Privacy Policy

1. WHAT INFORMATION DO WE COLLECT?
Personal Information You Disclose to Us
We collect personal information that you voluntarily provide to us when expressing an interest in obtaining information about our services, scheduling an appointment, or contacting us. The personal information we collect depends on your interactions with us, the choices you make, and the features you use. This information may include:
‍
‍Identifiers: Name, phone number, email address, mailing address, and date of birth.
‍
‍Protected Health Information (PHI): Medical and mental health history, diagnoses, treatment plans, medication information, progress notes, assessment results, therapy session notes, appointment records, and any other health-related information necessary for providing mental health services. This information is protected under HIPAA (Health Insurance Portability and Accountability Act).
‍
‍Insurance Information: Health insurance provider details, policy numbers, and coverage information for billing purposes.
‍
‍Emergency Contact Information: Names and contact details of individuals to reach in case of emergency.
‍
‍Payment Information: Billing address and payment method details (credit/debit card information is processed securely through our encrypted payment processor and is not stored on our servers).
‍
‍Text and Email Communications: We may use secure messaging platforms for appointment reminders and limited communication with clients. Any information shared via these channels will be treated in accordance with this privacy policy and HIPAA requirements.Information Automatically CollectedWhen you visit or use our Services, we may automatically collect certain information, including IP address, device characteristics, browser type, and usage details, to help maintain the security and performance of our Services. This technical information does not include PHI and is used solely for website functionality and security purposes.

2. HOW DO WE USE YOUR INFORMATION?
We use personal information collected through our Services for various purposes based on legitimate business interests, the fulfillment of our contract with you, compliance with legal obligations, and/or your consent. Uses include:

‍Treatment and Care Coordination: To provide mental health services, create and maintain treatment plans, document clinical progress, and coordinate care with other healthcare providers when authorized.

‍Appointment Management: To schedule, confirm, reschedule, and send reminders about your appointments.

‍Communication: To respond to your inquiries, provide customer support, and communicate about your treatment and our services.

‍Billing and Payment: To process payments, submit insurance claims, verify coverage, and maintain financial records.

‍Legal and Regulatory Compliance: To comply with HIPAA, state mental health regulations, mandatory reporting requirements, and other applicable laws.

‍Quality Improvement: To improve our services, evaluate treatment effectiveness, and maintain quality care standards.

‍Marketing: If you opt-in, to send you information about our services, educational content, and wellness resources. You may opt-out at any time.

‍Safety and Risk Management: To assess and respond to safety concerns, including situations where there may be a risk of harm to you or others.

3. WILL YOUR INFORMATION BE SHARED WITH ANYONE?
We respect the confidentiality of your information and only share it in limited, specific circumstances:
‍
With Your AuthorizationWith your written consent, we may share your PHI with:

Family members or friends involved in your care

Other healthcare providers for coordinated treatment

Legal representatives or insurance companies as you direct

Treatment, Payment, and Healthcare Operations (TPO)

Under HIPAA, we may share PHI without your authorization for:

‍Treatment: Consulting with other healthcare providers about your care

‍Payment: Billing and claims processing with insurance companies

‍Healthcare Operations: Quality assurance, staff training, and business operations

Business AssociatesWe may share information with third-party service providers who assist us in providing services, such as:

Electronic health records (EHR) systems

Billing and payment processors

Secure communication platforms

IT support and cloud storage providers

All business associates sign Business Associate Agreements (BAAs) ensuring HIPAA compliance and protection of your PHI.

Legal Requirements and Public Safety
‍
We may disclose information when required or permitted by law:

‍Court Orders and Subpoenas: When legally compelled

‍Mandatory Reporting: Child abuse, elder abuse, or dependent adult abuse as required by Utah law

‍Duty to Warn: When there is a serious and imminent threat of harm to you or an identifiable third party

‍Law Enforcement: In limited circumstances as permitted by HIPAA

‍Public Health Activities: Disease reporting and prevention activities

‍Workers' Compensation: When relevant to a workers' compensation claim

Research

We do not share your information for research purposes without your specific written authorization.

We will never sell your personal information or PHI to third parties.

4. HIPAA COMPLIANCE AND PROTECTED HEALTH INFORMATION

Neurolife Healing is a HIPAA-covered entity and complies fully with the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules.

Your HIPAA Rights

Under HIPAA, you have the right to:

‍Access: Request and receive copies of your medical records

‍Amendment: Request corrections to your medical records if you believe information is incorrect or incomplete

‍Accounting of Disclosures: Receive a list of certain disclosures of your PHI

‍Restrictions: Request restrictions on certain uses and disclosures of your PHI (we are not required to agree but will consider all requests)

‍Confidential Communications: Request to receive communications about your PHI in a specific manner or at a specific location

‍Notice of Privacy Practices: Receive a copy of our Notice of Privacy Practices (NPP) explaining your rights and our obligations

Psychotherapy Notes

Psychotherapy notes (personal notes kept separate from your medical record) receive special protection under HIPAA. We will not disclose psychotherapy notes without your specific written authorization, except in very limited circumstances required by law.Breach NotificationIn the unlikely event of a breach of your unsecured PHI, we will notify you as required by HIPAA regulations, typically within 60 days of discovery.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information to enhance your experience on our website. Cookies help us:

Remember your preferences

Understand how you use our website

Improve website functionality and security

Analyze website traffic and usage patterns

You can set your browser to refuse all or some browser cookies or to alert you when cookies are being sent. If you disable or refuse cookies, some parts of our website may become inaccessible or not function properly. We do not use cookies or tracking technologies to access or store PHI.

6. HOW LONG DO WE KEEP YOUR INFORMATION?

We retain personal information and PHI in accordance with:

‍HIPAA Requirements: At least six years from the date of creation or last use

‍Utah State Law: Mental health records must be retained for at least seven years after the last date of service for adults, and until the patient reaches age 25 for minors

‍Legal and Regulatory Requirements: Longer retention periods when required by law

After the required retention period, we securely destroy records in accordance with HIPAA standards, ensuring PHI cannot be reconstructed or retrieved.

7. HOW DO WE KEEP YOUR INFORMATION SAFE?

We implement comprehensive administrative, physical, and technical safeguards designed to protect your personal information and PHI:

Technical Safeguards

Encrypted data transmission and storage

Secure, password-protected systems with multi-factor authentication

Regular security updates and patches

Firewalls and intrusion detection systems

Secure backup systems

Physical Safeguards

Locked file cabinets for paper records

Restricted access to facilities and records

Secure disposal of PHI (shredding, electronic wiping)

Alarm systems and security cameras

Administrative Safeguards

HIPAA training for all staff members

Written policies and procedures for privacy and security

Regular risk assessments

Incident response procedures

Business Associate Agreements with all vendors

However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure.

While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

8. DO WE COLLECT INFORMATION FROM MINORS?

We provide mental health services to minors (individuals under 18 years of age) with appropriate parental or guardian consent.

Parental Rights and Minor PrivacyParents/guardians generally have the right to access their minor child's PHI

Utah law may grant minors certain privacy rights regarding mental health treatment in specific circumstances

We may decline to provide parental access when, in our professional judgment, doing so could endanger the child

Mature minors (typically 16-17 years old) may have additional privacy protections under Utah law for certain mental health services

If we learn we have collected information from minors without proper consent, we will take steps to delete it promptly or obtain appropriate authorization.

9. WHAT ARE YOUR PRIVACY RIGHTS?

Depending on your location, you may have the following rights regarding your personal information:

‍Right to Know: What personal information we collect and how it is used

‍Right to Access: Request a copy of your personal information

‍Right to Correction: Request correction of inaccurate information

‍Right to Deletion: Request deletion of your personal information (subject to legal retention requirements)

‍Right to Restrict Processing: Request limitation on use of your information in certain circumstances

‍Right to Opt-Out: Unsubscribe from marketing communications at any time

‍Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights

To exercise these rights, please contact us using the information provided in Section 13.

Limitations on Privacy RightsCertain legal and ethical obligations may limit our ability to honor some requests, including:

Legal retention requirements (HIPAA, Utah law)

Ongoing treatment and care coordination needs

Mandatory reporting obligations

Active legal proceedings or investigations

10. UTAH STATE PRIVACY RIGHTS

As a Utah resident, you may have additional privacy rights under Utah state law, including:

‍Utah Consumer Privacy Act: Utah residents may have rights regarding access to and deletion of personal information

‍Utah Mental Health Confidentiality Laws: Additional protections for mental health treatment information

‍Utah Minor Consent Laws: Specific provisions regarding minor access to mental health services

We comply with all applicable Utah privacy laws in addition to federal HIPAA requirements.

11. DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference. We do not currently respond to DNT browser signals as there is no uniform standard for this feature.

12. DO WE MAKE UPDATES TO THIS NOTICE?

We may update this privacy notice from time to time to stay compliant with relevant laws or reflect changes in our practices. The updated version will be indicated by an updated "Last Revised" date at the bottom of this notice. We encourage you to review this privacy notice periodically to stay informed about how we protect your information.

If we make material changes that significantly affect your privacy rights, we will notify you by:

Posting a prominent notice on our website

Sending an email to the address on file

Providing notice at your next appointment

13. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, wish to exercise your privacy rights, or have concerns about our privacy practices, please contact us at:

‍Neurolife Healing
Murray, Utah 84107
Email: info@neurolifehealing.com
Phone: 385-325-7715
Email: privacy@neurolifehealing.comYou also have the right to file a complaint with:

‍U.S. Department of Health and Human Services
Office for Civil Rights
Website: www.hhs.gov/ocr/privacy/hipaa/complaints/
Phone: 1-877-696-6775Filing a complaint will not result in retaliation or any negative action against you.

14. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

To review, update, or request deletion of your personal information or medical records, please:

Submit a written request to the contact information above

Verify your identity (for security purposes)

Specify what information you would like to access, update, or delete

We will respond to your request within 30 days. Please note that we may charge a reasonable fee for copying medical records as permitted by Utah law, and we may be required to retain certain information for legal and regulatory compliance

For medical records requests, you may contact our our office

Additional Disclosures
Accessibility Statement
Neurolife Healing is committed to ensuring digital accessibility for individuals with disabilities. We continually strive to improve the user experience for all visitors and apply relevant accessibility standards. If you encounter accessibility barriers on our website or require assistance, please contact us at info@neurolifehealing.com.

Not Medical Advice

The content on this website, including blog posts, service descriptions, and general communications, is for informational purposes only and is not a substitute for professional diagnosis, treatment, or medical advice. Always seek the guidance of your qualified healthcare provider with any questions you may have regarding a medical or mental health condition. Never disregard professional medical advice or delay seeking it because of information you have read on our website.Telehealth PrivacyWhen participating in telehealth sessions:Ensure you are in a private locationUse a secure internet connection (avoid public Wi-Fi)Verify that others cannot overhear your sessionNotify your provider if anyone else is present during your sessionWe use HIPAA-compliant telehealth platforms with end-to-end encryption to protect your privacy during virtual sessions.

Emergency SituationsThis privacy policy does not restrict our ability to contact emergency services, emergency contacts, or law enforcement when we have a good faith belief that such disclosure is necessary to prevent serious harm or death.