Privacy Policy

Effective Date: January 1, 2025

Last Updated: January 1, 2025

At Auntie NY Counseling, protecting your privacy and maintaining the confidentiality of your Protected Health Information (PHI) is our highest priority. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and applicable state laws.

By using our services, website, or scheduling a consultation, you acknowledge that you have read, understood, and agree to this Privacy Policy.

1. Protected Health Information (PHI)

What is PHI?

Protected Health Information includes any information about your health status, provision of health care, or payment for health care that can be linked to you. This includes:

Name, address, phone number, email
Date of birth, Social Security number
Medical records, treatment notes, diagnoses
Payment and billing information
Any other identifiable information related to your mental health care

How We Protect Your PHI

We implement administrative, physical, and technical safeguards to protect your PHI:

Encryption: All electronic PHI is encrypted both in transit and at rest
Secure Communication: HIPAA-compliant telehealth platforms (Zoom for Healthcare, Doxy.me)
Access Controls: Strict password policies and multi-factor authentication
Physical Security: Locked file cabinets for paper records, secure office space
Staff Training: All staff receive HIPAA compliance training
Business Associate Agreements: All third-party vendors sign BAAs ensuring HIPAA compliance

2. Information We Collect

Information You Provide

Contact Information: Name, email, phone number, mailing address
Demographic Information: Date of birth, gender identity, cultural background
Health Information: Mental health history, current symptoms, treatment goals
Insurance Information: Insurance provider details, policy numbers (if applicable)
Payment Information: Credit card details (processed securely through HIPAA-compliant payment processors)
Session Notes: Clinical notes from therapy sessions (stored securely, never shared without consent)

Information Collected Automatically

Website Usage Data: IP address, browser type, pages visited, time spent on site (collected via cookies)
Analytics Data: Aggregated, anonymized data about website traffic and user behavior
Communication Logs: Records of emails, calls, and messages (for appointment scheduling and coordination)

3. How We Use Your Information

We use your information for the following purposes:

Treatment: Provide therapy services, create treatment plans, and maintain clinical records
Payment: Process payments, bill insurance companies (with your authorization), manage accounts
Healthcare Operations: Quality improvement, staff training, administrative functions
Appointment Coordination: Schedule sessions, send appointment reminders, follow-up communications
Legal Compliance: Comply with HIPAA, state regulations, and other legal requirements
Website Improvement: Analyze website usage to enhance user experience (anonymized data only)
Marketing Communications: Send newsletters and updates about services (you can opt out anytime)

4. When We May Disclose Your Information

With Your Written Authorization

We will only share your PHI with third parties (e.g., other healthcare providers, family members) with your written consent.

Without Your Authorization (as Required by Law)

Imminent Danger: If you pose a serious threat of harm to yourself or others, we are required to notify authorities and potential victims
Child Abuse/Neglect: Suspected abuse or neglect of children must be reported to Child Protective Services
Elder/Dependent Adult Abuse: Suspected abuse of vulnerable adults must be reported
Court Orders/Subpoenas: We may be required to provide information pursuant to valid legal orders
Law Enforcement: In limited circumstances required by law (e.g., reporting crimes committed on premises)
Health Oversight Activities: Audits, investigations by licensing boards

Business Associates

We share limited PHI with HIPAA-compliant service providers (e.g., billing companies, telehealth platforms, electronic health record systems). All business associates sign agreements ensuring they protect your information.

5. Telehealth Privacy

We use HIPAA-compliant video conferencing platforms (Zoom for Healthcare, Doxy.me) for virtual sessions. These platforms use end-to-end encryption to protect your privacy.

Your Responsibility:

Use a private, secure location for sessions
Use a secure internet connection (avoid public Wi-Fi)
Ensure no one can overhear or view your session
Use headphones if privacy is a concern

6. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to improve functionality and analyze website traffic. Cookies do NOT collect PHI.

Types of Cookies We Use:

Essential Cookies: Required for website functionality (e.g., remembering form inputs)
Analytics Cookies: Collect anonymized data about website usage (Google Analytics)
Marketing Cookies: Used for newsletter signups and marketing campaigns (Mailchimp)

You can control cookies through your browser settings. Disabling cookies may affect website functionality.

7. Your Rights Under HIPAA

You have the following rights regarding your PHI:

Right to Access: Request copies of your medical records
Right to Amend: Request corrections to your records if you believe they are inaccurate
Right to an Accounting: Request a list of certain disclosures of your PHI
Right to Request Restrictions: Request limits on how your PHI is used or disclosed
Right to Confidential Communications: Request communications by alternative means or locations
Right to a Paper Copy: Request a paper copy of this Privacy Policy at any time
Right to Revoke Authorization: Withdraw consent for PHI disclosures (does not affect information already shared)

To exercise your rights, contact us at:

Email: hello@auntieny.com

Phone: (919) 555-0123

Mail: Auntie NY Counseling, [Address], Raleigh, NC [ZIP]

8. Data Retention

We retain your records in accordance with North Carolina law and professional ethics standards:

Clinical Records: Retained for a minimum of 7 years after the last date of service (or longer if required by law)
Minor Records: Retained until the client turns 18, plus 7 years
Billing Records: Retained for 7 years after final payment

After the retention period, records are securely destroyed (shredded for paper, permanent deletion for electronic records).

9. Third-Party Services

We use the following HIPAA-compliant third-party services:

Telehealth: Zoom for Healthcare, Doxy.me
Electronic Health Records: [EHR Platform Name]
Payment Processing: Stripe, Square (HIPAA-compliant)
Email/Communication: Google Workspace (BAA in place)
Website Hosting: Vercel (secure hosting, no PHI stored)
Analytics: Google Analytics (anonymized data only)
Newsletter: Mailchimp (opt-in only, no PHI shared)

All third-party vendors with access to PHI have signed Business Associate Agreements.

10. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will post the updated policy on this page with a new "Last Updated" date.

If we make material changes, we will notify you by email or through a notice on our website. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or have concerns about how your information is handled, please contact us:

Email: hello@auntieny.com

Phone: (919) 555-0123

Mail: Auntie NY Counseling, [Address], Raleigh, NC [ZIP]

File a Complaint: If you believe your privacy rights have been violated, you have the right to file a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights. You will not be retaliated against for filing a complaint.