Privacy Policy for It Begins Within
Effective date: January 1, 2025
At It Begins Within ("we," "us," or "our"), we are dedicated to safeguarding your privacy and ensuring the confidentiality of your health information. As a provider of mental health services, we comply with the Health Insurance Portability and Accountability Act (HIPAA) and all applicable federal and state privacy laws. This Privacy Policy outlines how we collect, use, disclose, and protect your personal information and Protected Health Information (PHI). By accessing our services, you acknowledge and agree to this Privacy Policy.
1. Information We Collect
At It Begins Within, we prioritize collecting only the minimum information necessary to provide you with high-quality care. The types of information we may collect include:
Personal Information: This includes your name, contact details (such as phone number, email address, and mailing address), date of birth, and emergency contact information.
Protected Health Information (PHI): This encompasses your medical and mental health history, treatment notes, diagnoses, medications, treatment plans, and other sensitive health-related information essential for delivering effective care.
Payment Information: We may collect credit card or other financial details strictly for billing and payment processing purposes.
Website Usage Data: To enhance user experience and website functionality, we may collect information about your interactions with our website, including your IP address, browser type, and pages visited.
2. How We Use Your Information
Your privacy is our priority. We use the information we collect solely for the following purposes:
To Provide Quality Care: We use your Protected Health Information (PHI) to deliver personalized and effective counseling services.
To Facilitate Payment: Your financial information is used to process payments and communicate billing details.
For Healthcare Operations: PHI may be used internally to support operational activities such as quality assessments, staff training, and improving our services.
To Communicate with You: We use your contact information to send appointment reminders, health-related updates, and important information about our services.
To Comply with Legal Obligations: We use or disclose PHI as required by federal, state, or local laws, including HIPAA regulations.
We do not sell, rent, or lease your personal information or PHI to any third parties. Your information is never shared with advertisers or marketers.
3. How We Share Your Information
We disclose your PHI only in accordance with HIPAA regulations and with the utmost respect for your privacy:
With Your Explicit Consent: Your PHI will not be shared with third parties without your explicit written consent, except as required by law.
For Treatment, Payment, and Healthcare Operations (TPO): We may share PHI with other healthcare providers or insurers involved in your care. These entities are also required to comply with HIPAA.
For Legal and Safety Reasons: We may disclose PHI if required by law or if it is necessary to prevent a serious threat to health or safety.
Business Associates: Third-party service providers, known as Business Associates, may access your PHI to perform essential services (e.g., billing). These entities are contractually obligated to safeguard your PHI and use it only for the services they provide.
4. Your Rights Regarding Your PHI
You have several rights under HIPAA, and we are committed to protecting them:
Right to Access: You can request and obtain a copy of your PHI.
Right to Request Amendment: If you find errors or incomplete information in your PHI, you may request amendments.
Right to an Accounting of Disclosures: You can request a list of specific disclosures of your PHI.
Right to Request Restrictions: You may request limits on how your PHI is used or disclosed, although we are not required to agree to all requests.
Right to Confidential Communications: You can request that we communicate with you in specific ways or at particular locations for privacy reasons.
Right to Revoke Authorization: You may revoke prior authorizations for PHI use or disclosure, except where actions have already been taken.
Right to a Copy of This Notice: You can request a paper copy of this Privacy Policy at any time.
5. Data Security and Protection
We have implemented strict safeguards to protect your PHI from unauthorized access, disclosure, alteration, or destruction:
Encryption: All electronic PHI (ePHI) is encrypted both in transit and at rest.
Access Controls: Access to your PHI is restricted to authorized personnel only.
Regular Security Assessments: We routinely audit and assess our security protocols to ensure your data is protected.
Staff Training: Our staff undergo regular training on privacy and security to maintain the confidentiality and integrity of your PHI.
6. Breach Notification
In the unlikely event of a breach of unsecured PHI, we will notify you as required by HIPAA and applicable state laws. We will provide details about the nature of the breach, the type of PHI involved, and the steps we are taking to address and resolve the issue.
7. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time to ensure compliance with applicable laws and best practices. Updates will be posted on this page with an updated effective date. We will notify you of significant changes that affect your rights or privacy.
8. Your Right to File a Complaint
If you believe your privacy rights have been violated, you may file a complaint with us or directly with the Secretary of the U.S. Department of Health and Human Services. We will not retaliate against you for filing a complaint.
9. Contact Information
For questions, concerns, or more information about this Privacy Policy, please contact us:
It Begins Within
Phone: (813) 538-0385
Email: [email protected]
Address: 550 N Reo St, Tampa, Florida
We are committed to protecting your privacy and maintaining the highest standards of confidentiality in compliance with HIPAA.