: content and metadata from secure messaging, texts, emails, or virtual consultations with our clinicians.

All such information is collected with your authorization and in compliance with HIPAA and CMIA.

Use of Information

We use information for the following purposes:

  • To deliver personalized clinical navigation, advocacy, and care coordination services.
  • To process membership enrollment, billing, and payment.
  • To communicate with you regarding appointments, updates, or care-related matters.
  • To improve the safety, functionality, and performance of our services and website.
  • To comply with legal and regulatory obligations under HIPAA, CMIA, and applicable law.

We do not use or disclose your information for unrelated marketing, advertising, or promotional purposes.

Disclosure of Information

We may disclose information in the following circumstances:

  • With Your Authorization: To your healthcare providers, caregivers, or other designated parties.
  • To Business Associates: Vendors providing secure communications, data hosting, billing, or related support services, subject to Business Associate Agreements as required by HIPAA.
  • As Required by Law: In response to a court order, subpoena, investigation, or public health reporting obligation.
  • For Protection and Safety: Where necessary to protect the rights, property, or safety of you, others, or ELAK Health.

We do not sell PHI or personal information.

Data Retention

We retain information only as long as necessary for the purposes outlined in this Policy or as required by law.

  • PHI: Retained in accordance with HIPAA, CMIA, and California medical record retention requirements.
  • Billing / Membership Records: Retained as required by financial, tax, and contractual obligations.
  • Communications / Messaging Records: Maintained as part of your medical record for the legally required period.

Once retention obligations expire, information is securely deleted or de-identified.

Your Rights

Depending on your relationship with us and applicable law, you may have rights regarding your information, including:

  • Access: To obtain a copy of your PHI or personal information.
  • Correction / Amendment: To request correction of inaccurate or incomplete records.
  • Deletion: To request deletion of certain personal information (non-PHI) under CCPA/CPRA.
  • Accounting of Disclosures: To receive a record of certain disclosures of your PHI.
  • Restriction: To request limitations on our use or disclosure of your PHI.
  • Opt-Out (California Residents): To opt out of the sale or sharing of personal information under CCPA/CPRA (though ELAK Health does not sell personal data).

To exercise your rights, please contact us as outlined below.

Security of Information

We implement administrative, physical, and technical safeguards designed to protect information, including:

  • Encryption of data in transit and at rest.
  • Access controls, authentication, and role-based permissions.
  • Secure storage of clinical communications and records.
  • Routine risk assessments, training, and compliance audits.

No system can be guaranteed 100% secure, but we adhere to HIPAA, CMIA, and industry standards to minimize risk.

Breach Notification

In the event of unauthorized access, acquisition, or disclosure of PHI or other protected personal data, we will notify you and, if required, state and federal regulators without unreasonable delay, consistent with HIPAA, CMIA, and applicable law.

Cookies and Analytics

Our website may utilize cookies or similar technologies to improve site functionality and measure traffic.

  • These tools do not collect PHI.
  • You may block cookies in your browser, though some site functions may be limited.
  • We do not use cookies for behavioral advertising.

Children’s Privacy

Our services are directed to adults. We do not knowingly collect personal information from children under 13 years of age. If such information is discovered, it will be deleted promptly.

External Links

Our website may link to third-party sites. We are not responsible for the privacy practices or content of such external sites and encourage you to review their privacy policies.

Changes to This Policy

We may revise this Policy periodically. Updates will be posted here with a new effective date. Continued use of our website or services after updates constitutes acceptance of the revised Policy.

Contact Information

For questions about this Policy or to exercise your rights, please contact:
Email: support@elakhealth.org