Notice of Privacy Practicies (HIPAA Compliance)

Your Privacy Rights & Protected Health Information
Last Revised: February 4, 2026

1. INTRODUCTION

This Notice of Privacy Practices describes how Mind-Body-Heart Therapy PLLC, doing business as The Wise Mind Group (“we,” “us,” or “our”), may use and disclose your Protected Health Information (PHI) to carry out treatment, payment, and health care operations, and for other purposes permitted or required by law.

This notice applies specifically to clients receiving Clinical Therapy services (Lane A). While our Coaching services (Lane B) are non-clinical, we maintain high standards of discretion across all business lines.

We are required by federal law to:

  • Maintain the privacy of your Protected Health Information.

  • Provide you with this Notice of our legal duties and privacy practices.

  • Notify you if we are unable to agree to a requested restriction.

2. OUR COMMITMENT TO DISCRETION

We understand that privacy is paramount—especially for high-functioning professionals, executives, and public figures who value complete confidentiality.

Enhanced Privacy via Private Pay: Because we are a private-pay practice and do not bill insurance, your therapy records remain exclusively between you and your clinician. We do not share your diagnosis or session details with insurance databases, employers, or third-party payers unless you specifically authorize us to do so or we are legally compelled to disclose it.

3. WHAT IS PROTECTED HEALTH INFORMATION (PHI)?

PHI refers to individually identifiable health information about you, including:

  • Your past, present, or future mental health condition.

  • Information about the provision of health care services to you.

  • Demographic information (name, address, phone, email).

  • Treatment records, diagnosis codes, and clinical progress notes.

4. HOW WE MAY USE AND DISCLOSE YOUR PHI

The following categories describe the different ways we may use and disclose your PHI without your specific authorization:

A. Treatment We may use and disclose your PHI to provide, coordinate, or manage your mental health care.

  • Example: If we refer you to a psychiatrist for medication management, we may share relevant treatment history to coordinate your care (with your verbal or written consent).

B. Payment We may use and disclose your PHI to process payments for services rendered.

  • Example: Your credit card processor will see the transaction amount and the merchant name ("The Wise Mind Group"), but they will not see clinical notes.

C. Health Care Operations We may use your PHI for our own internal operations, such as quality assessment, legal compliance, and clinical supervision.

  • Example: We may review de-identified case files to ensure our clinical standards remain high.

D. Business Associates We may disclose PHI to trusted third-party vendors who perform services on our behalf (e.g., our Electronic Health Record system, secure email provider, or accountant). All vendors are bound by a Business Associate Agreement (BAA) that legally requires them to protect your data.

5. USES REQUIRING YOUR WRITTEN AUTHORIZATION

For any purpose other than those listed above, we will not use or disclose your PHI without your specific written authorization. The following strictly require your permission:

  • Psychotherapy Notes: We will not release these separate "process notes" without your specific consent.

  • Marketing: We will never use your clinical information for marketing purposes.

  • Sale of Data: We will never sell your PHI.

  • Third Parties: Sharing information with your attorney, spouse, or employer requires a signed Release of Information (ROI).

You may revoke any authorization at any time in writing.

6. EXCEPTIONS: DISCLOSURES WITHOUT AUTHORIZATION

In rare circumstances, federal or state law may require us to disclose your PHI without your consent:

  • To Prevent Serious Threat: If we believe disclosure is necessary to prevent a serious and imminent threat to your health or safety, or the safety of others (e.g., suicidal or homicidal intent).

  • Mandatory Reporting: We are mandated reporters for child abuse, elder abuse, and dependent adult abuse.

  • Legal Orders: If we receive a court order or valid subpoena from a judge.

  • Health Oversight: To licensing boards (e.g., DOPL in Utah or BBS in California) for audits or investigations.

7. YOUR RIGHTS REGARDING YOUR PHI

You have the following rights regarding your health information:

A. Right to Inspect and Copy You have the right to request a copy of your medical and billing records. (Note: This right does not automatically include "Psychotherapy Notes," which are kept separate).

B. Right to Amend If you believe your record is incorrect, you may request an amendment. We may deny the request if the record is accurate, but we will provide a written explanation.

C. Right to Request Restrictions You may ask us strictly not to share information with certain parties. We are not required to agree, but if we do, we must comply.

D. Right to Confidential Communications You may request that we contact you only via a specific method (e.g., "email only, no voicemails").

E. Right to a Paper Copy You may request a physical paper copy of this notice at any time.

8. DATA SECURITY PROTECTIONS

We employ "Sanctuary-Grade" security measures:

  • EHR: We use a HIPAA-compliant, encrypted Electronic Health Record system (Jane/SimplePractice).

  • Communication: All clinical emails are sent via secure, encrypted channels.

  • Video: All telehealth sessions are conducted on HIPAA-compliant video platforms.

  • Access: Access to your file is restricted strictly to your clinician and administrative staff with a "need to know."

9. BREACH NOTIFICATION

In the unlikely event of a breach of your unsecured PHI, we will notify you and the Department of Health and Human Services (HHS) as required by law.

10. COMPLAINTS

If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Secretary of Health and Human Services. You will not be penalized or retaliated against for filing a complaint.

To File a Complaint with Us: Please contact our Privacy Officer at the address below.

To File with HHS: Office for Civil Rights U.S. Department of Health and Human Services 200 Independence Avenue, S.W., Washington, D.C. 20201

11. CONTACT INFORMATION

For questions about this Notice or to exercise your rights:

The Wise Mind Group Privacy Officer: Danielle (Clinical Director) Email: hello@thewisemindgroup.com Address: 6211 S Highland Dr #4021, Holladay, UT 84121

Strategic Partner Review:

This completes your "Legal Trinity" for the footer:

  1. Terms of Service (The "Red Line" Contract)

  2. Privacy Policy (The Website/Marketing Data)

  3. HIPAA Notice (The Clinical Shield)