Data Handling Policy
This policy explains how we collect, store, process, and protect your personal and health information in compliance with HIPAA and applicable privacy laws.
Types of Data We Handle
Personal Information: Name, contact details, billing information.
Protected Health Information (PHI): Therapy notes, diagnoses, treatment plans.
Technical Data: IP addresses, browser details, cookies for site functionality.
Collection Methods
Online forms and scheduling tools.
Secure telehealth platforms.
Direct communication (email, phone, video).
Storage & Security
All PHI is stored in HIPAA-compliant systems.
Data is encrypted in transit and at rest.
Access is restricted to authorized personnel only.
Data Sharing
We do not sell or share your data for marketing.
​
Information may be shared only:
With your written consent.
As required by law.
For treatment, payment, or healthcare operations.
Retention & Disposal
Records are retained according to state and federal regulations.
Secure deletion methods are used when data is no longer needed.
Your Rights
Request access to your records.
Request corrections or amendments.
Request restrictions on certain uses or disclosures.
Breach Notification
In the event of a data breach, we will notify affected individuals as required by HIPAA and applicable laws.