Privacy Policy

Body & Mind Telehealth LLC (“Body & Mind,” “we,” “us,” or “our”) is committed to protecting the privacy and confidentiality of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website bodymindtelehealth.com and use our telehealth services.

This Privacy Policy should be read in conjunction with our separate HIPAA Notice of Privacy Practices, which provides additional detail about how we handle your protected health information (PHI).

By using our services, you consent to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Personal Information

We collect personal information that you voluntarily provide to us, including:

• Full name
• Date of birth
• Address and state of residence
• Email address
• Phone number
• Emergency contact information
• Government-issued identification (for identity verification purposes)

1.2 Protected Health Information (PHI)

As a healthcare provider, we collect health information necessary for your treatment, including:

• Medical history
• Mental health history
• Current symptoms and concerns
• Medication information
• Treatment notes and clinical assessments
• Insurance information
• Payment and billing records
• Laboratory or diagnostic results (when applicable)

1.3 Technical Information

When you visit our website, we may automatically collect:

• IP address
• Browser type and version
• Device information
• Operating system
• Pages visited and time spent on our site
• Referring website addresses
• Cookies and similar tracking technologies

1.4 Communication Records

We maintain records of:

• Appointment scheduling communications
• Email correspondence
• Phone call logs
• Video session recordings (only when required for clinical documentation or with your explicit consent)
• Patient portal interactions

2. How We Use Your Information

2.1 Treatment, Payment, and Healthcare Operations

We use your information for:

• Treatment: Providing psychiatric evaluations, medication management, and psychotherapy services
• Payment: Processing insurance claims, billing, and collecting payment
• Healthcare Operations: Quality improvement, staff training, administrative functions, and compliance activities

We follow the “minimum necessary” standard, accessing only the information needed to accomplish the specific purpose.

2.2 Communication

We may use your contact information to:

• Send appointment reminders
• Provide treatment-related information
• Notify you of policy changes
• Respond to your inquiries
• Send administrative communications
• Conduct appointment follow-ups

2.3 Legal Compliance

We use and disclose information as required by:

• Federal and state laws
• Court orders or subpoenas
• Regulatory agencies and accrediting organizations

3. Telehealth-Specific Privacy Practices

3.1 Identity Verification

Prior to each telehealth session, we verify your identity through:

• Visual verification via video
• Confirmation of date of birth and other personal identifiers
• Secure patient portal authentication
• Multi-factor authentication when available

3.2 Telehealth Platform Security

All telehealth sessions are conducted using HIPAA-compliant platforms that provide:

• End-to-end encryption (AES 256-bit encryption or higher)
• Secure data transmission (TLS 1.2 or higher)
• Access controls and authentication
• Automatic session timeouts
• Secure cloud storage with encryption at rest

3.3 Audio-Only Telehealth

When video services are not available or appropriate, we may provide audio-only telehealth services via telephone. The same privacy protections and documentation standards apply to phone sessions.

3.4 Session Recording

Video or audio sessions are NOT routinely recorded. Recording will only occur:

• When clinically necessary for documentation
• With your explicit written consent
• In compliance with Florida law

You will be notified prior to any recording.

3.5 Location Requirements

For compliance with Florida telehealth regulations, we verify that you are physically located in Florida at the time of each telehealth service.

4. How We Share Your Information

4.1 Your Authorization

We will not share your protected health information without your written authorization, except as described below or as permitted by law.

4.2 Required or Permitted Disclosures

We may disclose your information without your authorization in the following circumstances:

a) Threat to Health or Safety

When we believe disclosure is necessary to prevent or lessen a serious and imminent threat to your health or safety or that of another person or the public.

b) Mandated Reporting

When required by law to report:

• Child abuse or neglect (Florida Statute § 39.201)
• Elder abuse or neglect (Florida Statute § 415.1034)
• Abuse of vulnerable adults (Florida Statute § 415.1034)
• Domestic violence (in certain circumstances)

c) Legal Proceedings

When required by:

• Court orders
• Subpoenas (with proper legal authorization)
• Law enforcement requests in specific situations (e.g., identification purposes, crime victims, suspicious deaths)
• Legal or administrative proceedings

d) Public Health Activities

For public health purposes, including:

• Reporting communicable diseases
• FDA-regulated product safety monitoring
• Public health investigations
• Vital statistics reporting

e) Health Oversight Activities

To health oversight agencies for:

• Audits and investigations
• Licensure actions
• Government benefit program oversight
• Compliance monitoring

f) Workers’ Compensation

When required for workers’ compensation or similar programs.

g) Coroners, Medical Examiners, and Funeral Directors

When necessary for death investigations or funeral arrangements.

h) Research

For research purposes only with your authorization or when an Institutional Review Board has approved a waiver of authorization.

4.3 Business Associates

We may share your information with third-party service providers (“Business Associates”) who perform services on our behalf, including:

• Electronic health record (EHR) vendors
• Telehealth platform providers (video conferencing services)
• Billing and claims processing services
• IT support and security services
• Cloud storage providers
• Practice management software vendors
• Credit card processing services

All Business Associates are contractually required through signed Business Associate Agreements (BAAs) to:

• Protect your information using appropriate safeguards
• Use your information only as authorized
• Report any breaches or security incidents
• Comply with HIPAA requirements

4.4 Insurance Companies

We share necessary information with your health insurance company for:

• Eligibility verification
• Prior authorization requests
• Claims submission and payment processing
• Coordination of benefits

We limit disclosures to the minimum necessary information required.

4.5 Treatment Coordination

With your authorization, we may share information with:

• Other healthcare providers involved in your care
• Family members or caregivers you designate
• Pharmacies for prescription fulfillment

5. Your Privacy Rights

5.1 Right to Access

You have the right to:

• Inspect and obtain copies of your health records
• Request records in electronic format when possible (within 30 days of request)
• Direct us to send copies to a third party you designate
• Receive one free copy of your records per year

Fees may apply for: additional copies, postage, or preparation of summaries.

5.2 Right to Request Amendments

You may request corrections to your health information if you believe it is incorrect or incomplete. We will respond within 60 days and may accept or deny your request with explanation.

5.3 Right to an Accounting of Disclosures

You may request a list of certain disclosures we have made of your health information in the past six years (or shorter period if you request). The first accounting in a 12-month period is free.

5.4 Right to Request Restrictions

You may request limitations on how we use or disclose your health information. While we will consider your request, we are not required to agree to it except in specific circumstances:

• We must agree if you request restriction of disclosure to a health plan for payment purposes when you have paid out-of-pocket in full
• You may request confidential communications

5.5 Right to Confidential Communications

You may request that we communicate with you in a specific way or at a specific location to protect your privacy (e.g., call only your cell phone, send mail to alternate address).

5.6 Right to Revoke Authorization

You may revoke any authorization you have given us to use or disclose your information, except where we have already acted in reliance on your authorization.

5.7 Right to a Paper Copy

You have the right to receive a paper copy of this Privacy Policy and our HIPAA Notice of Privacy Practices at any time.

5.8 Right to Notification of Breach

You have the right to be notified in the event of a breach of your unsecured protected health information.

To exercise any of these rights, please contact us using the information at the end of this document.

6. Data Security

6.1 Administrative Safeguards

• Written privacy and security policies and procedures
• Designated Privacy Officer and Security Officer
• Workforce training on HIPAA and privacy practices
• Access controls limiting who can view your information
• Regular privacy and security audits
• Incident response and breach notification procedures

6.2 Technical Safeguards

• HIPAA-compliant telehealth platforms with end-to-end encryption
• Secure electronic health record systems with audit logs
• Password protection and multi-factor authentication
• Automatic logoff features
• Encryption for data in transit (TLS 1.2 or higher) and at rest (AES 256-bit)
• Regular software updates and security patches
• Firewall and intrusion detection systems
• Malware and antivirus protection

6.3 Physical Safeguards

• Secure facility access controls
• Locked storage for physical records
• Secure disposal of documents (shredding)
• Workstation privacy screens
• Visitor access controls

6.4 Data Retention

We retain your health information for a minimum of seven (7) years from the date of last service, or longer as required by:

• Florida Statute § 456.057 (medical records retention)
• Professional liability insurance requirements
• DEA requirements for controlled substance records (2-7 years)
• Minors’ records (until age 25 or 7 years, whichever is longer)

6.5 Data Breach Notification

In the event of a breach of your unsecured protected health information, we will:

• Notify you within 60 days of discovery
• Notify the Secretary of the U.S. Department of Health and Human Services
• Notify prominent media outlets if breach affects 500+ individuals in Florida
• Provide information about the breach, steps you can take, and our response

7. Cookies and Tracking Technologies

7.1 Use of Cookies

Our website may use cookies and similar technologies to:

• Remember your preferences and settings
• Understand how you use our site
• Improve website functionality and user experience
• Analyze site traffic and usage patterns
• Maintain security and prevent fraud

7.2 Types of Cookies We Use

• Essential Cookies: Required for website operation (session management, security)
• Performance Cookies: Track how visitors use our site (analytics)
• Functional Cookies: Remember your preferences
• Targeting Cookies: May be used for marketing (only with consent)

7.3 Your Cookie Choices

Most web browsers automatically accept cookies, but you can modify your browser settings to:

• Block all cookies
• Accept only first-party cookies
• Receive notification before cookies are stored
• Delete existing cookies

Note: Disabling cookies may affect your ability to use certain features of our website, including appointment scheduling.

7.4 Third-Party Analytics

We may use third-party analytics services (such as Google Analytics) to understand website usage. These services may collect information using cookies and similar technologies. We have implemented:

• IP address anonymization
• Data sharing restrictions
• Privacy-friendly configurations

You can opt-out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

7.5 Do Not Track Signals

Our website does not currently respond to “Do Not Track” browser signals, but we respect your privacy choices through cookie settings.

8. Children’s Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors without parental consent. If we become aware that we have collected information from a minor without proper authorization, we will take steps to delete that information promptly.

9. Third-Party Websites

Our website may contain links to third-party websites for your convenience and information. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

Third-party services we may link to:

• Insurance company websites
• Patient education resources
• Crisis support services
• Payment processors

10. State-Specific Privacy Protections

10.1 Florida Law

In addition to federal HIPAA protections, Florida law provides additional privacy protections for mental health records. We comply with all applicable Florida statutes, including:

• Florida Statute § 394.4615 – Mental health and substance abuse records confidentiality
• Florida Statute § 456.057 – Medical records confidentiality and retention
• Florida Statute Chapter 456.47 – Telehealth standards of practice
• Florida Statute § 456.0575 – Telemedicine and remote patient monitoring

10.2 Interstate Telehealth

Our providers are licensed to practice in Florida only. We do not provide services to individuals located outside of Florida at the time of service.

10.3 Additional Florida Protections

Florida law provides enhanced protections for:

• HIV/AIDS-related information
• Mental health and substance abuse treatment records
• Genetic testing information
• Reproductive health information

11. California Privacy Rights

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). However, health information regulated by HIPAA is generally exempt from CCPA/CPRA requirements.

For non-PHI covered by CCPA, California residents have rights to:

• Know what personal information is collected
• Request deletion of personal information
• Opt-out of sale of personal information (we do not sell personal information)
• Non-discrimination for exercising privacy rights

12. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Changes will be effective immediately upon posting to bodymindtelehealth.com. The “Last Updated” date at the top of this document indicates when changes were last made.

Material changes will be communicated to you via:

• Email notification to the address on file
• Prominent notice on our website
• Notice during your next appointment
• Revised Notice of Privacy Practices when required by law

Your continued use of our services after changes are posted constitutes acceptance of the revised Privacy Policy. We will obtain your consent for material changes that affect how we use or disclose your PHI in ways not previously authorized.

13. Contact Information

Questions or Concerns

If you have questions about this Privacy Policy or our privacy practices, please contact:

Privacy Officer
Body & Mind Telehealth LLC
📧 Email: [email protected]
🌐 Website: www.bodymindtelehealth.com
📍 Location: Florida, USA

Response Time: We will respond to privacy inquiries within 10 business days.

Filing a Complaint

If you believe your privacy rights have been violated, you may:

1. File a complaint with us:
   Contact our Privacy Officer using the information above. We will:

• Investigate your complaint promptly
• Respond within 30 days
• Take corrective action if warranted
• Not retaliate against you in any way

2. File a complaint with the U.S. Department of Health and Human Services:
   Office for Civil Rights
   U.S. Department of Health and Human Services
   200 Independence Avenue, S.W.
   Washington, D.C. 20201
   Phone: 1-877-696-6775
   Website: www.hhs.gov/ocr/privacy/hipaa/complaints
   Email: [email protected]

Complaints must be filed within 180 days of the alleged violation.

3. File a complaint with the Florida Department of Health:
   Florida Department of Health
   Division of Medical Quality Assurance
   4052 Bald Cypress Way, Bin C-75
   Tallahassee, FL 32399-3275
   Phone: 850-245-4474
   Website: www.flhealthcomplaint.gov

You will not be retaliated against for filing a complaint.

14. Consent and Acknowledgment

By using our services, you acknowledge that:

• You have read and understood this Privacy Policy
• You consent to the collection, use, and disclosure of your information as described
• You understand your privacy rights under HIPAA and Florida law
• You have been offered a copy of our HIPAA Notice of Privacy Practices
• You may revoke consent at any time (with limitations as described)

15. Legal and Regulatory Framework

This Privacy Policy is designed to comply with:

• Health Insurance Portability and Accountability Act (HIPAA)
• HIPAA Privacy Rule (45 CFR Part 160 and Part 164, Subparts A and E)
• HIPAA Security Rule (45 CFR Part 164, Subpart C)
• HIPAA Breach Notification Rule (45 CFR §§ 164.400-414)
• HITECH Act provisions
• Florida Statutes related to healthcare privacy and telehealth
• Other applicable federal and state regulations

“Where your wellness is a priority.”

This Privacy Policy is intended to comply with the Health Insurance Portability and Accountability Act (HIPAA), Florida state law, and other applicable privacy regulations. For more detailed information about how we handle your protected health information, please request a copy of our HIPAA Notice of Privacy Practices