Archangel Michael Health
Archangel Michael Health
  • Home
  • About
  • Services
  • Inquiries
  • Patient Application
  • Payments
  • Members Only
  • More
    • Home
    • About
    • Services
    • Inquiries
    • Patient Application
    • Payments
    • Members Only
  • Sign In
  • My Account

  • Signed in as:

  • filler@godaddy.com

  • My Account

  • Sign out

Signed in as:

filler@godaddy.com

  • Home
  • About
  • Services
  • Inquiries
  • Patient Application
  • Payments
  • Members Only

Account

  • My Account

  • Sign out

  • Sign In
  • My Account

Archangel Micheal Health Privacy Statement

  

Policy Last Updated: 04-09-2025

1. Introduction

Archangel Michael Health, PA (“we,” “our,” “us,” or “the Practice”), led by Dr. Bray, is committed to protecting the privacy and confidentiality of your health information in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and applicable Florida state laws. This Privacy Statement outlines how we collect, use, disclose, and protect your Personal Health Information (PHI) and any other personal information provided to us. 

2. Scope

This Privacy Statement applies to all services and platforms we use or provide, including:

 

  • Electronic Health Record (EHR) Services: Provided through Athena Health, including patient record storage, patient portal access, and electronic prescribing.
  • Online Scheduling: Patient self-scheduling capabilities provided via Athena Health.
  • Patient Portal: Secure online access for patients provided via Athena Health.
  • Automated Communications: SMS text messages and emails for appointment reminders and other relevant notifications sent via the Athena Health platform (with patient permission).
  • Telehealth Services: Via Doxy.me and Microsoft Teams (as needed).
  • Telephone Communications: Via Google and Microsoft telephony services.
  • AI Phone Assistant: For providing general clinic information (does not handle PHI).
  • Online Forms: Via Microsoft Forms or Athena Health (for specific intake or other non-scheduling purposes, if applicable).
  • Payment Processing: Through Stripe or Stripe links sent through the Athena Health platform.
  • Email Communications: Via HIPAA-compliant Microsoft 365 Business and Google Workspace Business (for direct practice communication).
  • Newsletters & Administrative Emails: Sent through Microsoft 365.
  • Social Media: Platforms such as X (Twitter), Instagram, Facebook, and Telegram (for general announcements only, never sharing PHI).
  • Main Practice Website: Use of cookies for anonymous website traffic analysis (ArchangelMichaelHealth.com).

3. How We Collect Information

3.1 Patient Intake, Scheduling & EHR

 

  • Athena Health EHR, Patient Portal & Online Scheduling: Your primary medical information (PHI) is collected during consultations and entered directly into our secure Athena Health EHR. You will also provide personal and health information when registering for or using the Athena Health Patient Portal, including when scheduling appointments online through Athena Health's integrated tools. Communication preferences (e.g., granting permission for email communications or SMS from the platform) are also managed here. We have executed a Business Associate Agreement (BAA) with Athena Health, covering the security and privacy of your data within their system for EHR, portal, and scheduling functions.
  • Microsoft Forms: We may still collect personal information (such as name, contact information, and preliminary health details) if you submit specific intake or other forms using Microsoft Forms (e.g., forms linked from our website prior to becoming an established patient or for specific administrative requests). This platform falls under our Microsoft 365 HIPAA-compliant environment (under our BAA with Microsoft). Information collected via Microsoft Forms may be transferred to your Athena Health record if relevant to your care. Microsoft Bookings is no longer used for patient scheduling.

3.2 Telehealth & Video Visits

  • Doxy.me & Microsoft Teams: We may use Doxy.me or Microsoft Teams for telehealth appointments. Doxy.me sessions are end-to-end encrypted, and we maintain a BAA with Doxy.me. Microsoft Teams operates under our BAA with Microsoft. Any PHI discussed or transmitted during telehealth visits is documented in your Athena Health patient chart. Session-specific data on platforms like Doxy.me is handled according to their BAA terms (e.g., deletion within a specified period).

3.3 Communication Channels

  • Telephone: We use Google and Microsoft for our telephony services. Calls may involve the collection or discussion of personal information or PHI necessary for scheduling or care coordination. We have BAAs with both Google and Microsoft covering these services.
  • AI Phone Assistant: We utilize an AI phone assistant to provide callers with general information about the Practice, services offered, hours, and location. This assistant does not ask for, record, store, or transmit PHI. Any caller needing to discuss PHI will be directed to appropriate channels or staff.
  • Email: We may communicate with you using HIPAA-compliant email through Microsoft 365 or Google Workspace (both under BAAs).
  • SMS Text Messages: Appointment reminders and potentially other relevant notifications (e.g., portal messages pending) are sent via the Athena Health platform, under our BAA with them. You may opt-out of SMS communications.
  • Patient Portal: Secure messaging and information exchange may occur through the Athena Health Patient Portal.
  • Newsletter: We may send newsletters or practice updates to your email. No PHI is sent through newsletters, and you can opt out at any time.
  • Social Media: We maintain accounts on X.com (Twitter), Instagram, Facebook, and Telegram solely for general announcements and educational content. We do not share or request PHI on these platforms, and you should not share PHI with us via these channels.

3.4 Payment Information

  • Stripe: Payments initiated through links sent via Doxy.me, Athena Health, or Microsoft email are processed via secure third-party payment processors (Stripe). We do not store or have direct access to your full payment details (e.g., credit card numbers). Payment data is processed under Stripe’s privacy and security policies.

3.5 Website Cookies & Analytics

  • Our main practice website (ArchangelMichaelHealth.com) uses cookies and may employ standard web analytics tools (e.g., Google Analytics or similar platforms) to gather anonymous, aggregate information about website traffic and user interaction. This includes data such as pages visited, duration of visit, general geographic location (like city or region), and referral sources, but it does not collect or retain personally identifiable information (PII) or protected health information (PHI).
  • The purpose of collecting this anonymous data is solely for internal analysis. We use it to understand website usage trends, monitor traffic volume, improve site functionality, and assess the effectiveness of our online information for general marketing insights. This website analytics data is not linked to individual patients or their health records in any way.
  • We do not sell or share this specific website analytics data with external third parties for their own marketing or other independent purposes. Access to this aggregate data is limited to internal personnel or contracted web support involved in maintaining and improving our website presence. You can typically manage or disable cookies through your web browser settings; however, doing so might affect the functionality of some websites. Third-party platforms linked from our site, such as the Athena Health Patient Portal, will have their own separate cookie and privacy policies.

3.6 Minors

  • For patients under the age of 18, parental or guardian consent is required for the collection and use of PHI, consistent with Florida law and HIPAA. Access to the patient portal and specific communications will be managed according to these regulations.

4. Use & Disclosure of Information

4.1 Permitted Uses & Disclosures

We use and disclose PHI primarily for:

  • Treatment: Providing consultations, managing medical history within the Athena Health EHR, coordinating care, prescribing medications, and facilitating communication via the Patient Portal.
  • Healthcare Operations:  Practice management, scheduling (now primarily via Athena Health), appointment reminders (automated via Athena Health), quality improvement activities, patient outreach (with appropriate consent/opt-out), secure data storage and backup, and compliance. 

4.2 Disclosures to Third Parties

We only share PHI with:

  • Business Associates: Third-party vendors who perform functions on our behalf and have executed a BAA with us, ensuring they protect your PHI. This includes Athena Health (EHR, Portal, SMS), Microsoft (Office Suite, Forms, Bookings, Teams, Telephony), Google (Workspace, Telephony), Doxy.me (Telehealth), and potentially others involved in specific operations.
  • Payment Processors: Stripe (if used) as necessary to handle financial transactions.
  • Public Health Authorities or Legal Entities: When required or permitted by law (e.g., responding to subpoenas, court orders, or reporting communicable diseases).
  • Other Providers: With your consent, for coordination of care.

4.3 No Selling of PHI

We do not sell or rent your personal or health information to any third parties for marketing or any other purposes.

5. Data Security & Retention

 5.1 Security Measures

  • Encryption: All devices used by our practice employ appropriate encryption. Data transmission with key partners like Athena Health (including for SMS/email communications), Doxy.me uses industry-standard encryption.
  • Secure Storage: Your primary electronic health records (PHI) are securely stored and maintained within the Athena Health cloud environment, protected under the terms of our BAA with them. Other administrative data or communications may reside within our HIPAA-compliant Microsoft 365 and Google Workspace systems, also under BAAs.
  • Access Controls: Access to PHI is restricted to authorized personnel who require it for treatment, payment, or healthcare operations. Staff receive appropriate privacy and security training.
  • BAAs: We maintain Business Associate Agreements with all third-party vendors who handle PHI on our behalf, including Athena Health for their communication features, requiring them to implement appropriate safeguards.

5.2 Retention Period

  • We retain patient medical records, primarily stored within the Athena Health EHR system, for a minimum of 7 years after the last date of service, in accordance with our record retention policy and Florida regulations. After that period, records may be securely destroyed or archived unless otherwise required by law or for ongoing patient care.

6. Your Rights

Under HIPAA and Florida law, you have the right to:


  • Request Access to inspect and obtain a copy of your medical records and PHI (often accessible via the Athena Health Patient Portal).
  • Request Amendments to your PHI if you believe it is incorrect or incomplete.
  • Request Restrictions on certain uses or disclosures of your PHI (though we are not always required to agree, especially for treatment).
  • Request Confidential Communications (e.g., specifying how or where you wish to be contacted, including managing preferences for automated communications like SMS/email via Athena Health). 
  • Obtain an Accounting of Certain Disclosures of your PHI made by us or our business associates for purposes other than treatment, payment, or healthcare operations.
  • Receive a Paper Copy of our Notice of Privacy Practices upon request.
  • File a Complaint if you believe your privacy rights have been violated.


You can exercise many of these rights, including managing communication preferences, through the Athena Health Patient Portal or by contacting us directly using the information below. 

7. Contact for Privacy Inquiries & Complaints

If you have questions, concerns, or complaints about this Privacy Statement or our privacy practices, please contact our Privacy Officer (Dr. Bray or designated staff) at:

  • Email: manager@archangelmichaelhealth.com
  • Phone: (352) 441-9110

We take all privacy concerns seriously and will respond to your inquiry promptly. You may also file a complaint with the U.S. Department of Health & Human Services (HHS) Office for Civil Rights if you believe your privacy rights have been violated. We will provide you with the contact information for HHS upon request and will not retaliate against you for filing a complaint.

8. Changes to This Privacy Statement

We reserve the right to update or revise this Privacy Statement to reflect material changes in our practices, technology, services, or legal obligations. The updated version will be posted on our website and available upon request, indicating the new “Last Updated” date. Your continued use of our services after any changes signifies your acceptance of the revised Privacy Statement.

For detailed information on how we use and disclose your protected health information, please see our HIPAA-compliant Notice of Privacy Practices at https://archangelmichaelhealth.com. 


Thank you for trusting Archangel Michael Health, PA with your healthcare needs. If you have any questions or concerns about this Privacy Statement or how we protect your information, please contact us at any time.

Copyright © 2025 Archangel Michael Health, PA - All Rights Reserved.

  • Privacy Statement
  • Members Only

Guided by Archangel Michael's Wisdom

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

Accept