Privacy Policy

Effective Date: May 12, 2025

Applies to: All U.S.-based clients, users, contractors, and visitors of Empowered Harmony Counseling, Psychiatry & Wellness Center

Empowered Harmony Counseling, Psychiatry & Wellness Center (“Empowered Harmony,” “we,” “our,” “us”) is committed to safeguarding your privacy and ensuring the security of your personal, medical, and health-related information. This policy explains how we collect, use, protect, and disclose your data and complies with HIPAA, the HITECH Act, 42 CFR Part 2, CCPA, and all applicable federal and state privacy laws.

By engaging with our services or visiting our platforms, you agree to the terms outlined in this Privacy Policy.

1. Who We Are

Empowered Harmony is growing to a nationwide corporation, virtual behavioral health and wellness practice headquartered in Wyoming. We provide therapy, psychiatry, coaching, integrative wellness, and culturally responsive services. Our team includes licensed and pre-licensed providers, psychiatric professionals, administrative support, coaches, and contractors. All professionals adhere to HIPAA and their respective ethical codes and licensing requirements.

2. Scope of This Policy

This policy covers all data collected through our:

• Website, portals, and forms

• Client communications via text, call, email, or video

• Interactions with referral sources, contractors, and third-party platforms

It does not cover external websites linked through our site. Please review those sites’ privacy policies separately.

3. Types of Data We Collect

A. Personal and Demographic Information:

Name, contact details, ID verification, emergency contacts, payment and insurance data.

B. Health and Clinical Information (PHI):

Diagnosis, treatment notes, provider communications, prescriptions, care coordination details.

C. Technical and Usage Data:

Device identifiers, browser data, IP address, referral source, geolocation (approximate).

D. Third-Party Sources:

Insurance payers, referring professionals, EAPs, schools, or courts, only with consent or as legally required.

4. Legal Grounds for Collection

We collect your data:

• With your consent

• To deliver health services

• To comply with legal obligations

• For safety and emergency purposes

• In support of legitimate operational needs

5. How We Use Your Data

We use your data to:

• Provide, coordinate, and document care

• Communicate updates, reminders, and billing

• Improve services and maintain secure systems

• Fulfill legal and ethical obligations

• Conduct de-identified research or supervision (if applicable)

We never use or sell PHI for marketing or advertising without explicit consent.

6. Data Sharing

A. With Authorization:

To coordinate care or provide reports to approved parties.

B. Without Authorization (Legally Permitted):

For court orders, abuse reporting, safety risks, or audits.

C. With Business Associates:

Under strict Business Associate Agreements (BAAs) with vendors such as TherapyNotes, SimplePractice, cloud platforms, billing processors, or credentialing partners.

7. Data Storage and Retention

• Adult records: Retained at least 7 years from last service date

• Minor records: Retained at least 7 years past age 18

• Financial and communication records: Retained per legal and tax requirements

• Data is stored securely with access logs and encryption

8. Your Privacy Rights

You have the right to:

• Access or request copies of your records

• Request amendments or restrictions

• Opt for confidential communication

• Revoke consents

• File privacy complaints without retaliation

Contact: support@empoweredharmony.com

9. Children and Adolescent Privacy

• Clients under 14 require parental consent

• Adolescents may have partial privacy rights depending on state law

• Record access may be limited to parents unless legally mandated

10. Cookie and Web Tracking Policy

We use cookies and analytics tools (e.g., Google Analytics) to improve site functionality and user experience. These tools do not collect PHI. You may disable cookies in your browser settings.

11. Marketing and Communications

We do not send promotional messages without consent. You may opt out at any time via email or the “unsubscribe” link in messages.

12. Security Measures

Our safeguards include:

• Encryption of PHI

• Two-factor authentication (2FA)

• Role-based access controls

• Regular audits and training

• Confidentiality agreements

If a breach occurs, you will be notified within 60 days per HIPAA and the HITECH Act.

13. Client Portals and Third-Party Disclaimers

We use HIPAA-compliant platforms (e.g., SimplePractice, TherapyNotes). Although vendors are carefully selected and contractually bound to confidentiality, we are not liable for vendor-side failures beyond our control.

14. Special Handling of Sensitive Data

Sensitive information such as trauma history, sexual orientation, substance use, and disability status is treated with extra care. Only authorized personnel have access to this data.

15. Use of AI Tools

We may use AI tools (e.g., grammar support, documentation aids) to improve quality and efficiency. These tools never replace clinical decision-making and are used under HIPAA-compliant settings.

16. Minor Rights and Parental Access

Minors may have rights to confidentiality under certain state laws. We follow the most protective law available and only release minor records with proper authorization.

17. Cross-State Compliance

We operate in multiple states and comply with each state’s privacy, telehealth, and minor consent laws. The highest standard is always applied.

18. Business Associate Agreements

We maintain signed BAAs with all vendors and contractors who handle PHI. All third parties must comply with our privacy and security protocols.

19. Subprocessors and Transparency

A list of vendors who process data on our behalf is available upon written request. All subprocessors undergo regular risk and compliance assessments.

20. Termination of Services

Upon ending services, you may request a copy of your records (fees may apply). Records are retained as required by law unless otherwise requested and permitted.

21. Complaints and Violations

If you believe your privacy rights have been violated, contact:

• Empowered Harmony: support@empoweredharmony.com

• HHS Office for Civil Rights: https://www.hhs.gov/hipaa/filing-a-complaint

You will not face retaliation.

Contact Information

Empowered Harmony Counseling, Psychiatry & Wellness Center

Email: support@empoweredharmony.com

22. Privacy Policy

Empowered Harmony Counseling, Psychiatry & Wellness Center (EHC) collects personal and limited technical information to provide care, process billing, and improve services. Information may include your name, contact details, insurance data, and browser information.

Data is used only for treatment, payment, and healthcare operations in accordance with HIPAA. EHC does not sell or rent personal information. Information is shared only with verified business associates who support scheduling, billing, or technology functions under written confidentiality agreements.

EHC applies administrative, technical, and physical safeguards to protect all data. While reasonable measures are in place, no electronic system is entirely risk-free. Clients are encouraged to use the secure patient portal for confidential communication.

Records are stored securely and retained according to HIPAA and state record-keeping laws. Adult records are kept for at least seven years after services end. Minor records are kept for seven years after the client turns eighteen.

If a data breach occurs, EHC will notify affected individuals as required by law.

This website is not intended for minors without verified parental or guardian consent.

Clients may request access to, correction of, or deletion of their information when allowed by law by contacting support@empoweredharmony.com.

Cookies and analytics tools may be used to enhance site performance. You may disable cookies in your browser settings.

EHC may update this Privacy Policy at any time to remain compliant with current laws. The latest version will include a revised effective date. Continued use of services indicates acceptance of these updates.

23. Telehealth Consent

By participating in telehealth sessions, clients consent to receive services through HIPAA-compliant video or phone platforms.

Telehealth offers convenience but may not be suitable for all conditions. Providers will determine whether telehealth is clinically appropriate. Clients must be physically located in a state where the provider holds an active license and must participate from a private, stationary setting.

Sessions may experience technical issues or delays. If a session disconnects, the provider will attempt to reconnect or reschedule.

Telehealth is not intended for emergencies. If you are in crisis, call 911 or 988, or go to the nearest emergency department.

Recording telehealth sessions is not permitted without written consent from both the client and provider.

Driving or operating a vehicle during telehealth sessions is strictly prohibited and will be treated as a late cancellation or no-show.

Clients may withdraw telehealth consent at any time by providing written notice.

Confidentiality during telehealth sessions follows the same standards and limits as in-person services.

Engaging in telehealth services confirms understanding and acceptance of these terms.

24. Communication and Data Disclaimer

Email, text, and website contact forms are for administrative communication only and are not monitored around the clock. They are not suitable for clinical discussion or emergencies.

24.0 Communication and Privacy Protection
Providers may use email, Google Voice, or other HIPAA communication tools. All private health information is shared only through our secure EHR portal to protect your privacy. All confidential communication must take place through Empowered Harmony Counseling’s secure patient portal. Messages sent outside the portal are not HIPAA secure and are not included in the clinical record.

EHC uses encrypted systems and HIPAA-compliant platforms to protect privacy, but electronic communication carries inherent risks. Clients who use unencrypted email or text accept those risks and release EHC from liability for unauthorized access or disclosure.

Non-urgent messages are generally answered within two business days. Messages received after hours, on weekends, or on holidays are handled the next business day.

If you are experiencing an emergency, call 911 or 988, or go to the nearest emergency department.

EHC email, phone, and portal messages are not monitored 24 hours a day, 7 days a week, 365 days a year.

25. Confidentiality and Legal Limits

All information shared with Empowered Harmony Counseling, Psychiatry & Wellness Center (EHC) is confidential and protected under federal and state law.

Confidentiality may only be broken when required by law, including when:
• There is a risk of harm to self or others.
• Abuse, neglect, or exploitation of a child, elder, or vulnerable adult is suspected.
• A valid court order or legal mandate requires disclosure.

Patients may request access to their records or request copies by contacting support@empoweredharmony.com. Records are released only with written authorization or as legally required.

EHC reserves the right to withhold specific details from a record if disclosure could cause harm or compromise safety. In those cases, a written summary may be provided consistent with professional standards.

All disclosures of information are made in good faith, in compliance with HIPAA, ethical codes, and state laws governing mental health and healthcare professionals.

26. Data Retention and Breach Notice

EHC maintains all records in secure, HIPAA-compliant systems. Adult records are retained for at least seven years after services end. Records for minors are retained for seven years after the client turns eighteen.

Records are destroyed securely after the retention period expires. In the event of a breach involving protected health information, EHC will notify affected individuals promptly as required by HIPAA and applicable law.

27. Patient and Client Terminology Disclaimer

Throughout EHC materials, the words “patient” and “client” may be used interchangeably. Both terms refer to any individual who receives therapy, psychiatric services, coaching, or wellness services through Empowered Harmony Counseling, Psychiatry & Wellness Center.

The use of one term over another does not imply a difference in treatment status, care level, or service type. All individuals are treated with equal professionalism, respect, confidentiality, and clinical standards under HIPAA and state law.

28. Scheduling Policies

Appointments require completed intake forms, accurate information, and full payment before the session. Incomplete forms or missed payments result in automatic cancellation.

29. Appointment Reminders

Reminders are sent as a courtesy. Patients are responsible for attending all sessions on time, regardless of whether reminders are received.

30. Payment Deadlines

All payments must process twenty-four (24) hours before the scheduled appointment. Failure to meet this deadline results in cancellation.

31. Late Cancellation Rules

Late cancellations follow the timelines in these Terms. Missed appointments, cancellations inside the required window, or driving during a telehealth session are considered no-shows and subject to applicable fees.

31.0 Refunds, Credits, and Complaints
Requests for refunds or credits must be made in writing within seven (7) days of payment. After this period, no adjustments will be granted.

Patients must submit any service or billing complaints within seven (7) days of the incident or invoice date.
Refund or credit requests for specialty services must also be made within seven (7) days of the original charge. Specialty services must have also been cancelled 72 hours prior to the appointment.

Requests received after this timeframe will not be reviewed or refunded.

32. Device Expectations for Telehealth

Patients must use a stable internet connection and remain in a private, secure environment during telehealth sessions. Technical issues on the patient’s side are the patient’s responsibility.

33. Safety Rules

Driving during a session is strictly prohibited. Patients must remain in a safe, stationary, and private setting. Providers may end a session immediately if safety standards are not met.

34. Documentation Requests

All requests for letters, forms, or other documentation must include full details and prepayment. Providers begin work only after payment is received. New or revised documents require a new payment. Additional edits beyond the initial scope incur additional fees.

35. Emotional Support Animal (ESA) Requirements

ESA letters require at least three completed sessions with a licensed provider and a comprehensive clinical assessment. Letters are provided only when clinically appropriate and supported by documentation.

36. Medication Expectations

Medication refills require consistent attendance and adherence to treatment. Missed sessions may delay or suspend medication refills at the provider’s discretion.

37. Session Conduct

Patients must engage respectfully with providers and staff. Harassment, threats, or disruptive behavior result in immediate termination of services.

38. Discharge Policy

Patients may be discharged for safety issues, repeated no-shows, late cancellations, inappropriate conduct, or nonpayment. Referrals may be provided when clinically appropriate.

39. Communication Rules

Email and text messages are limited to general administrative questions. All clinical or confidential communication must occur through the secure patient portal. Messages sent through unencrypted channels are not considered confidential.

40. Form Completion Rules

Providers complete documentation only when clinically indicated. Not all forms can or will be completed. Requests are denied if the form is not clinically supported or if it is outside the provider’s professional scope.

41. Attendance and Engagement Requirements

Patients must participate consistently in scheduled sessions. Frequent cancellations, absences, or lack of engagement may result in administrative discharge or paused documentation and medication requests.

42. Technical Support and Backup Communication

Patients are responsible for ensuring their device, camera, microphone, and internet connection function before each session. If a session disconnects, the provider will attempt to reconnect once before ending the session. Missed sessions due to patient-side issues are subject to the no-show policy.

43. Provider Response Time

Providers and administrative staff respond to portal or email messages within two business days. Messages received after hours, on weekends, or on holidays are handled on the next business day.

44. Confidentiality for Technology Use

While Empowered Harmony Counseling, Psychiatry & Wellness Center (EHC) uses encrypted and HIPAA-compliant systems, electronic communication carries some risk. Patients who use unencrypted email or text accept responsibility for those risks and release EHC from liability for unauthorized access or disclosure.

45. Terminology Disclaimer

The term “patient” is used consistently throughout EHC materials to refer to any individual receiving therapy, psychiatry, coaching, or wellness care. All patients are treated with equal professionalism, respect, confidentiality, and clinical standards.

46. Policy Updates Clause

EHC may revise policies as needed to maintain legal compliance and operational integrity. The most recent version will always appear on the official website. Continued use of services signifies acceptance of updates.

EHC shall not be held liable for delays, outages, or interruptions caused by factors beyond its control, including illness, power or internet failure, or natural disaster.

© 2025 Empowered Harmony Counseling, Psychiatry & Wellness Center™. All rights reserved.
All materials, including text, graphics, forms, digital content, videos, and documentation created by or for Empowered Harmony Counseling, Psychiatry & Wellness Center™, are the exclusive property of the company.

No portion may be copied, distributed, reproduced, modified, or used for commercial purposes without prior written permission from Empowered Harmony Counseling, Psychiatry & Wellness Center™.

Workforce and Professional Privacy Notice

Empowered Harmony Counseling, Psychiatry & Wellness Center

Effective Date

March 20, 2025

Whom This Notice Applies To

This Workforce Privacy Notice applies to individuals who interact with Empowered Harmony Counseling, Psychiatry & Wellness Center in a professional or work-related capacity. This includes job applicants, employees, independent contractors, clinicians, interns, volunteers, consultants, and temporary workers.

Purpose of This Notice

This notice explains how we collect, use, store, and protect personal information related to workforce members. It also explains your rights regarding that information.

Information We Collect

We collect only information that is reasonably necessary to recruit, engage, manage, pay, and support our workforce, and to meet legal and regulatory requirements.

This may include:

• Identification and contact information such as name, address, email, phone number, and emergency contact

• Professional and employment information such as resume, credentials, licenses, education, work history, references, and onboarding documents

• Compensation and payment information, such as tax forms, payment preferences, and invoices

• Compliance-related information, such as background checks, professional discipline history when required, and credentialing records

• Technology and access to information such as login credentials, system access logs, and business email communications related to work

• Voluntary demographic information is provided for equal opportunity or reporting purposes

We do not collect genetic data. We do not sell workforce data. We do not collect personal data unrelated to legitimate business needs.

How We Collect Information

We collect information through:

• Applications, resumes, and onboarding forms you submit

• Direct communication such as email, secure portals, and video conferencing

• Third parties such as credentialing services, background check vendors, and payroll processors, when applicable and legally permitted

• Use of EHC systems and platforms for business purposes

How We Use Workforce Information

We use workforce information to:

• Evaluate applications and make hiring or contracting decisions

• Verify credentials, licensure, and eligibility to work

• Manage onboarding, scheduling, supervision, and performance

• Process compensation, billing support, and tax reporting

• Meet healthcare, employment, licensing, and regulatory obligations

• Maintain system security and protect organizational integrity

• Investigate complaints, incidents, or compliance concerns when required

We do not use workforce data for advertising. We do not use workforce data for unrelated analytics.

Sharing of Information

We share workforce information only when necessary and only with appropriate safeguards.

This may include:

• Payroll providers and payment processors

• Credentialing, compliance, and background check vendors

• EHR, scheduling, and secure communication platforms

• Legal, regulatory, or licensing authorities when required by law

• Auditors or professional advisors bound by confidentiality

We do not sell workforce information. We do not share workforce information for marketing purposes.

Confidentiality and Security

We use reasonable administrative, technical, and organizational safeguards to protect workforce information. Access is limited to individuals who need the information to perform legitimate job functions.

No system is completely secure. We take data protection seriously and review safeguards regularly.

Data Retention

We retain workforce information only for as long as necessary to meet business, legal, licensing, tax, and regulatory requirements. Records are securely stored and disposed of when no longer required.

Your Rights

Depending on your location and role, you may have the right to:

• Request access to your personal information

• Request correction of inaccurate information

• Request deletion where legally permitted

• Ask questions about how your information is used

Requests may be limited where retention is required by law or professional regulation.

Questions or Concerns

If you have questions about this Workforce Privacy Notice or how your information is handled, contact:

Empowered Harmony Counseling, Psychiatry & Wellness Center

Email: HR@empoweredhamony.com

Internal Placement Recommendation

Place this policy might be found in the future:

• Provider onboarding packets

• Contractor agreements as an incorporated reference

• Internal compliance folder

• Website footer under Workforce Privacy or Careers

Policy Updates Clause

EHC shall not be held liable for delays, outages, or interruptions caused by factors beyond its control, including illness, power or internet failure, or natural disaster.

No portion may be copied, distributed, reproduced, modified, or used for commercial purposes without prior written permission from Empowered Harmony Counseling, Psychiatry & Wellness Center™.