PRIVACY POLICY

Last Updated: 1/27/2021

1. INFORMATION COLLECTION AND USE

We receive, collect and store any information you enter on our website or provide in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect personally identifiable information (including name, email, password, communications); payment details (including credit card information), comments, feedback, product reviews, recommendations, and personal profile.

 

We will not sell, share, trade or otherwise use any information you provide unless you expressly provide in writing permission for such use. We collect this information to improve our service, and to help us determine your individual needs so we may serve you better individually, as well as collectively.

We will not sell, share, trade or otherwise use any medical information under any circumstances. If you require medical information, you must request it from us directly via a Medical Release form.

We collect such Non-personal and Personal Information for the following purposes:

  1. To provide and operate the Services;

  2. To provide our Users with ongoing customer assistance and technical support;

  3. To be able to contact Visitors and Users with general or personalized service-related notices and promotional messages;

  4. To create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which I may use to provide and improve services; 

  5. To comply with any applicable laws and regulations.

 

2. SECURITY

This website is hosted on the Wix.com platform. Wix.com provides the online platform that allows me to sell services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall. 

All direct payment gateways offered by Wix.com and used by me adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

3. GOOGLE ANALYTICS AND COOKIES

We may use a tool called “Google Analytics” to collect information about use of this Site, such as how often users visit the Site, what pages they visit when they do so, and what other sites they used prior to coming to this Site. Google Analytics collects only the IP address assigned to you on the date you visit this Site, rather than your name or other identifying information.

Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit this Site. This cookie cannot be used by anyone but Google, Inc. The information generated by the cookie will be transmitted to and stored by Google on servers in the United States.

We use the information received from Google Analytics only to improve services on this Site. We do not combine the information collected through the use of Google Analytics with personally identifiable information.

Google’s ability to use and share information collected by Google Analytics about your visits to this Site is restricted by the Google Privacy Policy http://www.google.com/policies/privacy. You can prevent Google Analytics from recognizing you on return visits to this Site by disabling the Google Analytics cookie on your browser.

4. COLLECTION AND USE OF PERSONAL INFORMATION OF CHILDREN UNDER AGE 13

We are committed to protecting the online privacy of children. In accordance with the Children’s Online Privacy Protection Act (”COPPA”), we will not knowingly collect any personally identifiable information from children under the age of thirteen (13) without first obtaining parental consent. Prior to providing any personally identifiable information (your name, email address, address, phone number etc.), children under the age of thirteen (13) must have a parent or legal guardian complete and return (by email or regular mail) a Parental Consent Form to kyinglmft@gmail.com.

The consent form states that the child’s “Parent” or “Legal Guardian”, by his or her signature, consents to the collection and transfer of the child’s personally identifiable information. Consent may be revoked by completing a “Revocation of Parental Consent Form” and sending it to the email or physical mailing address above. In compliance with COPPA, We are sensitive about children consulting with parents or guardians before furnishing personal information or ordering anything online.

It is also our intention to adhere to the Children’s Advertising Review Unit (CARU) Guidelines on Internet advertising with its special sensitivities regarding solicitations to children under thirteen (13). We encourage parents/guardians to supervise and join their children in exploring cyberspace.

5. TRANSFER OF DATA ABROAD

If you are visiting this Site from a country other than the country in which our servers are located, your communications with us may result in the transfer of information across international boundaries. By visiting this Site and communicating electronically with us, you consent to such transfers.

6. COMPLIANCE WITH LAWS AND LAW ENFORCEMENT

We cooperate with government and law enforcement officials and private parties to enforce and comply with the law.

We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including without limitation subpoenas), to protect our property and rights or the property and rights of a third party, to protect the safety of the public or any person, or to prevent or stop activity we consider to be illegal or unethical. We will also share your information to the extent necessary to comply with ICANN's rules, regulations and policies.

To the extent we are legally permitted to do so, we will take reasonable steps to notify you in the event that we are required to provide your personal information to third parties as part of legal process.

7. CHANGES IN OUR PRACTICES

We reserve the right to modify this Privacy Policy at any time. If we decide to change our Privacy Policy, we will post those changes to this Privacy Policy and any other places we deem appropriate, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.

If we make material changes to this Policy, we will notify you here, by email, or by means of a notice on our home page, at least thirty (30) days prior to the implementation of the changes.

8. CORRECTING, UPDATING AND REMOVING PERSONAL INFORMATION

You may alter, update or deactivate your account information or opt out of receiving communications from us at any time. You may send an email to kyinglmft@gmail.com.

We will respond to your request for access or to modify or deactivate your information within thirty (30) days.

 

9. MEDICAL PRIVACY PRACTICES NOTICE

THIS NOTICE DESCRIBES HOW HEALTH INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

I. MY PLEDGE REGARDING HEALTH INFORMATION:

I understand that health information about you and your health care is personal. I am committed to protecting health information about you. I create a record of the care and services you receive from me. I need this record to provide you with quality care and to comply with certain legal requirements. This notice applies to all of the records of your care generated by this mental health care practice. This notice will tell you about the ways in which I may use and disclose health information about you. I also describe your rights to the health information I keep about you, and describe certain obligations I have regarding the use and disclosure of your health information. I am required by law to:

• Make sure that protected health information (“PHI”) that identifies you is kept private.

• Give you this notice of my legal duties and privacy practices with respect to health information.

• Follow the terms of the notice that is currently in effect.

• I can change the terms of this Notice, and such changes will apply to all information I have about you. The new Notice will be available upon request, in my office, and on my website.

II. HOW I MAY USE AND DISCLOSE HEALTH INFORMATION ABOUT YOU:

The following categories describe different ways that I use and disclose health information. For each category of uses or disclosures I will explain what I mean and try to give some examples. Not every use or disclosure in a category will be listed. However, all of the ways I am permitted to use and disclose information will fall within one of the categories.

For Treatment Payment, or Health Care Operations: Federal privacy rules and regulations allow health care providers who have direct treatment relationship with the client to use or disclose the client’s personal health information without the client’s written authorization, to carry out the health care provider’s own treatment, payment or health care operations. I may also disclose your protected health information for the treatment activities of any health care provider. This too can be done without your written authorization. For example, if a clinician were to consult with another licensed health care provider about your condition, we would be permitted to use and disclose your person health information, which is otherwise confidential, in order to assist the clinician in diagnosis and treatment of your mental health condition.

Disclosures for treatment purposes are not limited to the minimum necessary standard. Because therapists and other health care providers need access to the full record and/or full and complete information in order to provide quality care. The word “treatment” includes, among other things, the coordination and management of health care providers with a third party, consultations between health care providers and referrals of a patient for health care from one health care provider to another.

Lawsuits and Disputes: If you are involved in a lawsuit, I may disclose health information in response to a court or administrative order. I may also disclose health information about your child in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.

III. CERTAIN USES AND DISCLOSURES REQUIRE YOUR AUTHORIZATION:

1. Psychotherapy Notes. I do keep “psychotherapy notes” as that term is defined in 45 CFR § 164.501, and any use or disclosure of such notes requires your Authorization unless the use or disclosure is:

a. For my use in treating you.

b. For my use in training or supervising mental health practitioners to help them improve their skills in group, joint, family, or individual counseling or therapy.

c. For my use in defending myself in legal proceedings instituted by you.

d. For use by the Secretary of Health and Human Services to investigate my compliance with HIPAA.

e. Required by law and the use or disclosure is limited to the requirements of such law.

f. Required by law for certain health oversight activities pertaining to the originator of the psychotherapy notes.

g. Required by a coroner who is performing duties authorized by law.

h. Required to help avert a serious threat to the health and safety of others.

 

2. Marketing Purposes. As a psychotherapist, I will not use or disclose your PHI for marketing purposes.

 

3. Sale of PHI. As a psychotherapist, I will not sell your PHI in the regular course of my business.

IV. CERTAIN USES AND DISCLOSURES DO NOT REQUIRE YOUR AUTHORIZATION. Subject to certain limitations in the law, I can use and disclose your PHI without your Authorization for the following reasons:

1. When disclosure is required by state or federal law, and the use or disclosure complies with and is limited to the relevant requirements of such law.

2. For public health activities, including reporting suspected child, elder, or dependent adult abuse, or preventing or reducing a serious threat to anyone’s health or safety.

3. For health oversight activities, including audits and investigations.

4. For judicial and administrative proceedings, including responding to a court or administrative order, although my preference is to obtain an Authorization from you before doing so.

5. For law enforcement purposes, including reporting crimes occurring on my premises.

6. To coroners or medical examiners, when such individuals are performing duties authorized by law.

7. For research purposes, including studying and comparing the mental health of patients who received one form of therapy versus those who received another form of therapy for the same condition.

8. Specialized government functions, including, ensuring the proper execution of military missions; protecting the President of the United States; conducting intelligence or counter-intelligence operations; or, helping to ensure the safety of those working within or housed in correctional institutions.

9. For workers' compensation purposes. Although my preference is to obtain an Authorization from you, I may provide your PHI in order to comply with workers' compensation laws.

10. Appointment reminders and health related benefits or services. I may use and disclose your PHI to contact you to remind you that you have an appointment with me. I may also use and disclose your PHI to tell you about treatment alternatives, or other health care services or benefits that I offer.

V. CERTAIN USES AND DISCLOSURES REQUIRE YOU TO HAVE THE OPPORTUNITY TO OBJECT.

1. Disclosures to family, friends, or others. I may provide your PHI to a family member, friend, or other person that you indicate is involved in your care or the payment for your health care, unless you object in whole or in part. The opportunity to consent may be obtained retroactively in emergency situations.

VI. YOU HAVE THE FOLLOWING RIGHTS WITH RESPECT TO YOUR PHI:

1. The Right to Request Limits on Uses and Disclosures of Your PHI. You have the right to ask me not to use or disclose certain PHI for treatment, payment, or health care operations purposes. I am not required to agree to your request, and I may say “no” if I believe it would affect your health care.

2. The Right to Request Restrictions for Out-of-Pocket Expenses Paid for In Full. You have the right to request restrictions on disclosures of your PHI to health plans for payment or health care operations purposes if the PHI pertains solely to a health care item or a health care service that you have paid for out-of-pocket in full.

3. The Right to Choose How I Send PHI to You. You have the right to ask me to contact you in a specific way (for example, home or office phone) or to send mail to a different address, and I will agree to all reasonable requests.

4. The Right to See and Get Copies of Your PHI. Other than “psychotherapy notes,” you have the right to get an electronic or paper copy of your medical record and other information that I have about you. I will provide you with a copy of your record, or a summary of it, if you agree to receive a summary, within 30 days of receiving your written request, and I may charge a reasonable, cost based fee for doing so.

 

5. The Right to Get a List of the Disclosures I Have Made. You have the right to request a list of instances in which I have disclosed your PHI for purposes other than treatment, payment, or health care operations, or for which you provided me with an Authorization. I will respond to your request for an accounting of disclosures within 60 days of receiving your request. The list I will give you will include disclosures made in the last six years unless you request a shorter time. I will provide the list to you at no charge, but if you make more than one request in the same year, I will charge you a reasonable cost based fee for each additional request.

6. The Right to Correct or Update Your PHI. If you believe that there is a mistake in your PHI, or that a piece of important information is missing from your PHI, you have the right to request that I correct the existing information or add the missing information. I may say “no” to your request, but I will tell you why in writing within 60 days of receiving your request.

7. The Right to Get a Paper or Electronic Copy of this Notice. You have the right get a paper copy of this Notice, and you have the right to get a copy of this notice by e-mail. And, even if you have agreed to receive this Notice via e-mail, you also have the right to request a paper copy of it.

HOW TO COMPLAIN ABOUT MY PRIVACY PRACTICES

If you think I may have violated your privacy rights, you may file a complaint with me, as the Privacy Officer for my practice, and my phone number is:  (707) 367-3663.

You can also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by:

  1. Sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201;

  2. Calling 1-877-696-6775; or,

  3. Visiting www.hhs.gov/ocr/privacy/hipaa/complaints

I will not retaliate against you if you file a complaint about my privacy practices.