Mind body care

Menu
CONTACT US

Mind-Body Care Privacy Policy

Mind-Body Care (“we,” “us,” or “our”) is committed to protecting the privacy and security of information we collect from users in the United States. This Privacy Policy describes how we collect, use, and disclose information – including protected health information (PHI) – on our website and through our services. Because we collect PHI and are subject to HIPAA (the Health Insurance Portability and Accountability Act), we adhere to strict standards for health information. We also use cookies and tracking technologies for analytics and advertising. By using our website or services, you consent to the practices described here.

1. Information Collected

  • Protected Health Information (PHI): We collect health-related information that can identify you as an individual. PHI includes identifiers (e.g. name, address, email, birth date, Social Security number) combined with health details. Examples of PHI we may collect include your name, contact information, date of birth, insurance information, health history, symptoms, diagnoses, test results, treatment notes, appointments, and billing or payment information. We collect PHI when you provide it directly (for example, through intake forms, account registration, appointment requests, communications with providers) or indirectly through our health services.
  • Personal and Contact Information: We collect information you provide such as your name, mailing address, email address, phone number, and any other identifiers you give us. For practitioners and employees, we may collect professional and employment information.
  • Technical and Usage Data: When you visit our website, we automatically collect technical data about your device and activity. This may include your Internet Protocol (IP) address, browser type, operating system, device identifiers, language preferences, referring/exit pages, date/time stamps, and cookie identifiers. We log pages viewed, time spent on pages, links clicked, and other similar usage data. Cookies and similar tracking technologies help us personalize your experience and analyze site usage. For example, cookies may store your session information or preferences so that pages display properly.
  • Tracking Technologies: We use cookies, web beacons, tracking pixels, and similar technologies on our website. These tools help us remember your preferences, analyze site traffic, and tailor content or advertising. Cookies may be first-party (set by our site) or third-party (set by analytics or advertising partners). You can control cookies through your browser settings (see the Cookies section below).
  • Information from Third Parties: We may receive information about you from other sources, such as health care providers (with your consent) or business partners (for example, insurance verification services). We will add this information to the data we collect from you directly, consistent with this policy.

We collect this information when you register an account, make appointments, contact us via forms or email, participate in surveys, sign up for newsletters, or otherwise interact with our website and services.

2. Use of Information

We use the information we collect for legitimate business and health care purposes, including to provide, maintain, and improve our services, and in ways that are permitted under HIPAA. Key uses include:
  • Providing Health Services: We use your PHI and contact information to deliver health care services and communications you request. This includes scheduling appointments, sending appointment reminders, providing treatment or consultation, processing payments and claims, and sharing medical records with other providers as needed. For example, we use information to coordinate care, bill insurance, and manage your treatment plan.
  • Health Care Operations: We use PHI and other information to manage our practice and improve service quality. This includes internal business operations such as quality assurance, case management, provider training, accreditation, and compliance. Under HIPAA, these “health care operations” activities are permitted uses of PHI. For instance, we may analyze de-identified patient data to improve our programs, track outcomes, or develop new offerings.
  • Analytics and Website Improvement: We use technical and usage data (non-PHI) to monitor and improve our website. For example, we use web analytics (such as Google Analytics or similar services) to understand how visitors use our site – which pages are visited, how long users stay, etc. We use this information to improve website design, content, and functionality. This type of usage analysis is considered part of our operations to better serve our users.
  • Communications and Marketing: We may use your contact information to send you service-related notices, updates, and promotional materials (such as newsletters or offers). You will always have the option to opt out of marketing communications. Any marketing or advertising we do does not involve disclosing PHI without your authorization. We do not use PHI for targeted advertising. Instead, we may share aggregate or anonymized usage data with third-party advertising partners to deliver general interestbased ads (for example, showing health-related ads based on general site usage, but not linked to your personal health data).
  • Legal Compliance and Safety: We may use or disclose information as required by law or to protect safety. For example, we use data to comply with legal obligations (such as tax or subpoena requirements) or to protect patient or public safety (for example, if required to report certain health conditions to public health authorities).
  • Other Uses with Consent: We may use or share your information in other ways if we have your written authorization. For example, if you sign a separate consent, we may share your PHI with a third party for research or marketing purposes in compliance with HIPAA. You may revoke any authorization at any time as described below.

3. Disclosure of Information

We do not sell your personal or health information. We disclose information only as described here, consistent with HIPAA and other applicable laws:

  • Healthcare Providers and Insurers: We may share PHI with other health care providers who are involved in your care (e.g. referring physicians or specialists) and with insurers or payers for purposes of payment and coverage. For example, we share your diagnosis or treatment codes with your insurance company to obtain reimbursement.
  • Business Associates: We engage third-party service providers to assist with our services and operations. These may include IT vendors (e.g. cloud hosting, electronic medical record software), billing companies, email services, telehealth platforms, and data analytics or marketing firms. Whenever such a provider handles PHI on our behalf, we require that they sign a HIPAA Business Associate Agreement (BAA) and comply with all required safeguards. We disclose only the information they need to perform their services. For example, our web hosting and analytics vendors may receive technical data (like IP addresses or cookie IDs), but we ensure no identifiable PHI is sent to them. HHS guidance warns that PHI should not be impermissibly disclosed to tracking or advertising vendors without authorization; we strictly follow this rule and do not share PHI for marketing.
  • Advertising Partners: We use third-party advertising networks (such as Google Ads, Facebook/Meta, or other platforms) to serve and measure ads. These partners may use cookies or similar technologies to track usage on our site and on other sites, in order to show you relevant ads. We only share non-sensitive, non-PHI information for this purpose (for example, interest categories or general location, but not your medical details). We do not disclose any PHI (such as specific health conditions or patient identifiers) to advertising networks without explicit authorization. Any data shared with advertisers is governed by privacy rules and, where applicable, by Business Associate Agreements or other contracts to ensure compliance.
  • Legal Obligations and Protection: We may disclose information when required or permitted by law. This includes disclosures to government agencies (such as HHS or state health departments) as required for compliance reviews, investigations, or as required under HIPAA. We may also disclose PHI to law enforcement or courts in response to subpoenas, warrants, or to prevent a serious threat to health or safety, to the extent allowed by HIPAA. In all cases, we disclose the minimum necessary information to meet the legal requirement.
  • Consent: If you provide authorization (for example, via a signed authorization form), we may disclose your information for the purposes you authorize. You may revoke authorization at any time except to the extent we have already acted upon it.

HIPAA requires that PHI be used or disclosed only for permitted purposes or with the individual’s written authorization. We follow the “minimum necessary” principle when disclosing information, meaning we limit disclosures to what is needed for the purpose.

4. HIPAA Compliance and PHI Protection

Mind Body Care is a HIPAA-covered entity. We comply with the HIPAA Privacy Rule, Security Rule, and the HITECH Act to protect your health information. This means:

  • Privacy Rule: We maintain policies (such as this Privacy Policy and our Notice of Privacy Practices) that describe how your PHI is used and disclosed. We train our staff on HIPAA requirements and limit employee access to PHI to what is needed for their job. We only use PHI for treatment, payment, and health care operations unless you authorize other uses.
  • Security Rule: We implement administrative, physical, and technical safeguards to protect electronic PHI (ePHI). The Security Rule requires such safeguards to ensure confidentiality, integrity, and availability of ePHI. For example, we use secure encrypted communication protocols (SSL/TLS) for data in transit, encrypt stored PHI, maintain firewalls, and use secure user authentication. Our facilities and systems have controls (such as locked file cabinets for paper records, background checks for staff, and audit logs for data access) to protect data. We regularly review and update our security measures based on risk assessments.
  • Business Associate Agreements: As noted above, we enter into BAAs with any thirdparty that creates, receives, maintains, or transmits PHI on our behalf, ensuring that they are also held to HIPAA standards.
  • Breach Notification: In the unlikely event of a breach of unsecured PHI, we will comply with HIPAA breach notification requirements, which include notifying affected individuals, HHS, and (if required) the media, in accordance with HIPAA and HITECH regulations.
  • Limited Data Use: Where possible, we de-identify or aggregate data. De-identified information (from which identifiers have been removed) is not subject to HIPAA restrictions and may be used freely to improve our services or for research, analytics, or marketing purposes.

By law, we must protect the privacy and security of your PHI. We adhere to these standards to ensure your health information is safe.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to make our website work properly and to provide a better, more personalized experience. Examples of cookies we use include:

  • Necessary Cookies: These are required for basic site functionality (for example, keeping you logged in, remembering language or privacy settings).
  • Performance and Analytics Cookies: We use analytics tools (such as Google Analytics, or similar) to understand how people use our site. These tools set cookies to collect information about your visit (such as pages viewed, referral sources, and session duration). We use the aggregated data to analyze traffic patterns and improve the site. According to HHS guidance, using tracking technologies to analyze website usage is generally permitted as part of health care operations. We ensure that no PHI is transmitted to analytics providers; we configure analytics to anonymize data (for example, by masking IP addresses) and do not send any personal or health details.
  • Advertising Cookies: We may partner with advertising networks and use their cookies to serve ads. These cookies allow ad partners to recognize your browser or device and show ads relevant to your interests (for example, based on sites you’ve visited). We share only non-sensitive information with these partners, and we do not share PHI for advertising. Users can opt out of targeted ads by visiting privacy opt-out pages such as the Digital Advertising Alliance (aboutads.info) or the Network Advertising Initiative (networkadvertising.org). You can also disable cookies through your browser settings; however, doing so may limit some features of our site.
  • Social Media and Third-Party Cookies: Our website may include features or plug-ins from social media or other sites (for example, a Facebook “Like” button). These third parties may set cookies through our site. We do not control the data collected by these third parties; please review their privacy policies directly.

HHS has warned that tracking technologies must not result in unauthorized disclosures of PHI. We comply fully: tracking and cookies on our site are never used to collect or share any individually identifiable health information without a HIPAA-compliant authorization.

6. Data Security

We take data security seriously. We maintain administrative, technical, and physical safeguards to protect information against unauthorized access, disclosure, alteration, or destruction. Examples of our security measures include:

  • Encryption: We use industry-standard encryption (such as SSL/TLS) for data in transit (e.g. when you submit forms or log in) and encrypt sensitive data at rest when feasible.
  • Access Controls: Access to PHI is limited to authorized personnel. We use strong authentication measures (passwords, two-factor authentication for critical systems) and role-based permissions.
  • Secure Infrastructure: Our IT systems and servers are hosted in secure, accesscontrolled facilities or reputable cloud services. We install security updates and monitor networks for suspicious activity.
  • Policies and Training: We have internal policies and staff training programs on data privacy and security. All employees and contractors must follow these policies and know how to handle information securely.
  • Incident Response: We have procedures to detect and respond to security incidents or breaches. This includes timely investigation, containment, mitigation, and notification in accordance with law.
  • Business Continuity: We maintain backups of critical data and have disaster recovery plans to prevent data loss and ensure continuity of care.

These measures comply with the HIPAA Security Rule’s requirements for safeguarding ePHI. Although we strive to protect your information, no method of transmission or storage is 100% secure. If we discover a security breach affecting your personal information or PHI, we will notify you and regulators as required by applicable law.

7. User Rights

HIPAA grants individuals certain rights over their health information. As a user of our services, you have these rights regarding your PHI:

  • Right to Access: You have the right to view and obtain a copy of your PHI that we maintain in a “designated record set” (medical and billing records, health plan records). You may request copies electronically or on paper. We will provide your records (or a summary) within 30 days of your request, subject to few limited exceptions.
  • Right to Amend: If you believe any of your PHI is incorrect or incomplete, you may request an amendment. We will review amendment requests and accept them if appropriate, or provide a written explanation if we deny your request.
  • Right to Restrict: You can ask us to restrict how we use or disclose your PHI for treatment, payment, or operations. We will consider your request and comply if required or if feasible, except if the information is needed to provide emergency treatment or if otherwise required by law.
  • Right to Confidential Communications: You may request that we communicate with you by alternative means or at alternative locations (for example, sending mail to a P.O. Box instead of your home address). We will accommodate reasonable requests.
  • Right to an Accounting of Disclosures: You have the right to request a list of certain disclosures we have made of your PHI (for purposes other than treatment, payment, or operations) over the past six years. We will provide this accounting within 60 days of your request.
  • Right to Revoke Consent/Authorization: If you have signed any authorizations allowing us to use or share your PHI (for example, for marketing or other non-routine purposes), you may revoke them in writing at any time, except to the extent we have already relied on them.
  • Right to File Complaints: You can file a complaint with us if you believe we have violated your privacy or with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights. For example, HHS provides a complaint portal and information on your rights under HIPAA. We will not retaliate against you for filing a complaint.

For privacy or security concerns, questions about this Policy, or to exercise your rights, please contact our Privacy Officer (see Contact Information below). We will assist you in any way we can to address your requests in accordance with law.

8. SMS terms of Service

By opting into SMS from a web form or other medium, you are agreeing to receive SMS messages from Mind-Body Care Inc. This includes SMS messages for conversations (external). Message frequency varies. Message and data rates may apply. See privacy policy at https://mbcare.us/privacy-policy/. Message HELP for help. Reply STOP to any message to opt out.

9. Changes to the Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, services, regulations, or technology. When we make material changes, we will revise the “Last Updated” date at the top of this page and post the new policy on our website. We encourage you to review this Policy periodically. Continued use of our website or services after a change indicates your acceptance of the updated terms.

10. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact our Privacy Officer:
Mind Body Care
Attn: Privacy Officer
admin@mbcare.us

You may also send a secure message through our website portal if you have an account. We are committed to responding promptly to your inquiries. For HIPAA-related complaints, you may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights.

Scroll to Top