Notice of Privacy Practices for Protected Health Information (PHI)
This Notice of Privacy Practices describes how we may use and disclose your protected health information (PHI) to carry out treatment, payment, or health care operations and for other purposes that are permitted or required by law. It also describes your rights to access and protect your health information. “Protected Health Information” or “PHI” is information about you, including demographic information, that may identify you and that relates to your past, present or future physical or mental health or condition and related health care services. We are required to abide by the terms of this Notice of Privacy Practices. We may change the terms of this Notice at any time.
Our Promise to You. Safety and Security.
Your privacy is extremely important to us. We are constantly putting a great deal of thought, effort, tools, resources, and procedures in place in order to protect and safeguard your privacy. We employ administrative, physical, and technical measures designed to safeguard and protect information under our control from unauthorized access, use, and disclosure. At BEPRESENT LLC, we utilize HIPAA compliant, end-to-end encryption, and 256 SSL software when providing professional and counseling services. The platform includes, without limitation, the following services (collectively, the “Services”): (a) the facilitation of electronic or telephonic communications with Treatment Providers, (b) the provision of appointment scheduling and reminders, payment submission and processing, and other services related to online counseling and therapy for both our registered users and Treatment Providers, and (c) the provision of other information about BEPRESENT LLC and our products and services through our site. When we collect, maintain, access, use, or disclose your Personal Information, we will do so using a software and processes consistent with information privacy and security requirements under applicable federal and state laws, including, without limitation, HIPAA. All electronic PHI will be encrypted when stored or transmitted. The Platform uses secure servers that we will back up regularly, encrypting backed up data in transit and at rest. If information is breached, we will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your Personal Information, including, without limitation, breaches of your unencrypted electronically stored “personal information” (including but not limited to PHI or “medical information” (as defined in applicable state statutes on security breach notification)). To the extent permitted by applicable laws, we will make such disclosures to you via email or conspicuous posting on the Services in the most expedient time possible and without unreasonable delay, insofar as consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
Information Collection and Use
To let us operate the Platform effectively and to let you use the Platform, including the Therapeutic Services, we may have to collect your personally identifiable information (such as, but not limited to, your name, phone number, email address, and address), billing and payment information, profile information, log data (information such as your computer, Internet Protocol address (“IP”), other demographics, information related to the Counselor Services or your need for Counselor Services, questionnaires and any information which is exchanged between you and your Counselor (collectively the “Information”). In some cases, some of the Information that you give to us is considered health related data and will be stored in our Electronic Medical Record system (EMR). Other information that will be stored in our EMR system includes clinical notes from therapeutic sessions or interactions with the Provider.
Some of the Personal Information we collect from you is unrelated to your receipt of counseling and therapy services through the Platform. The collection of Personal Information also enables our clients to establish a user account and profile that can be used to interact with Treatment Providers and other users through the Platform. We only collect Personal Information we consider important to achieve that goal. Examples of how we may use your Personal Information include, but are not limited to, the following:
To create your account on our Platform and let you log in to your account and use the Platform.
To provide, support, personalize, and develop our Platform and Counselor Services
To manage your account, provide you with customer support, and ensure you are receiving quality service.
To contact you or provide you with information, administrative messages or reminders, questionnaires, or other information that are related to the Platform or therapeutic related services.
Provide you with further information and offers from us that we believe you may find useful or interesting.
For billing-related purposes such as but not limited to Resolve service and billing problems, create invoices, bill any amounts due from you, receipt of payment, etc.
To match you with a Counselor.
To supervise, administer and monitor the service.
To measure and improve the quality, the effectiveness and the delivery of our services.
Troubleshoot technical problems
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
To comply with applicable state and federal laws, including, but not limited to laws related to protecting client and public health and safety
Detect and protect us against error, fraud, and other criminal activity
Enforce our Terms and Conditions
For research and development: We are always looking for ways to make our Services smarter, secure, integrated and useful to you. We use collective learnings about how people use our Services and feedback provided to us to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Services; to analyze and improve our Site and/or Services (including developing new products and services); improving safety; managing our communications; analyzing our products; performing market research; for peer-reviewed and non-peer-reviewed clinical research; and performing data analytics. For example, we might use your scores on your PHQ-9, GAD-7, or other questionnaires to measure the efficacy of our Services. It is important to note that we will not identify you in any way when analyzing these numbers. We may apply these learnings across all our Services to improve and develop similar features or to better integrate the Services you use. We also test and analyze certain new products, workflows, and user experiences with some users before rolling them out to all users.
Although our email is HIPAA compliant and counts with encryption features, please keep in mind that communications over the internet are not 100% secure. Although it is unlikely, there is a possibility that information you include in an email can be intercepted and read by other parties besides the person to whom it is addressed (e.g if sent to the wrong recipient). Please do not include personal identifying information such as your birth date, or personal medical information in any emails you send to us. Communication via email or secure messaging cannot replace the relationship you have with your therapist. Treatment is most effective when clinical discussions occur at your regularly scheduled sessions. By using email to communicate with us, you are acknowledging and assuming the risk associated with this communication method. You are agreeing to allow BEPRESENT LLC to send an email to that provided email address for any issue regarding our Services.
Messages and Transactions.
Comments or questions sent to us using Secure Messaging in our Platform form will be viewed only by permitted users or Provider. We will archive your messages once we have made our best effort to provide you with a complete and satisfactory response. When you use Secure Messaging to interact directly with Providers, some information you provide may be documented in your medical record or other appropriate treatment record, and available for use to guide your treatment as a patient.
Information Sharing and Disclosure.
We will not rent, sell, or share Personal Information about you with other people or nonaffiliated companies except to provide the Services, when we otherwise have your permission, or under the following circumstances:
Providers. When you use the Platform to access mental health services, you will be sharing your Personal Information with a Provider. By using the Services and Platform, you expressly consent to sharing your Personal Health Information with your Provider, and you understand that all information shared with your Provider is subject to your Provider’s professional and legal duties of confidentiality and responsibility, which BEPRESENT LLC does not control.
Group Sessions. If you enter a group session, any information you provide during the session, which could include messages, video, and audio, will be shared with the other group participants.
User Profiles. User profile information, including your name, location, and other information you enter in your profile, may be displayed to your Providers to facilitate user interaction with the Platform.
Aggregate Information and Non-Identifying Information. We may share aggregated information that does not include Personal Information and we may otherwise disclose non-identifying Information and Log Data with third parties for industry analysis, demographic profiling, research analysis, and other purposes. Any aggregated information shared in these contexts will NOT contain your Personal Information.
Please note that we may need to retain certain information for record keeping purposes or comply with laws surrounding record keeping. There may also be residual information that will remain within our databases and other records, which, irrespective of any efforts by us to delete information, will not be remove from our Services and Platform. Finally, we are not responsible for removing information from the databases of third parties with whom we have already shared Personal Information about you.
Changing or Deleting Your Information.
You may review, update, correct or delete some portions of your Personal Information in your registration profile by making the appropriate modifications in your user account settings or by contacting us at firstname.lastname@example.org. Some Personal Information, such as your answers to online assessments, may not be updateable or deleted once submitted. If you delete certain information required to receive Services, such as a credit card on file, then you may no longer be able to receive Services and your account may be deactivated. If you would like us to remove your records from our system, please contact us and we will attempt to accommodate your request if we do not have any legal obligation to retain the records.
Every one of our employees, whose job might allow them to come into contact with your Personal Information has completed HIPAA training and job-specific training on how to protect and respect your Personal Information, including your PHI through our Services and Platform. We have clear policies in place in the event of a privacy or security concern regarding your Personal Information, so we can react quickly and resolve the issue appropriately. We will limit access to your Personal Information to personnel who have a need to know it for purposes of delivering our Services. All of our personnel must comply with our restrictions on access, use, and disclosure of PHI or face disciplinary action, up to and including termination.
Agreement and Changes.