Schedule a mobile medical unit at your business today!

 

GOSHEN MEDICAL CENTER, INC.

WEBSITE PRIVACY POLICY

Last Updated: February 27th, 2026

This Website Privacy Policy (“Policy”) describes how Goshen Medical Center, Inc. (“Goshen Medical,” “we,” “us,” or “our”) collects, uses, protects, and discloses information through goshenmedical.org (the “Site”).

Goshen Medical is a private, non-profit 501(c)(3) organization and Federally Qualified Health Center (FQHC) providing medical, dental, behavioral health, and related services in North Carolina.

This Policy applies only to information collected through this Site and related web-based tools. It does not replace our HIPAA Notice of Privacy Practices (“NPP”), which governs Protected Health Information (“PHI”) created or received in connection with healthcare services.

1. Categories of Individuals Covered

This Policy applies to:

  • Current Patients
  • Prospective Patients
  • Caregivers or authorized representatives
  • Visitors browsing the Site
  • Individuals accessing telehealth services
  • Individuals accessing the patient portal
  • Board Members enrolled in SMS notifications

2. Categories of Information Collected

We collect information in three primary ways: information you provide directly, information collected automatically, and information collected through integrated service platforms.

2.1 Information You Voluntarily Provide

A. Online New Patient Forms

When prospective patients complete online intake forms, we collect limited preliminary information, which may include:

  • Full name
  • Date of birth
  • Address
  • Email address
  • Telephone number
  • Preferred clinic location
  • Insurance type (if provided)
  • Preferred appointment dates/times

Online submissions are used solely to initiate scheduling contact. Complete medical history, financial documentation, and clinical information are collected separately through HIPAA-compliant systems.

Online forms are not intended for emergency or urgent medical communication.

B. Contact Forms

When you submit inquiries, we collect:

  • Name
  • Email address
  • Telephone number (if provided)
  • Message content

Contact forms should not include sensitive medical information. If PHI is submitted, it will be handled in accordance with applicable law.

C. Patient Portal Access

Patients may access secure portal services to:

  • View portions of their medical record
  • Review lab results
  • Send secure messages
  • Request appointments
  • Pay bills

Portal access requires authentication credentials. Information transmitted through the portal is encrypted in transit and stored within secure systems managed by vendors operating under HIPAA Business Associate Agreements (BAAs), where applicable.

D. Telehealth Services

Patients may participate in telehealth visits using integrated audiovisual technology platforms.

Telehealth services may involve:

  • Real-time audio/video communication
  • Electronic transmission of clinical documentation
  • Temporary storage of session metadata

Telehealth platforms are selected based on security capabilities, encryption standards, and vendor compliance commitments. While we take reasonable safeguards to protect electronic communications, no internet-based transmission can be guaranteed to be 100% secure.

E. Newsletter Subscriptions

If you subscribe to receive updates, we collect your email address. You may unsubscribe at any time.

F. Board Member SMS Notifications

Board Members who voluntarily opt in provide:

  • Mobile phone number
  • SMS consent documentation

SMS notifications are limited to board governance matters. Message frequency varies. Standard carrier rates apply. Members may opt out by replying STOP.

2.2 Information Collected Automatically

When you visit our Site, we may automatically collect:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages viewed
  • Date and time of visit
  • Referring URL
  • Geographic region (generalized)

This information is used to:

  • Maintain system security
  • Monitor website performance
  • Detect suspicious or malicious activity
  • Improve user experience

We do not use website analytics to profile individuals for medical decision-making.

2.3 Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Enable core website functionality
  • Enhance navigation
  • Analyze aggregate traffic patterns
  • Protect against spam and automated abuse

Cookies may be first-party or third-party. Users may disable cookies in browser settings; however, certain features may not function properly.

2.4 Google reCAPTCHA

This Site uses Google reCAPTCHA to protect against spam and automated misuse. reCAPTCHA collects hardware and software information and sends it to Google for security analysis.

Use of reCAPTCHA is subject to Google’s Privacy Policy and Terms of Service.

3. How We Use Information

We use information collected through the Site to:

  • Respond to appointment requests and inquiries
  • Provide telehealth services
  • Provide patient portal functionality
  • Deliver newsletters (if subscribed)
  • Improve website performance and security
  • Monitor compliance with legal and regulatory requirements
  • Prevent fraud or misuse

We do not sell personal information.

4. HIPAA and Protected Health Information

Protected Health Information collected in connection with clinical care is governed by our HIPAA Notice of Privacy Practices.

When PHI is transmitted through:

  • Patient portal messaging
  • Telehealth platforms
  • Secure electronic forms

It is handled in accordance with:

  • The Health Insurance Portability and Accountability Act (HIPAA)
  • Applicable North Carolina privacy laws
  • Federal FQHC regulations

Website browsing activity alone does not typically constitute PHI unless combined with identifiable healthcare information.

5. Sharing of Information

We do not sell or rent personal information. We may disclose information in the following circumstances:

A. Business Associates and Service Providers

We engage third-party vendors for:

  • Website hosting
  • Electronic health record systems
  • Telehealth platforms
  • Portal services
  • Email and SMS communication delivery
  • IT and cybersecurity services

Where required by law, these vendors operate under written agreements requiring appropriate safeguards.

B. Legal and Regulatory Compliance

We may disclose information to:

  • Comply with court orders, subpoenas, or legal process
  • Respond to regulatory authorities
  • Protect the safety of patients, staff, or the public
  • Prevent fraud or illegal activity
C. Organizational Transactions

Information may be transferred in connection with a merger, restructuring, or asset transfer, subject to legal protections.

6. Web Analytics and Advertising Tools

We use analytics services such as:

  • Google Analytics
  • Google Ads
  • Google Search Console

These services collect aggregate traffic data to evaluate website effectiveness.

We do not use online tracking technologies to intentionally collect sensitive health condition information for advertising purposes.

Users may review Google’s privacy disclosures to understand how those services operate.

7. Data Retention

We retain information collected through the Site:

  • As long as necessary to fulfill the purpose for which it was collected
  • As required by applicable federal or state record retention laws
  • As needed for compliance, auditing, or security purposes

8. Data Security Measures

We implement administrative, technical, and physical safeguards, which may include:

  • Encrypted transmission (HTTPS/TLS)
  • Access controls and authentication measures
  • Role-based access to systems
  • Firewall and intrusion detection systems
  • Ongoing monitoring and vulnerability management
  • Workforce privacy and security training

Despite these safeguards, no system can guarantee absolute security.

9. Children’s Information

This Site is not directed to children under age 13. We do not knowingly collect personal information directly from children through the Site without appropriate parental or guardian involvement.

10. Your Rights and Choices

You may:

  • Opt out of marketing emails
  • Request updates to inaccurate contact information
  • Contact us regarding privacy concerns
  • Exercise applicable rights under state or federal law

HIPAA-related rights are described in our Notice of Privacy Practices.

11. Do Not Track

We do not currently respond to “Do Not Track” browser signals due to the absence of a uniform industry standard.

12. Changes to This Policy

We may update this Policy periodically. Changes will be posted with a revised “Last Updated” date. Continued use of the Site constitutes acceptance of the revised Policy.

13. Contact Information

For questions about this Website Privacy Policy, contact:

Goshen Medical Center, Inc.
412 SW Center Street
Faison, NC 28341-8820
Phone: 910-267-1942