Introduction
At Growth and Healing Therapy we prioritize the privacy of our clients and website visitors, adhering to Telecom Consumer Rights (TCR) regulations and the Health Insurance Portability and Accountability Act (HIPAA) requirements. This policy outlines how we collect, use, and safeguard your personal information, including your health information.
1. Information We Collect
We collect various types of information, including:
- Personal and Contact Information: Your name, email address, phone number, mailing address, and other identifiable information.
- Health Information (Protected Health Information – PHI): Health-related data you provide to us for treatment and consultation purposes, compliant with HIPAA regulations.
- SMS Data: Specific data required for SMS services, including your mobile number and messaging preferences.
- Copayment/Deductible Information: Payment card details and transaction information for copayment /deductible made with us, compliant with HIPAA standards.
2. How We Use Your Information
- We use the collected information for:
- Service provision, scheduling, client/staff assignment, appointment reminders, insurance verification and personalized treatment plans.
- Website improvement.
SMS, phone call, or email communication (with explicit consent). - Secure processing of transactions.
- Maintaining compliance with HIPAA to safeguard your health-related information.
3. HIPAA Compliance
As a healthcare provider, we comply with HIPAA regulations, ensuring the confidentiality and protection of your health information:
- PHI Security: We implement strict protocols to safeguard your Protected Health Information (PHI) from unauthorized access.
- Patient Rights: You have the right to request access to your medical records, ask for amendments, and request restrictions on certain uses of your PHI.
- Breach Notification: In the event of any data breach involving your PHI, we will notify you as required by HIPAA regulations.
4. SMS Communication Compliance
As per RingCentral’s guidelines for Enhanced Business SMS and HIPAA requirements:
- We limit SMS messages to 50 per originating number per minute.
- We obtain verbal or written consent before sending any marketing, promotional, or informational SMS messages.
- We do not use purchased or third-party generated lead lists for SMS messaging.
Clear opt-out instructions are provided in all messages. - We avoid using link shorteners and non-branded domains in SMS links.
- We complete TCR registration prior to sending SMS messages.
- All SMS communications involving health information are HIPAA-compliant.
5. Automated Messaging
Automated SMS messages are sent only from numbers linked to a TCR campaign:
- Express, logged consent is required before sending automated messages.
- Promotional messages need explicit oral or written and logged consent.
- Every automated message includes opt-out language (e.g., “Reply STOP to end”).
6. Opt-in/User Consent
We adhere to strict opt-in protocols:
Express consent is required for SMS messaging, which we log and track.
Double opt-in is used to confirm consent and validate phone numbers.
Carriers may request proof of opt-in, for which we maintain records.
7. Opt-out
We offer clear methods for SMS opt-out:
Compliance with CTIA guidelines for opt-out commands (STOP, UNSUBSCRIBE).
Opt-out instructions are included in all informational or promotional messages.
8. Prohibited Campaigns and Content
We comply with restrictions on certain types of SMS campaigns and content:
Prohibited campaigns include loan/mortgage ads, debt collection, political messages, etc.
Prohibited content includes illegal activities, adult content, violence, and controlled substances.
9. Carrier Fees and Account Restrictions
We recognize our responsibility to be aware of and adhere to carrier rules, subject to deliverability impacts, registration requirements, service suspension, or termination for non-compliance.
10. Security and Compliance
Our security measures protect all collected data, ensuring compliance with TCR, HIPAA, PCI DSS, and other relevant regulations. We utilize encryption and other safeguards to ensure that both personal information and PHI are securely maintained.
11. Sharing of Your Information
We do not share your personal or health information with any third-party services. All information collected is used exclusively for the purposes outlined in this policy, ensuring the utmost confidentiality and privacy.
SMS opt-in and phone numbers collected for SMS purposes will not be shared with third parties or affiliates for marketing purposes under any circumstances.
12. Communication Methods
By providing your contact information, you consent to being contacted by Growth and Healing Therapy through the following means:
- Phone Calls: We may contact you regarding your appointments, treatments, and other relevant information.
- Email: This is for appointment confirmations, insurance verification, client/staff assignment or marketing purposes (with your explicit consent).
- SMS Text Messaging: With your consent, we may send SMS messages regarding your appointments, treatment reminders, or marketing materials.
- You may opt out of receiving any of these communications at any time by following the opt-out instructions or contacting us directly.
13. Changes to This Privacy Policy
We may update this policy to reflect changes in practices or laws, notifying you of significant changes through our website or direct contact.
14. Contact Us
For questions or concerns about this Privacy Policy or your personal information, contact us at: