Privacy Policy

Overview

This notice explains:

1. What information we collect
2. How we may use and disclose it
3. Your rights and choices
4. Our security, retention, and breach-response practices
5. State- and international-specific disclosures
6. How to contact us

This notice applies to all information we handle in any format—online, paper, or oral—when providing therapy services or operating this website.

1. Information We Collect

Category	Examples
Protected Health Information (PHI)	Full name, date of birth, address, driver’s-license or government-ID number, insurance details, medical & mental-health history, diagnostic notes, therapy session records, prescriptions, billing & payment data.
Website & Device Data	IP address, browser type, pages visited, date/time stamps, referring URLs. Collected via essential (non-advertising) cookies and server logs.
Contact & Account Data	Email, phone number, mailing address, user credentials.
Optional Submissions	Messages you send us, documents you upload (e.g., intake forms), survey responses, testimonials.

Children’s Privacy : We do not knowingly collect information from children under 13 online. If you believe your child has provided us information, please contact us so we can delete it.

2. How and Why We Use or Disclose Your Information

Purpose / Legal Basis	HIPAA Category (if PHI)	Examples
Treatment	Treatment	Scheduling sessions, consulting with other licensed professionals at your request.
Payment	Payment	Billing you or your insurer; verifying coverage.
Health-Care Operations	Operations	Quality assessment, supervision, accreditation, internal audits.
Your Authorization	—	Uses beyond TPO (e.g., releasing records to a third-party app) occur only with your signed authorization, which you may revoke.
Legal Requirements & Public Health	Permitted by law	Reporting abuse, responding to court orders, meeting CDC reporting obligations.
Website Functionality & Security	Legitimate interest / consent (GDPR)	Maintaining the site, preventing fraud, detecting cybersecurity incidents.

No Sale or Cross-Context Ads : We do not sell or share PHI or other sensitive data for cross-context behavioral advertising.

3. Your Rights

Right	How to Exercise
Inspect or obtain a copy of your records (HIPAA §164.524)	Submit a written request to the Privacy Officer. First copy free; reasonable cost-based fees may apply thereafter.
Request amendment of inaccurate or incomplete PHI	Contact the Privacy Officer with supporting information.
Receive an accounting of certain disclosures	Written request to the Privacy Officer.
Request restrictions & confidential communications	We will accommodate reasonable requests when possible.
Opt-out of marketing messages	Click “unsubscribe” or email us.
Delete / limit processing / data portability (state & GDPR rights)	Email us; we will respond within 30 days.

4. Security, Retention & Breach Notification

• Encryption in transit (TLS 1.2+) and at rest, role-based access, annual security-risk assessments.
• Records retained at least 7 years from last date of service (or longer if required) and destroyed via NIST-compliant methods.
• Breach involving unsecured PHI → notice to you without unreasonable delay and no later than 60 days, per HIPAA and state laws.

5. State- & International-Specific Notices

• Florida residents : You have additional rights under the Florida Digital Bill of Rights (SB 262).
• Washington residents : We comply with the My Health My Data Act; you may withdraw consent for processing or restrict geofencing.
• California residents : See our “CCPA/CPRA Addendum” to exercise your “Do Not Sell or Share” rights.
• EEA / UK / Swiss visitors : Legal bases = consent, contract, legitimate interest, vital interests. Data transferred to the U.S. under Standard Contractual Clauses. You may lodge a complaint with your local authority.

6. Contact Us

Privacy Officer
Essential Therapy Services
15271 WEST 60TH AVE Suite 106 • Miami Lakes, FL 33014 • US
Phone: 305-456-6700 | Fax: 786-870-5196 | Email: [email protected]