Privacy Policy

Introduction

Steady Wellness Therapy, operated by Kate Steadman, LCPC ("we," "our," or "us"), is committed to protecting your privacy and maintaining the confidentiality of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our telehealth therapy services and visit our website.

By using our services, you consent to the practices described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

Information We Collect

Personal Information

We may collect the following types of personal information:

• Contact Information: Name, email address, phone number, and mailing address
• Demographic Information: Date of birth, gender identity, emergency contact information
• Insurance Information: Insurance provider details, policy numbers, and billing information
• Payment Information: Credit card details, billing address (processed securely through third-party payment processors)

Protected Health Information (PHI)

As a healthcare provider, we collect and maintain Protected Health Information (PHI) as defined by HIPAA, including:

• Clinical assessments, diagnoses, and treatment plans
• Session notes and therapeutic progress documentation
• Mental health history and current symptoms
• Medication information and medical history relevant to treatment
• Communication records related to your care

Technical Information

We automatically collect certain technical information when you access our website or telehealth platform:

• IP address, browser type, and device information
• Usage data, including pages visited and time spent on our site
• Cookies and similar tracking technologies (see our Cookie Policy)

How We Use Your Information

We use your information for the following purposes:

• Treatment: To provide mental health counseling, develop treatment plans, and coordinate care
• Payment: To process payments, submit insurance claims, and maintain billing records
• Healthcare Operations: To improve our services, conduct quality assessments, and ensure compliance with regulations
• Communication: To schedule appointments, send appointment reminders, and respond to your inquiries
• Legal Obligations: To comply with applicable laws, regulations, and professional standards
• Safety and Crisis Intervention: To prevent imminent harm to you or others when legally required or permitted

HIPAA Compliance

As a covered entity under the Health Insurance Portability and Accountability Act (HIPAA), we maintain strict safeguards to protect your Protected Health Information. We comply with all applicable HIPAA Privacy and Security Rules, including:

• Implementing appropriate administrative, physical, and technical safeguards
• Limiting access to PHI to authorized personnel only
• Training staff on privacy and security requirements
• Maintaining Business Associate Agreements with third-party service providers
• Providing you with a Notice of Privacy Practices as required by HIPAA

For a complete description of your rights under HIPAA, please request a copy of our Notice of Privacy Practices.

A2P Messaging and Communications

Text Message Communications

We may send Application-to-Person (A2P) text messages for appointment reminders, administrative notifications, and practice updates. By providing your mobile phone number, you consent to receive these messages.

Important Information About Text Messaging:

• Opt-In: You must explicitly consent to receive text messages from us
• Message Frequency: Message frequency varies based on your appointments and administrative needs
• Standard Rates: Message and data rates may apply based on your mobile carrier's plan
• Opt-Out: You may opt out at any time by replying "STOP" to any text message or contacting us directly
• Help: For assistance, reply "HELP" to any message or contact us at 240-554-5911
• Privacy: Text messages may not be secure. Do not send sensitive health information via text

Email Communications

We use email for administrative purposes, appointment confirmations, and general communications. Please be aware that standard email is not a secure form of communication. We recommend not including sensitive personal or health information in regular email messages. For secure communication of sensitive information, we use encrypted platforms or our secure patient portal.

Data Security

We implement comprehensive security measures to protect your information from unauthorized access, use, disclosure, alteration, or destruction:

• Encryption: Data is encrypted in transit and at rest using industry-standard protocols
• Access Controls: Strict authentication and authorization procedures limit access to authorized personnel
• Secure Platforms: We use HIPAA-compliant telehealth and electronic health record systems
• Regular Audits: We conduct regular security assessments and updates
• Staff Training: All personnel receive ongoing privacy and security training
• Incident Response: We maintain procedures for detecting, responding to, and reporting security incidents

While we take every reasonable precaution to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your information using current best practices.

Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:

With Your Consent

We may share your information with third parties when you provide explicit written authorization, such as sharing records with another healthcare provider or your insurance company.

For Treatment, Payment, and Healthcare Operations

We may share PHI without your authorization for:

• Coordination of care with other healthcare providers involved in your treatment
• Processing insurance claims and payment activities
• Quality improvement and healthcare operations

Business Associates

We work with third-party service providers (Business Associates) who assist with our operations, such as telehealth platforms, electronic health records systems, billing services, and payment processors. These Business Associates are contractually obligated to protect your information and use it only for the purposes we specify.

Legal Requirements

We may disclose information when required or permitted by law, including:

• In response to court orders, subpoenas, or other legal processes
• To report suspected child abuse, elder abuse, or dependent adult abuse
• To prevent serious threat to health or safety when disclosure is necessary
• For public health activities, such as reporting communicable diseases
• To comply with workers' compensation laws
• For law enforcement purposes as required by law

Your Rights

You have the following rights regarding your personal and health information:

• Right to Access: You may request access to your health records and receive a copy
• Right to Amendment: You may request corrections to your health information if you believe it is inaccurate or incomplete
• Right to Accounting: You may request a list of certain disclosures we have made of your health information
• Right to Restriction: You may request restrictions on how we use or disclose your information (though we are not required to agree to all requests)
• Right to Confidential Communications: You may request to receive communications in a specific way or at a specific location
• Right to Revoke Consent: You may revoke any authorization you have given us, except to the extent we have already acted on your authorization
• Right to File a Complaint: You may file a complaint with us or with the U.S. Department of Health and Human Services if you believe your privacy rights have been violated

To exercise any of these rights, please contact us using the information provided at the end of this policy.

Data Retention

We retain your health records and personal information in accordance with state and federal laws, professional ethical standards, and business requirements. Generally, adult mental health records are retained for a minimum of seven years after the last date of service, or longer as required by law. Records for minors are retained until they reach the age of majority plus the required retention period.

Children's Privacy

Our services may be provided to minors under the supervision of a parent or legal guardian. When treating minors, we obtain appropriate consent from parents or guardians as required by law. We protect the privacy of minors in accordance with applicable laws and professional ethical standards, while also recognizing that certain confidentiality protections may apply directly to minor clients depending on their age and the nature of services.

Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. We will notify you of any material changes by posting the updated policy on our website with a new "Last Updated" date. If changes significantly affect how we use or disclose PHI, we will provide direct notice as required by law. Your continued use of our services after changes are posted constitutes your acceptance of the revised policy.

Contact Us

If you have questions or concerns about this Privacy Policy, wish to exercise your privacy rights, or want to file a complaint, please contact us:

You also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your privacy rights have been violated: