Policies

LUTHERAN SOCICAL SERVICES OF ILLINOIS 

WEBSITE PRIVACY POLICY AND TERMS OF SERVICE 

Effective Date: Last Updated – November 9th, 2022 

This website privacy policy describes the information Lutheran Social Services of Illinois, Inc., and its affiliated entities (collectively, “LSSI” or “we”) collect about you through our website, and how we use, share and store that information. This policy applies to information you provide when you access or use  our website. This policy does not apply to information we may collect by any other method than  through your access and use of our website. 

For information about how LSSI treats any personal health information you submit in the course of using  any of our programs or services, please contact our Privacy Officer at privacy@lssi.org. 

 

Changes to this Online Privacy Policy 

The effective date of this privacy policy is at the top of this webpage. We may change this privacy policy from time to time. If we make changes, we will notify you by posting the updated policy on our website  and revising the “Last Updated” date above. We encourage you to review our privacy policy whenever  you use our website to stay informed about our information practices and about ways you can help  protect your privacy. 

 

User Consent 

PLEASE REVIEW THIS PRIVACY POLICY CAREFULLY. By accessing our website or providing any information  through our website, you consent to the collection and processing of your information as described in  this privacy policy. 

IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY POLICY, THEN PLEASE DO NOT USE THIS  WEBSITE. 

 

Information We Collect 

Information You Provide 

We collect personal information you choose to provide, which generally includes your name, email  address, credit card information, address, or other information you may provide in comments to us.  Please do not provide any information that you do not want us to have.

You may provide us with your personal information when you communicate with us through our  website, including when you: 

• Contact us through our website;
• Sign up for newsletters;
• Donate to LSSI or make purchases;
• Request information about any of our programs, services or events; and
• Communicate with us in other ways through our website.

Information from Third Parties 

We may obtain additional information about you from third parties, including other non-profit  organizations, such as Lutheran World Relief, and our business partners, such as our donor database  provider. We may combine information that we collect from you with information about you that we  obtain from third parties and information from other sources. We may use the combined information  as described in this privacy policy. 

Information We Collect from Your Use of Our Website 

In addition to the information that you provide to us through our website, LSSI and its business partners may collect and store other information about your use of our website through cookies or other  technologies that track and monitor your use of our website. For more information about these  technologies, please see the section titled “Cookies” below. 

“Cookies” are small computer files transferred to your computing device that contain information such  as user ID, user preferences, browsing history and activities conducted while using our website. We use  cookies to help us improve or tailor our website by tracking your navigation habits, storing your  authentication status so you do not have to re-enter your credentials each time you use our website,  customizing your experience with our website, and for analytics and fraud prevention. For more  information on cookies, visit http://www.allaboutcookies.org. 

 

Use of Information 

We generally use the information that we collect to provide you with the information you have  requested about our programs and services, to contact you about our programs and services that may  be of interest to you, to contact you regarding fundraising and giving opportunities, and to process donations and other purchases. We also use the information we collect for the following: 

• To give you a more personalized experience when interacting with us, including informing you of  programs, events, and services tailored to your individual interests and needs; 
• To improve the content of our website and to improve our promotional and giving efforts; • To comply with our legal obligations; and 
• To analyze website usage patterns on an aggregate basis and improve our knowledge base  regarding users of our website.

 

Sharing of Information 

We may share your information with others for a number of different reasons, such as to fulfill your  requests, to provide services on our behalf, to provide you with information and to comply with laws or  protect our rights. Occasionally, we share personal information among affiliated non-profit  organizations, such as Lutheran World Relief. 

Examples of how we may share your personal information include: 

With Business Partners: We may share information with third parties who partner with us to perform  services on our behalf. Some third-party partners may collect information on our behalf from our  website and may have access to personal information when needed to perform their services. 

To Comply with Laws or to Protect Our Rights: We may disclose your personal information or  information about you as required by law when we believe disclosure is necessary to comply with a  regulatory requirement, judicial proceeding, court order, or legal process served on us, or to protect the  safety, rights, or property of our clients, the public or LSSI. 

 

Social Media and Third-Party Platforms 

Certain functions on our website may permit you to share information on third party social media sites  or platforms such as Facebook, Instagram, LinkedIn, Twitter or other similar sites. We have no control over social media sites, and providing your information to any social media sites is subject to the third  

party’s privacy policies and other legal terms. We are not responsible for the consequences of your  choosing to share your information on social media sites. 

 

Information Storage and Security 

We retain information as long as it is necessary and relevant for our uses. We also retain personal  information to comply with applicable law, prevent fraud, resolve disputes, troubleshoot problems,  assist with any investigation and other actions permitted by law. After it is no longer necessary for us to  retain information, we dispose of it according to our data retention and deletion policies. 

We take reasonable measures to protect the security of your personal information. Unfortunately, no  security system is impenetrable. As a result, we cannot ensure or warrant the security of our systems,  nor can we guarantee that the information you supply will not be intercepted while being transmitted to  us over the internet; any transmission of this information is at your own risk.  

 

Your Privacy Choices 

How You Can Access and Update Your Information 

You may update or correct information about yourself at any time or by emailing us at privacy@lssi.org. 

Options for Opting out of Cookies and Mobile Device Identifiers 

If you are interested in more information about how you can generally control cookies from being put  on your computer to deliver tailored advertising, you may visit the Network Advertising Initiative’s  Consumer Opt-Out link, the Digital Advertising Alliance’s Consumer Opt-Out link or TRUSTe’s Advertising  Choices Page to opt-out of receiving tailored advertising from companies that participate in those  programs. 

Opting out does not mean that we are no longer using our tracking tools. We still may collect  information about your use of the services even after you have opted out. 

Browser “Do Not Track” Signals 

We want to provide you with meaningful choices about the information collected on our site for third party purposes, and that is why we have given you information about the Network Advertising  Initiative’s “Consumer Opt-out” link, Digital Advertising Alliance’s Consumer Opt-Out Link, and TRUSTe’s  Advertising Choices page. However, we do not recognize or respond to browser-initiated Do Not Track  signals, as the Internet industry is still working on Do Not Track standards, implementations and  solutions. For more information about DNT signals, visit http://allaboutdnt.com. 

Links to Other Websites 

Our website may contain links to other websites and those websites may not follow the same privacy  practices as we do. We are not responsible for the privacy practices of third-party websites. We  encourage you to read the privacy policies of such third parties to learn more about their privacy  practices. 

Children 

We do not knowingly collect or maintain personally identifiable information from persons under 13  years of age without verifiable parental consent. If we learn or believe that personally identifiable  information of persons less than 13 years of age has been collected without verifiable parental consent,  then we will take the appropriate steps to delete this information. To make such a request, please  contact us at privacy@lssi.org.  

 

California Residents 

California Shine the Light Act 

California law permits users who are California residents to request and obtain from us once a year, free  of charge, a list of the third parties to whom we have disclosed their Personal Information (as defined in  the California law), if any, for their direct marketing purposes in the prior calendar year, as well as the  type of Personal Information disclosed to those parties. If you are a California resident and would like to  request this information, please submit your request in an email at privacy@lssi.org or mail your request  to our address included in the “How to Contact Us” section below. 

 

How to Contact Us 

Please contact us with any questions or concerns regarding this privacy policy in an email to privacy@lssi.org or by mail at: 

Lutheran Social Services of Illinois
Privacy Officer
Quality, Compliance and Data
1001 E. Touhy Avenue, Suite #50
Des Plaines, Illinois 60018

NOTICE OF PRIVACY PRACTICES

The effective date of this revised notice is February 3, 2026

This notice describes how health and protected health information (“PHI”) about you may be used and disclosed, how you can get access to this information, your rights with respect to your health information, and how to file a complaint concerning a violation of the privacy or security of your health information, or of your rights concerning your information. Please review this carefully.

Your client record contains personal information about you and your health. PHI is information about you that may identify you and that relates to your past, present, or future physical or mental health or condition and related services. The confidentiality of client records, including substance use records, is specifically protected by state and federal laws and regulations.

You have a right to a copy of this notice (in paper or electronic form) and to discuss it with the Privacy Officer at Privacy@lssi.org if you have any questions. We reserve the right to change the terms of this Notice at any time by posting a copy on our website http://www.lssi.org or by posting a copy at our facilities. If you have questions about this Notice of Privacy Practices or any of your rights, please contact the Privacy Officer:

HIPAA Privacy Officer at Lutheran Social Services of Illinois
1001 E. Touhy Avenue, Suite 50, Des Plaines, Illinois 60018
(847) 390-1468

HOW WE MAY USE AND DISCLOSE HEALTH INFORMATION ABOUT YOU

Listed below are examples of the uses and disclosures that LSSI may make of your PHI.   Uses and disclosures of your PHI can be made with your written authorization or as further described below.  The disclosure may be made verbally, in writing, or electronically, such as by email or text message.  Any uses or disclosures not described below will only be made with your written consent.

Treatment.  We may use your PHI to provide, coordinate, or manage your care and any related services including sharing information with others outside of LSSI that we are consulting with or referring you to for your care, such as a specialist or a laboratory. LSSI has Mental Health, Substance Use Disorder, and Child Welfare networks. If you receive services from more than one network, the networks may communicate to coordinate your treatment.

Payment.  Generally, we will obtain your authorization to use your PHI to obtain payment for your services.  We may use or disclose your PHI to determine if you have insurance benefits, to determine coverage of treatment, to process claims with your insurance company, to review services provided to you to determine medical necessity, or to undertake utilization review activities.

Healthcare Operations.  We may use or disclose your PHI, as needed, to coordinate our business activities and to share PHI with third parties that provide services to us, such as billing or computer services, quality assessment activities, employee review activities, training of students, or other service providers who have entered into agreements promising to maintain the confidentiality of your PHI.

Intermediaries.  We may share your PHI with intermediaries, including health information exchanges (HIE), accountable care organizations, or care management organizations to facilitate treatment and payment.  

Contact with our Clients.   We may use or disclose your PHI for client activities and to contact you.  We may also use a sign-in sheet at the registration desk where you will be asked to sign your name. We may also call you by name in the waiting room when it is time to be seen. We may contact you by phone or text to remind you of your appointments.  We may leave voice messages at the telephone number you provided to us.  If you choose to have us contact you by text, texting charges may apply.  If we contact you, you can tell us to contact you in another way or opt out of future contacts.  We may contact you to provide information to you about treatment alternatives or other health-related benefits and services that may be of interest to you.  We may contact you regarding LSSI’s fundraising activities.  Any fundraising materials will explain how you can inform us that you do not want to be contacted in the future.

 Required by Law. We may use or disclose your PHI if it is required by law. For example, we must make disclosures to the Secretary of the Department of Health and Human Services for the purpose of investigating or determining our compliance with the requirements of federal law.

Health Oversight. We may disclose PHI to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include government agencies and organizations that provide financial assistance to the program (such as third-party payers) and peer review organizations performing utilization and quality control.

Abuse or Neglect. We may disclose some of your PHI to a governmental agency authorized by law to receive reports of suspected abuse or neglect of children, seniors or disabled adults.

 Deceased Clients. We may disclose PHI regarding deceased clients for the purpose of determining the cause of death, in connection with laws requiring the collection of death or other vital statistics or permitting inquiry into the cause of death.

Research. Information that has no identifying information or is part of a limited data set may be used for research purposes without your authorization. PHI may only be disclosed for research purposes after a special approval process or with your authorization.

Law Enforcement. We may disclose your PHI to law enforcement officials if you have committed a crime on program premises or against program personnel.

Court Order. We may disclose your PHI if the court issues an appropriate order and follows required procedures.  For certain substance use disorder PHI, federal law requires that PHI cannot be disclosed in a criminal, civil or administrative procedure unless the appropriate court order is accompanied by a subpoena or other legal mandate compelling disclosure.

Medical Emergencies. We may use or disclose your PHI in a medical emergency situation to medical personnel only in order to prevent serious harm. Our staff will try to provide you a copy of this notice as soon as reasonably practicable after the resolution of the emergency.

Family Involvement in Care. We may disclose information to close family members or friends directly involved in your treatment based on your consent or as necessary to prevent serious harm as allowed by law.

 Public Health. If required, we may use or disclose your PHI for mandatory public health activities to a public health authority authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury, or disability, or if directed by a public health authority, to a government agency that is collaborating with that public health authority.

Interagency Disclosures. Limited PHI may be disclosed for the purpose of coordinating services among government programs that provide mental health, counseling, or developmental disabilities services where those programs have entered into an interagency agreement.

Public Safety. We may disclose PHI to avert a serious threat to health or safety, such as physical or mental injury being inflicted on you or someone else as allowed by law.

Alliance Membership. LSSI participates with other behavioral health services agencies (each, a “Participating Covered Entity”) in one or more managed care networks, including, but not limited to the IPA Network established by Illinois Health Practice Alliance, LLC (the “IHP Company”). Through the IHP Company and any other such managed care network(s),   all Participating Covered Entities (including LSSI) participate in joint quality assurance activities, and/or share financial risk for the delivery of health care with other Participating Covered Entities, and as such qualify to participate in an Organized Health Care Arrangement (“OHCA”), as defined by the Privacy Rule (under HIPAA). As OHCA participants, all Participating Covered Entities (including LSSI), may share the PHI of their clients for Treatment, Payment and Health Care Operations purposes of all of the OHCA participants.

 Alliance Participation. LSSI may also participate with other providers in an alliance of providers, as governed by various agreements between LSSI and these alliances.  These agreements allow the sharing of data among members of the alliances within certain confidentiality restrictions imposed by law and the Notice of Privacy Practices of the alliance.

YOUR RIGHTS REGARDING YOUR PROTECTED HEALTH INFORMATION

Your rights with respect to your PHI are explained below. Any requests with respect to these rights must be in writing.

Right to revoke consent: You have the right to revoke your written consent at any time.

 Right to inspect and copy: You may inspect and obtain a copy of your PHI that is contained in a designated record set for as long as we maintain the record. A “designated record set” contains medical and billing records and any other records that the program uses for making decisions about you. We may require you to request access to your information in writing. We may charge you a reasonable cost-based fee for copies. If your records are maintained electronically, you may also request an electronic copy of that portion of your record.  We can deny you access to your PHI in certain circumstances and in some cases, you will have a right to appeal the denial.

 Right to request an amendment: You may request, in writing, that we amend your PHI that has been included in a designated record set. In certain cases, we may deny your request for an amendment. If we deny your request for an amendment, you have the right to file a statement of disagreement to be included in your record.

Right to an accounting of certain disclosures: You may request an accounting of disclosures for a period of up to three (3) years unless otherwise required by law. We may charge you a reasonable fee if you request more than one accounting in a 12-month period.

Right to request added restrictions: You have the right to ask us not to use or disclose any part of your PHI for treatment, payment, or healthcare operations or to family members involved in your care. Your request for restrictions must be in writing. We are not required to agree to your requested restrictions, unless the request is to restrict disclosure of PHI to a health plan for purposes of carrying out payment or healthcare operations, and the PHI pertains to a healthcare item or service that you paid for out of pocket and in full. In that case, we are required to honor your request for a restriction. In all other cases, we may decide whether or not to agree to the restriction.

 Right to request confidential communications: You have the right to request to receive confidential communications from us by alternative means or at an alternative location. We will accommodate reasonable, written requests. We may also condition this accommodation by asking you for information regarding how payment will be handled or specification of an alternative address or other method of contact.

COMPLAINTS

If you believe we have violated your privacy rights, you may file a complaint, in writing, to us by notifying the Privacy Officer. We will not retaliate against you for filing a complaint.  You may also file a complaint with the U.S. Secretary of Health and Human Services at 200 Independence Avenue, S.W. Washington, D.C. 20201.

Breach Notification. If there is a breach of unsecured PHI concerning you, we may be required to notify you of this breach.

ADDITIONAL INFORMATION REGARDING CERTAIN SUBSTANCE USE RECORDS

Notice to Substance Use Disorder Clients. The confidentiality of substance use disorder PHI records for clients participating in Part 2 programs has additional protections and additional client rights under federal law and regulations (see 42 CFR Part 2). Generally, the Part 2 program may not disclose that a client attends the program, disclose any information identifying the client as a substance use disorder client or disclose Part 2 protected PHI for purposes of treatment, payment or health care operations, unless: (1) the client consents in writing; or (2) the disclosure is allowed by court order (see above regarding additional requirements for the disclosure of Part 2 records subject to a court order); or (3) the disclosure is made to medical personnel in a medical emergency or to qualified personnel for research, audit, or program evaluation; or (4) the client commits or threatens to commit a crime either at the program or against any person who works for the program.

Violation of federal law and regulations by a Part 2 program is a crime. Suspected violations may be reported to the Privacy Officer or the U.S. Attorney’s Office at 219 S. Dearborn in Chicago, Illinois.

Federal law and regulations do not protect any information about suspected child abuse or neglect from being reported under state law to appropriate state agencies or to local law enforcement.

For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.