Client Login
Client Login

Privacy Policy

Privacy Policy

Your Information. Your Rights.
Our Responsibilities.

This notice describes how medical information about you may be used and disclosed and how you can get access to this information.

Please review it carefully.

 

Your Rights

 
When it comes to your health information, you have certain rights.

This section explains your rights and some of our responsibilities to help you.

 
Get a copy of your health and claims records

  • You can ask to see or get a copy of your health and claims records and other health information we have about you. Ask us how to do this.
  • We will provide a copy or a summary of your health and claims records, usually within 30 days of your request. We may charge a reasonable, cost-based fee.
 
Ask us to correct health and claims records
  • You can ask us to correct your health and claims records if you think they are incorrect or incomplete. Ask us how to do this.
  • We may say “no” to your request, but we’ll tell you why in writing within 60 days.
 
Request confidential communications
  • You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.
  • We will consider all reasonable requests, and must say “yes” if you tell us you would be in danger if we do not.
 
Ask us to limit what we use or share
  • You can ask us not to use or share certain health information for treatment, payment, or our operations.
  • We are not required to agree to your request, and we may say “no” if it would affect your care.
 
Get a list of those with whom we’ve shared information
  • You can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why.
  • We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.
 
Get a copy of this privacy notice
  • You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.
 
Choose someone to act for you
  • If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
  • We will make sure the person has this authority and can act for you before we take any action.
 
File a complaint if you feel your rights are violated
  • You can complain if you feel we have violated your rights by contacting us using the information on the back page.
  • You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696- 6775, or visiting www.hhs.gov/ocr/privacy/hipaa/ complaints/. We will not retaliate against you for filing a complaint.

Your Choices

For certain health information, you can tell us your choices about what we share.
  • If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.
 
In these cases, you have both the right and choice to tell us to:
  • Share information with your family, close friends, or others involved in payment for your care
  • Share information in a disaster relief situation
    • If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.
       

In these cases we never share your information unless you give us written permission:

  • Marketing purposes
  • Sale of your information
 

Our Uses and Disclosures

How do we typically use or share your health information?
  • We typically use or share your health information in the following ways.
Help manage the health care treatment you receive
  • We can use your health information and share it with professionals who are treating you.
    Example: A doctor sends us information about your diagnosis and treatment plan so we can arrange additional services.

Run our organization

  • We can use and disclose your information to run our organization and contact you when necessary.
  • We are not allowed to use genetic information to decide whether we will give you coverage and the price of that coverage. This does not apply to long term care plans.
Example: We use health information about you to develop better services for you.
 
Pay for your health services
  • We can use and disclose your health information as we pay for your health services.
    Example: We share information about you with your dental plan to coordinate payment for your dental work.

Administer your plan

  • We may disclose your health information to your health plan sponsor for plan administration.
Example: Your company contracts with us to provide a health plan, and we provide your company with certain statistics to explain the premiums we charge.

 
How else can we use or share your health information?
  • We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research.

We have to meet many conditions in the law before we can share your information for these purposes. 

 
Help with public health and safety issues
  • We can share health information about you for certain situations such as:
    • Preventing disease
    • Helping with product recalls
    • Reporting adverse reactions to medications
    • Reporting suspected abuse, neglect, or domestic violence
    • Preventing or reducing a serious threat to anyone’s health or safety
Do research
  • We can use or share your information for health research.
Comply with the law
  • We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.
Respond to organ and tissue donation requests and work with a medical examiner or funeral director
  • We can share health information about you with organ procurement organizations.
     
  • We can share health information with a coroner, medical examiner, or funeral director when an individual dies.

Address workers’ compensation, law enforcement, and other government requests

  • We can use or share health information about you:
    • For workers’ compensation claims
    • For law enforcement purposes or with a law enforcement official
    • With health oversight agencies for activities authorized by law
    •  For special government functions such as military, national security, and presidential protective services

Respond to lawsuits and legal actions

  • We can share health information about you in response to a court or administrative order, or in response to a subpoena.

 

Our Responsibilities

  • We are required by law to maintain the privacy and security of your protected health information.
  • We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
    • We must follow the duties and privacy practices described in this notice and give you a copy of it
    • We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.

For more information see: www.hhs.gov/ocr/privacy/hipaa/ understanding/consumers/noticepp.html.

 
Changes to the Terms of This Notice We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, on our web site, and we will mail a copy to you.

 

This Notice of Privacy Practices applies to the following organizations.

Security of your account and electronic Patient Health Information (ePHI) is fundamental to us, and we have gone above and beyond the standard security and privacy requirements to protect your data.

At With You & For You, your privacy and treatment experience are our greatest concerns. Nothing is more important to us.  Our online treatment programs utilize state-of-the-art online videoconferencing, Electronic Medical Record and Closed Network communications.  All sessions and communications with our counselors are encrypted for your privacy and are fully HIPPA compliant.  To provide crystal clear sound and video, only HD video is used.

 

Electronic Medical Record HIPPA Compliance

  • The With You & For You always transmits account information securely with multiple layers of encryption.
  • Our servers are housed in a secure facility protected by proximity readers, biometric scanners, and security guards 24 hours a day, 7 days a week, 365 days a year.
  • Bank-level security.
  • Your passwords are encrypted and not accessible to anyone but you.
  • We hack our own site. SimplePractice runs thousands of tests on its own software to ensure security. We scan our ports, test for SQL injection, and protect against cross-site scripting.
  • Our Electronic Medical Record partner, SimplePractice, has received the VeriSign security seal.

Security Technology and Practices

Your sensitive data is hosted in a Tier 1 secure hosting provider specializing in helping healthcare organizations achieve and maintain HIPAA and HITRUST security requirements

  • Web pages and APIs are secured with 128-bit Secure Socket Layer encryption.
  • Our cloud infrastructure uses multi-factor authentication.
  • We use advanced key management and transparent data encryption.
  • Application level monitoring and intrusion protection.
  • HIPAA compliant encryption.
  • HIPAA compliant hosting architecture on enterprise level hardware.
  • HIPAA compliant system architecture with separate web and database environment.
  • Application and Database server isolation.
  • Firewall management.
  • Log retention with detailed audit trail.
  • Managed and secure backup and disaster recovery.
  • Managed patching, version control, and security updates.
  • Credit card transactions processed using secure encryption on a PCI compliant network.

What You Can Do To Keep Your Personal Information Secure

  • Keep your computer and browsers current with the latest software and security updates.
  • Install and update anti-virus software.
  • Use personal firewalls to protect your computer and network.
  • Password protect your home and office computer network.
  • Do not enable automatic login to your SimplePractice.com account.
  • Change your password periodically and avoid using passwords that you use for other accounts.
  • Don’t share your login credentials with anyone.
  • Always make sure you are logged out of your account when you are finished.
  • When using computers that are not your own, make sure you are fully logged out and close the browser.

Video Conferencing HIPPA Compliance

The Health Insurance Portability and Accountability Act (HIPAA) lays out privacy and security standards that protect the confidentiality of patient health information. In terms of video conferencing, the solution and security architecture must provide end-to-end encryption and meeting access controls so data in transit cannot be intercepted.

 

The general requirements of HIPAA Security Standards state that covered entities must:

  • Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity creates, receives, maintains, or transmits.
  • Protect against any reasonably-anticipated threats or hazards to the security or integrity of such information.
  • Protect against any reasonably-anticipated uses or disclosures of such information that are not permitted or required under the privacy regulations.
  • Ensure compliance by its workforce. How the With You & For You video conferencing provider, Zoom, enables HIPAA compliance. Zoom signs the HIPAA Business Associate Agreement (BAA) for our healthcare customers (minimum $200), meaning we are responsible for keeping your patient information secure and reporting security breaches involving personal healthcare information. We do not have access to identifiable health information and we protect and encrypt all audio, video, and screen sharing data. The following table demonstrates how Zoom supports HIPAA compliance based on the HIPAA Security Rule published in the Federal Register on February 20, 2003 (45 CFR Parts 160, 162, and 164 Health Insurance Reform: Security Standards; Final Rule).

HIPAA Standard

How Zoom Supports the Standard

Access Control:

  • Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to authorized persons or software programs.

  • Unique User Identification: Assign a unique name and/or number for identifying and tracking user identity.

  • Emergency Access Procedure: Establish (and implement as needed) procedures for obtaining necessary electronic health information during an emergency.

  • Automatic Logoff: Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.

  • Encryption and Decryption: Implement a mechanism to encrypt and decrypt electronic protected health information.

  • Meeting data transmitted across the network is protected using a unique Advanced Encryption Standard (AES) with a 256-bit key generated and securely distributed to all participants at the start of each session.

  • Multi-layered access control for owner, admin, and members.

  • Web and application access are protected by verified email address and password.

  • Meeting access is password protected.

  • Meetings are not listed publicly.

  • Zoom leverages a redundant and distributed architecture to offer a high level of availability and redundancy. In addition, Zoom regularly performs snapshots of our data and can quickly assist the customer with data restoration and access to
    their data kept in Zoom’s cloud.

  • Meeting host can easily disconnect attendees or terminate sessions in progress.

  • Host can lock a meeting in progress

  • Meeting ends automatically with timeouts.

Audit Controls:

• Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.

  • Meeting connections traverse Zoom’s secured and distributed infrastructure.

  • Meeting connections are logged for audio and quality-of-service purposes.

  • Account admins have secured access to meeting management and reports.
 
 

Integrity:

• Implement policies and procedures
to protect electronic protected health information from improper alteration or destruction.

  • Multi-layer integrity protection is designed to protect both data and service layers.

  • Controls are in place and protect data in- motion and at-rest.

Integrity Mechanism:

  • Mechanism to authenticate electronic protected health information.

  • Implement methods to corroborate that information has not been destroyed or altered.

  • Application executables are digitally signed.

  • Data transmission is protected using HMAC- SHA-256 message authentication codes.

Person or Entity Authentication:

• Verify that the person or entity seeking access is the one claimed.

  • Web and application access are protected by verified email and password.

  • Meeting host must log in to Zoom using a unique email address and account password.

  • Access to desktop or window for screen sharing is under the host’s control.

Transmission Security:

  • Protect electronic health information that is being transmitted over a network.

  • Integrity controls: Ensure that protected health information is not improperly modified without detection.

  • Encryption: Encrypt protected health information.

  • End-to-end data security protects against passive and active attacks on confidentiality.

  • Data transmission is protected using HMAC- SHA-256 message authentication codes.

  • Meeting data transmitted across the network is protected using a unique Advanced Encryption Standard (AES) with a 256-bit key generated and securely distributed to all participants at the start of each session.