Privacy Policy
Last Updated: 11/12/25
Introduction
The Buddha's Medicine LLC ("Company," "we," "us," or "our") is committed to protecting your privacy and maintaining the confidentiality of your personal and health information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you:
Visit our website www.thebuddhasmedicine.com (the "Website")
Receive healthcare services from our providers
Engage with our content, newsletters, or educational materials
Our Healthcare Providers:
Dr. Matt Van Auken, MD, MPH, ABOIM, DipABLM, E-RYT, YACEP - Ayurveda and Integrative Medicine
Jamie Van Auken, MA, Registered Marriage and Family Therapist Associate, E-RYT 500 of Path With Heart Therapy - Mental Health Therapy
The term "you" refers to the user, viewer, or patient accessing our Website or receiving our services.
Please read this Privacy Policy carefully before using this Website or engaging our services. By using our Website or receiving our services, you consent to the practices described in this Privacy Policy.
HIPAA Notice of Privacy Practices
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
Introduction to HIPAA
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that requires healthcare providers to maintain the privacy and security of your Protected Health Information (PHI). PHI is information in your health record that could identify you, combined with information about your health condition, healthcare services you receive, or payment for healthcare services.
This Notice of Privacy Practices describes how The Buddha's Medicine and our healthcare providers may use and disclose your PHI to carry out treatment, payment, or healthcare operations, and for other purposes permitted or required by law.
Our Legal Duty
We are required by federal and state law to:
Maintain the privacy and security of your Protected Health Information
Provide you with this Notice of our legal duties and privacy practices with respect to your PHI
Follow the terms of the Notice currently in effect
Notify you if we are unable to agree to a requested restriction on how we use or disclose your PHI
Accommodate reasonable requests you may have to communicate health information by alternative means or at alternative locations
We reserve the right to change our privacy practices and the terms of this Notice. If we make a material change to our privacy practices, we will provide you with a revised Notice.
Our Healthcare Providers and Scope of Practice
Dr. Matt Van Auken, MD, MPH is a board-certified physician licensed to practice medicine in multiple states across the United States. Dr. Matt specializes in Ayurvedic medicine, integrative medicine, and lifestyle medicine, providing comprehensive care for patients nationwide through in-person visits at our Portland, Oregon-based clinic and via telehealth / telemedicine for patients in states where he holds active medical licensure.
Jamie Van Auken, MA is a Registered Marriage and Family Therapist Associate licensed exclusively in Oregon (#R11588) & Washington (MFTA.MG.70029753). Jamie provides mental health therapy services only to residents of Oregon and Washington, under the supervision of Dr. Lana Kim (T123) & Lori Henry (T2067). Jamie specializes in couples therapy, trauma recovery, neurodiversity-affirming care, eating disorders, and related mental health services.
Both providers practice at The Buddha's Medicine and are covered by this Notice of Privacy Practices.
How We May Use and Disclose Your Protected Health Information
Uses and Disclosures for Treatment, Payment, and Healthcare Operations
We may use and disclose your PHI for the following purposes:
Treatment: We use and disclose PHI to provide, coordinate, or manage your healthcare and related services. This includes consultations with other healthcare providers involved in your care, referrals to specialists, and coordination between our providers (e.g., Dr. Matt and Jamie consulting on integrated care).
Examples:
Dr. Matt may share relevant health information with Jamie if you're receiving both medical and mental health services
We may contact you to discuss treatment options or appointment scheduling
We may disclose PHI to pharmacies to fill prescriptions
We may consult with other healthcare professionals about your care
Payment: We may use and disclose PHI to bill and collect payment for services provided to you. This includes disclosures to your health insurance company, billing services, and collection agencies if necessary.
Examples:
Submitting claims to your insurance company with diagnosis and treatment codes
Providing information to verify insurance coverage and benefits
Collecting payment for services rendered
Healthcare Operations: We may use and disclose PHI for our healthcare operations, which include quality assessment and improvement activities, training, business planning, customer service, and other administrative activities necessary to run our practice and ensure quality care.
Examples:
Quality improvement activities and outcome assessments
Training healthcare students, residents, or other learners
Business planning and development
Conducting audits and compliance reviews
Uses and Disclosures That Require Your Written Authorization
Other uses and disclosures not described in this Notice will be made only with your written authorization. You have the right to revoke such authorization in writing at any time, except to the extent that we have already taken action in reliance on the authorization.
Psychotherapy Notes: Notes recorded by Jamie Van Auken documenting or analyzing the contents of conversation during a private counseling session are held to a higher standard of confidentiality. We will obtain your specific written authorization before disclosing psychotherapy notes, except in very limited circumstances permitted by law.
Sale of PHI: We will not sell your PHI without your written authorization.
Uses and Disclosures That Do Not Require Your Authorization
In certain limited circumstances, federal and state law allows or requires us to use or disclose your PHI without your authorization:
Required by Law
We will disclose PHI when required to do so by federal, state, or local law, including but not limited to:
Reporting communicable diseases to public health authorities
Reporting adverse events related to medical devices or products
Complying with workers' compensation laws
Responding to court orders or lawfully issued subpoenas
To Avert a Serious Threat to Health or Safety
We may disclose PHI when necessary to prevent or lessen a serious and imminent threat to your health or safety or the health or safety of another person or the public. Disclosure will be made only to someone able to help prevent or reduce the threat.
Mandatory Reporting - Oregon and Washington Requirements (Jamie Van Auken, MA, Registered Marriage and Family Therapist Associate)
Note: The following mandatory reporting requirements apply specifically to mental health therapy services provided by Jamie Van Auken, MA, Registered Marriage and Family Therapist Associate, who is licensed only in Oregon and Washington. Dr. Matt Van Auken's medical practice is subject to mandatory reporting requirements in each state where he provides services, in accordance with that state's specific laws.
Oregon Law - Mental Health Therapy Services:
Oregon law requires Jamie Van Auken to report:
Child Abuse or Neglect: Suspected child abuse or neglect must be reported to the Oregon Department of Human Services or law enforcement.
Vulnerable Adult Abuse: Suspected abuse, neglect, or financial exploitation of vulnerable adults or elderly persons must be reported to appropriate authorities.
Danger to Self or Others: Threats of serious harm to self or others when there is an imminent risk.
Washington Law - Mental Health Therapy Services:
Washington law requires Jamie Van Auken to report:
Child Abuse or Neglect: Suspected child abuse or neglect must be reported to the Washington Department of Children, Youth, and Families or law enforcement within 48 hours (RCW 26.44.030).
Vulnerable Adult Abuse: Suspected abuse, neglect, abandonment, or financial exploitation of vulnerable adults must be reported immediately to the Washington Department of Social and Health Services (DSHS) at 1-866-END-HARM (363-4276). Suspected sexual assault or certain physical assaults must also be reported to law enforcement (RCW 74.34.035).
Danger to Self or Others: Threats of serious and imminent harm to self or others must be reported to appropriate authorities.
Health Oversight Activities
We may disclose PHI to health oversight agencies for activities authorized by law, including audits, investigations, inspections, licensure or disciplinary actions, and other activities necessary for oversight of the healthcare system and government benefit programs.
Legal Proceedings
We may disclose PHI in response to a court order, subpoena, discovery request, or other lawful process, but only after we make reasonable efforts to notify you of the request or to obtain a protective order.
Law Enforcement
We may disclose PHI to law enforcement officials as required by law or in response to a valid subpoena, court order, or administrative request, or to report certain types of wounds or injuries.
Coroners, Medical Examiners, and Funeral Directors
We may disclose PHI to coroners or medical examiners for purposes of identifying a deceased person, determining cause of death, or other duties as authorized by law. We may also disclose PHI to funeral directors as necessary to carry out their duties.
Organ and Tissue Donation
If you are an organ donor, we may disclose PHI to organizations that handle organ procurement or transplantation for purposes of facilitating donation and transplantation.
Research
We may use or disclose PHI for research purposes when an Institutional Review Board or privacy board has reviewed the research proposal and established protocols to ensure the privacy of your information.
Workers' Compensation
We may disclose PHI as authorized by and to comply with workers' compensation laws or similar programs established by law.
Public Health Activities
We may disclose PHI for public health activities, including:
Preventing or controlling disease, injury, or disability
Reporting births, deaths, or disease as required by law
Reporting reactions to medications or problems with products to the FDA
Notifying persons who may have been exposed to a disease or at risk of contracting or spreading a disease
Notifying appropriate government authorities if we believe a patient has been the victim of abuse, neglect, or domestic violence (only if patient agrees or we are required by law)
Military, Veterans, and National Security
If you are a member of the armed forces, we may disclose PHI as required by military command authorities. We may also disclose PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.
Your Rights Regarding Your Protected Health Information
You have the following rights with respect to your PHI:
Right to Inspect and Copy
You have the right to inspect and obtain a copy of your health record, including medical and billing records. To inspect or obtain copies of your health record, you must submit a written request. We may charge a reasonable fee for copying and mailing costs. In certain limited circumstances, we may deny your request to inspect or copy your health records, and you may have the right to request a review of that denial.
Right to Amend
If you believe that information in your health record is incorrect or incomplete, you may request that we amend it. Your request must be in writing and must include a reason supporting the request. We may deny your request if:
The information was not created by us (unless the person or entity that created it is no longer available)
The information is not part of the health record
The information is not permitted to be inspected under law
The information is accurate and complete
If we deny your request, you will receive a written explanation and have the right to submit a written statement of disagreement.
Right to an Accounting of Disclosures
You have the right to request an "accounting of disclosures," which is a list of certain disclosures we have made of your PHI. This list will not include:
Disclosures for treatment, payment, or healthcare operations
Disclosures made to you or your personal representative
Disclosures made pursuant to your authorization
Disclosures for national security or intelligence purposes
Disclosures to correctional institutions or law enforcement officials
Disclosures that are part of a limited data set
Your request must be in writing and specify the time period for the accounting (not to exceed six years and not including dates before April 14, 2003). The first accounting in a 12-month period is free; we may charge a reasonable fee for subsequent requests.
Right to Request Restrictions
You have the right to request restrictions on how we use or disclose your PHI for treatment, payment, or healthcare operations. You also have the right to request restrictions on disclosures to family members or others involved in your care.
We are not required to agree to your request except in the following situation: If you pay for a service or healthcare item out-of-pocket in full, you may request that we not share that information with your health insurance company for payment or healthcare operations purposes, and we must honor that request.
To request restrictions, you must submit your request in writing, specifying what information you want to limit and to whom you want the limits to apply.
Right to Request Confidential Communications
You have the right to request that we communicate with you about health matters in a certain way or at a certain location. For example, you may request that we contact you only at work or only by mail.
Your request must be in writing and must specify how or where you wish to be contacted. We will accommodate reasonable requests without requiring an explanation.
Right to a Paper Copy of This Notice
You have the right to obtain a paper copy of this Notice at any time, even if you have agreed to receive the Notice electronically. You may request a copy by contacting our office or downloading it from our website at www.thebuddhasmedicine.com/policies/privacy-policy.
Right to Be Notified of a Breach
You have the right to be notified if we (or one of our Business Associates) discover a breach of your unsecured PHI.
Changes to This Notice
We reserve the right to change the terms of this Notice and to make new provisions effective for all PHI we maintain. If we make material changes to this Notice, we will:
Post the revised Notice on our website
Provide copies to patients upon request
For current patients, make the revised Notice available at our next appointment or upon request
Complaints
If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services.
To file a complaint with us:
The Buddha's Medicine
3310 SE Oak St
Portland, OR 97214
Email: Contact
To file a complaint with the federal government:
U.S. Department of Health and Human Services
Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
Phone: 1-877-696-6775
Website: www.hhs.gov/ocr/privacy/hipaa/complaints
You will not be penalized or retaliated against for filing a complaint.
Website Privacy Policy
Information We Collect
Information You Provide to Us
We collect personal information that you voluntarily provide when you:
Newsletter Subscriptions:
Name and email address when you sign up for our newsletter
New Patient Inquiries:
Name, email address, and phone number when you schedule a free consultation or request to become a new patient
Contact Forms:
Name and email address when you submit questions or inquiries through our contact forms
Appointment Communications:
Phone number for appointment reminders, billing issues, and appointment scheduling
SMS/Text Messaging (When You Opt-In):
Phone number
Consent to send SMS messages
Email address
Basic contact information
Messaging history
We use your SMS information to:
Send appointment reminders and updates
Provide practice information and updates
Deliver relevant content based on your preferences
Billing Information:
Name, address, and credit card information to process payment for products or services under our contractual obligation
Co-Branded Offers:
If we collect information through a co-branded offer with another organization, we will clearly identify who is collecting the information, whose privacy policy applies, and provide links to all applicable privacy policies
Please note: All Personal Data you provide is voluntary. By providing this information, you consent to our use, collection, and processing of this data as described in this Privacy Policy. You may opt-out or request deletion of your Personal Data at any time by contacting us. However, if you choose not to provide certain information, you may not be able to access certain features of our Website or services.
Information We Collect Automatically
Anonymous Data Collection:
To maintain and improve our Website, we may automatically collect:
IP Address: Your computer's IP address helps us diagnose server problems, administer the Website, identify heavily used areas, and display content according to your preferences. This "traffic data" cannot personally identify you but helps us improve our services and marketing. Anonymous traffic data may be shared with business partners and advertisers on an aggregate basis.
Analytics: We use third-party analytics services (such as Google Analytics) to understand how visitors use our Website. These services may use cookies and similar technologies to collect information about your use of the Website.
How We Use Your Information
We use the information we collect for the following purposes:
1. To Contact You
We may contact you using the information you provide based on these lawful grounds:
Consent: We contact you when you give us clear, unambiguous, affirmative consent (e.g., signing up for our newsletter).
Contract: We contact you to fulfill our contractual obligation to deliver goods or services you purchase from us (e.g., appointment confirmations, billing matters).
Legitimate Interest: We may contact you if we believe you have a legitimate interest in hearing from us (e.g., follow-up after attending an educational event). You always have the option to opt out of marketing communications.
2. To Provide Healthcare Services
We use your Personal Data to:
Schedule and confirm appointments
Provide medical and mental health services
Coordinate care between our providers
Send appointment reminders
Process payments and billing
Maintain health records
Comply with legal and regulatory requirements
3. To Process Payments
We use your Personal Data to process payments for goods or services under contract. We only use third-party payment processors that employ robust security measures and comply with applicable data protection regulations including GDPR and PCI DSS standards.
4. To Improve Our Services
We use aggregated, anonymized data to:
Analyze Website traffic and usage patterns
Improve Website design and functionality
Develop new services and content
Conduct quality improvement activities
Enhance patient experience
5. To Communicate Practice Updates
We may use your contact information to:
Send practice announcements and updates
Share educational content and resources
Provide information about new services
Deliver newsletters (if you've subscribed)
You may unsubscribe from marketing communications at any time.
How We Share Your Information
Third-Party Service Providers
We may share your information with trusted third-party service providers who assist us in operating our Website and providing services, including:
Newsletter and Email Marketing: We use email service providers to send newsletters and marketing communications to subscribers who have opted in.
Payment Processing: We use secure, compliant payment processors to handle billing and payment transactions. We do not store complete credit card information on our servers.
Website Hosting and Technology: We use hosting providers and technology services to maintain our Website and online systems.
Practice Management Software: We use HIPAA-compliant electronic health record (EHR) systems (Practice Better) to manage appointments, health records, and patient communications.
Business Advisors and Consultants: We may share information with professional advisors (attorneys, accountants, consultants) who provide services to us and are bound by confidentiality obligations.
We do not share your personal information, phone number, or SMS opt-in data with third parties for their marketing or promotional purposes.
Business Transfers
In connection with a merger, acquisition, reorganization, restructuring, financing transaction, or sale of assets, your information may be transferred to the acquiring entity, subject to this Privacy Policy.
Legal Requirements
We may disclose your information:
As required by law or administrative order
To assert or defend legal claims or rights
To comply with court orders or legal processes
To protect the rights, property, or safety of The Buddha's Medicine, our patients, or others
To prevent fraud or security threats
With Your Consent
We may share your information for other purposes with your explicit consent.
Information Shared Publicly
When you voluntarily make your Personal Data available for public viewing through our Website (e.g., commenting on blog posts, submitting a public review / testimonial), that information may be seen, collected, and used by others. We cannot be responsible for unauthorized or improper use of information you voluntarily share publicly.
Data Storage, Transfer, and Security
Storage and Transfer
Personal Data you provide is stored internally or through secure data management systems. Your Personal Data is accessed only by those who need it to obtain, manage, or store that information, or who have a legitimate need to know (e.g., hosting providers, newsletter providers, payment processors, team members).
International Data Transfers: For users in the European Union, please be aware that we may transfer Personal Data outside of the European Union to the United States. By using our Website and providing Personal Data, you consent to these transfers in accordance with this Privacy Policy.
Data Retention
We retain your Personal Data for the minimum time necessary to:
Provide you with requested information and services
Fulfill legal, contractual, and accounting obligations
Comply with healthcare record retention requirements
Healthcare Records: Medical and mental health records are retained in accordance with federal HIPAA requirements and applicable state laws.
Dr. Matt Van Auken's medical records are retained according to the laws of the state where services were provided, typically for a minimum of 7-10 years after the last date of service or longer as required by applicable state law.
Jamie Van Auken's mental health therapy records are retained in accordance with Oregon and Washington state requirements, typically for a minimum of 7-10 years after the last date of service.
Website Data: Website usage data, newsletter subscriptions, and marketing information are retained as long as necessary for the purposes described in this Policy or until you request deletion.
Security Measures
We take commercially reasonable steps to protect your Personal Data from misuse, disclosure, unauthorized access, alteration, and destruction. Our security measures include:
Technical Safeguards:
Secure Socket Layer (SSL) encryption for data transmission
Secure servers and encrypted data storage
Firewalls and intrusion detection systems
Regular security assessments and updates
Access controls and authentication procedures
Physical Safeguards:
Secure facilities with controlled access
Locked storage for physical records
Secure disposal of records when no longer needed
Administrative Safeguards:
Staff training on privacy and security practices
Confidentiality agreements with all staff and contractors
Written policies and procedures
Incident response protocols
We only share your Personal Data with trusted third parties who employ the same level of care in processing your information as we do.
Important Note: While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security. If we become aware of a data breach affecting your information, we will notify you as required by law.
Your Privacy Rights and Choices
Access and Correction
You have the right to request access to your Personal Data and to request correction of inaccurate or incomplete information.
Deletion ("Right to Be Forgotten")
You have the right to request deletion of your Personal Data, subject to legal and contractual retention requirements.
Restriction of Processing
You have the right to request that we restrict processing of your Personal Data if you believe it is inaccurate, unlawful, or no longer needed.
Data Portability
You have the right to receive your Personal Data in a portable format and to request transfer to another controller without hindrance from us.
Object to Processing
You have the right to object to our use of your Personal Data for certain purposes.
Withdraw Consent
You have the right to withdraw your consent to processing of your Personal Data at any time.
Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing, including profiling, that legally or significantly affects you.
Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority if you believe we are using your Personal Data unlawfully.
Unsubscribe from Marketing
You may unsubscribe from marketing emails at any time using the unsubscribe link in the footer of all email communications. If you experience problems unsubscribing, please contact us.
Manage SMS Preferences
You may opt out of SMS messages at any time by following the instructions provided in the messages or by contacting us directly.
To exercise any of these rights, please contact us:
The Buddha's Medicine
3310 SE Oak St
Portland, OR 97214
Email: Contact
Passwords and Account Security
If you use features requiring a username and password, you are responsible for maintaining the confidentiality of your login credentials and for all activities that occur under your account.
Your Responsibilities:
Keep your username and password confidential
Do not share your credentials with others
Log out at the end of each session
Notify us immediately of any unauthorized access or security breach
We will use our best efforts to keep your credentials private and will not share them without your consent, except as necessary when required by law.
Anti-Spam Policy
We have a strict no-spam policy and comply with the CAN-SPAM Act of 2003. We will:
Never send misleading information
Provide clear unsubscribe options in all marketing emails
Honor opt-out requests promptly
Not sell, rent, or share your email address with third parties for marketing purposes
Third-Party Websites and Links
Our Website may contain links to third-party websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites. We cannot be held liable for:
The privacy practices of linked websites
Information you voluntarily share with third-party websites
Damage or loss caused by use of or reliance on third-party websites
We strongly advise you to review the privacy policies of any third-party websites you visit.
Children's Privacy
Our Website and services are directed to adults aged 18 and older. We do not knowingly collect personal information from anyone under 18 years of age in compliance with:
COPPA (Children's Online Privacy Protection Act)
GDPR (General Data Protection Regulation)
Medical Services (Dr. Matt Van Auken): Minors may receive medical treatment with parental/guardian consent as permitted by applicable state law where services are provided. Parents/guardians will be provided with appropriate privacy information regarding their minor child's care.
Mental Health Services (Jamie Van Auken): Minors may receive mental health therapy services with parental/guardian consent as permitted by Oregon and Washington law. In such cases, parents/guardians will be provided with appropriate privacy information regarding their minor child's treatment, including any confidentiality protections afforded to adolescents under state law.
If we discover we have inadvertently collected information from a minor without proper consent, we will delete it immediately. If you believe we have collected information from a minor, please contact us.
Changes to This Privacy Policy
We reserve the right to change, modify, or update this Privacy Policy at any time at our sole discretion. Changes become effective immediately upon posting to our Website.
We will notify you of material changes by:
Posting a prominent notice on our Website
Sending an email to the address you provided (if applicable)
Providing written notice at your next appointment (for current patients)
Your continued use of our Website or services after changes are posted constitutes acceptance of the revised Privacy Policy. We encourage you to review this Privacy Policy periodically.
Data Controllers and Processors
The Buddha's Medicine is the data controller, as we collect and use your Personal Data. We use trusted third-party data processors for technical and organizational purposes, including payment processing and email marketing. We use reasonable efforts to ensure our data processors comply with GDPR and other applicable data protection regulations.
California Privacy Rights
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA).
European Union Users
If you are located in the European Union, you have rights under the GDPR as described in this Privacy Policy. We rely on the following lawful bases for processing your Personal Data:
Consent: When you have given clear consent
Contract: When processing is necessary for a contract with you
Legal Obligation: When we must comply with the law
Legitimate Interests: When we have a legitimate interest that doesn't override your rights
Contact Us
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how we handle your information, please contact us:
The Buddha's Medicine
3310 SE Oak St
Portland, OR 97214
Email: Contact
Website: www.thebuddhasmedicine.com
Acknowledgment: By using this Website and engaging our services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.
