Terms and Conditions | Civitas Health Services

Terms & Conditions
Last updated: July 30, 2025

1. Introduction
Welcome to Civitas Health Services Inc. (“Civitas,” “we,” “our,” or “us”). These Terms & Conditions (“Terms”) govern your use of our website, online forms, and any related services (collectively, the “Services”). By accessing or using the Services, you agree to be bound by these Terms and by our Privacy & Cookie Policy (Section 6). If you do not agree, do not use the Services.

2. Eligibility & Use of Services
1. You must be at least 18 years old (or the age of majority in your jurisdiction) to submit information through our Services.
2. You agree to provide accurate, current, and complete information.
3. You may use the Services only for lawful purposes and in accordance with all applicable federal and Virginia state laws and regulations, including—but not limited to—HIPAA, the Telephone Consumer Protection Act (TCPA), the CAN‑SPAM Act, and the Virginia Consumer Data Protection Act (VCDPA).
3. Consent to Phone, SMS/Text, and Email Communications
By supplying your phone number and/or email address and actively opting‑in (for example, by checking a consent box and clicking “Submit”), you:

Phone & SMS – Consent to receive autodialed, prerecorded, or live calls and SMS/text messages from Civitas at the number provided, in accordance with the TCPA and CTIA guidelines. Standard carrier message and data rates may apply.
Email – Consent to receive transactional or marketing emails from Civitas pursuant to the CAN‑SPAM Act. Each marketing email will include a clear opt‑out link.
Frequency & Purpose – Communications may include appointment reminders, care coordination, service updates, educational materials, satisfaction surveys, or marketing offers.
Opt‑Out – You may withdraw consent at any time:
- SMS: Reply “STOP.”
- Email: Click the “unsubscribe” link.
- Phone: Inform the caller, or email info@civitashealth.com.
  Withdrawal will not affect legal notices or messages that we are otherwise permitted to send.

4. Protected Health Information (PHI) & Privacy
1. HIPAA Compliance – We comply with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations.
2. Use & Disclosure – Any PHI you provide is used or disclosed only for treatment, payment, health‑care operations, or as otherwise authorized by you or permitted by law.
3. Secure Storage – All PHI is stored in an encrypted, HIPAA‑compliant database/server. Data are encrypted in transit and at rest using industry‑standard protocols (e.g., TLS 1.2+ for transmission; AES‑256 for storage).
4. Access Controls – Only authorized personnel with a legitimate “need‑to‑know” may access PHI. Role‑based access, audit logging, and routine risk assessments are enforced.
5. Breach Notification – In the event of a breach involving your PHI, we will notify you in accordance with HIPAA Breach Notification Rules and any applicable Virginia requirements.
5. User Responsibilities

Accuracy – You are responsible for ensuring that any information you submit is accurate and complete.
Security – You must maintain the confidentiality of your own login credentials and report any unauthorized use immediately.
Prohibited Conduct – You agree not to:
- Engage in fraud, misrepresentation, or any illegal activity.
- Attempt to reverse engineer or interfere with the Services’ functionality.
- Upload malicious code or PHI that you are not authorized to share.

6. Privacy & Cookie Policy
6.1 Information We Collect

Voluntarily Provided Data – e.g., contact details, health information you enter into forms.
Automatically Collected Data – IP address, browser type, device identifiers, pages visited, and similar usage data.

6.2 How We Use Cookies & Tracking Technologies
Type of CookiePurposeExamples
EssentialEnable core site functionality (e.g., session management, form security).__SecureSessionId
AnalyticsMeasure site traffic and performance.Google Analytics (anonymized IPs)
PreferencesRemember user settings.Language or region selection
Advertising (limited)Measure response to our ads; we do not serve third‑party behavioral ads containing PHI.Facebook Pixel (hashed data)
Your Choices –

Cookie Banner – When you first visit, we display a banner requesting consent. Essential cookies load automatically; all others load only after you click “Accept.”
Browser Controls – Most browsers let you delete or block cookies.
Do Not Track (“DNT”) – We honor DNT signals for analytics and advertising cookies.

6.3 Legal Basis & Data Subject Rights
Under the VCDPA, you have the right to access, correct, delete, and obtain a copy of personal data, or to opt out of processing for targeted advertising and profiling. Submit requests to info@civitashealth.com. We will respond within 45 days.
7. Security Measures

Encryption – TLS 1.2+ for data in transit, AES‑256 for data at rest.
Network Protections – Firewalls, intrusion detection, and routine penetration testing.
Vendor Due Diligence – Business Associate Agreements (BAAs) in place for all HIPAA‑covered service providers.
Incident Response – Documented procedures for detection, containment, eradication, and recovery.

8. Disclaimer & Limitation of Liability
The Services are provided “as is” without warranties of any kind. To the fullest extent permitted by law, Civitas disclaims all liability for damages arising from your use of—or inability to use—the Services, except where such limitations are prohibited by HIPAA, the VCDPA, or other governing law.
9. Changes to These Terms
We may revise these Terms from time to time. Material changes will be posted on this page with a revised “Last updated” date, and (when required by law) we will seek affirmative consent. Your continued use after changes are posted constitutes acceptance.

10. Contact Us
Questions or concerns?
Civitas Health Services Inc.

20 West Williamsburg Road, Sandston, VA 23150
Phone: (804) 737‑3917
Email: info@civitashealth.com
© 2025 Civitas Health Services Inc. All rights reserved.

Phone & SMS – Consent to receive autodialed, prerecorded, or live calls and SMS/text messages from Civitas at the number provided, in accordance with the TCPA and CTIA guidelines. Standard carrier message and data rates may apply.

Email – Consent to receive transactional or marketing emails from Civitas pursuant to the CAN‑SPAM Act. Each marketing email will include a clear opt‑out link.

Frequency & Purpose – Communications may include appointment reminders, care coordination, service updates, educational materials, satisfaction surveys, or marketing offers.

Opt‑Out – You may withdraw consent at any time:

SMS: Reply “STOP.”

Email: Click the “unsubscribe” link.

Phone: Inform the caller, or email info@civitashealth.com. Withdrawal will not affect legal notices or messages that we are otherwise permitted to send.

Accuracy – You are responsible for ensuring that any information you submit is accurate and complete.

Security – You must maintain the confidentiality of your own login credentials and report any unauthorized use immediately.

Prohibited Conduct – You agree not to:

Engage in fraud, misrepresentation, or any illegal activity.

Attempt to reverse engineer or interfere with the Services’ functionality.

Upload malicious code or PHI that you are not authorized to share.

6. Privacy & Cookie Policy 6.1 Information We Collect

Voluntarily Provided Data – e.g., contact details, health information you enter into forms.

Automatically Collected Data – IP address, browser type, device identifiers, pages visited, and similar usage data.

Cookie Banner – When you first visit, we display a banner requesting consent. Essential cookies load automatically; all others load only after you click “Accept.”

Browser Controls – Most browsers let you delete or block cookies.

Do Not Track (“DNT”) – We honor DNT signals for analytics and advertising cookies.

Encryption – TLS 1.2+ for data in transit, AES‑256 for data at rest.

Network Protections – Firewalls, intrusion detection, and routine penetration testing.

Vendor Due Diligence – Business Associate Agreements (BAAs) in place for all HIPAA‑covered service providers.

Incident Response – Documented procedures for detection, containment, eradication, and recovery.

Email – Consent to receive transactional or marketing emails from Civitas pursuant to the CAN‑SPAM Act. Each marketing email will include a clear opt‑out link.

SMS: Reply “STOP.”

Phone: Inform the caller, or email info@civitashealth.com.
Withdrawal will not affect legal notices or messages that we are otherwise permitted to send.

6. Privacy & Cookie Policy
6.1 Information We Collect

Voluntarily Provided Data – e.g., contact details, health information you enter into forms.

Automatically Collected Data – IP address, browser type, device identifiers, pages visited, and similar usage data.

Encryption – TLS 1.2+ for data in transit, AES‑256 for data at rest.