Privacy Policy

Last updated: January 27, 2025

Safeguarding your privacy and health records is critical to us. It is a top priority, as should be with any healthcare professional, especially with mental health professionals. We endeavor to do everything possible to assure the confidentiality and security of any health information you entrust us with. To that end, we take serious steps, applying common sense, and abiding by laws designed to safeguard your rights and privacy, such as HIPAA.

HIPAA NOTICE OF PRIVACY PRACTICES

Our office outlines your privacy rights in the HIPAA Notice of Privacy Practices. 

Here is a non-exhaustive list of steps we take to safeguard your privacy:

• All hard copies of health information are locked in a closet within our office, which is also always locked when we are not there.

• All our computers and phone equipment are password protected, with two-factor authentications whenever available.

• We use a VPN whenever Wi-Fi is used.

• We strive to inform our patients that using text and email for communication is not secure, and we aim to offer them secure alternatives.

OUTSIDE VENDORS

In the era of electronic communication, outside vendors are a necessary part of any clinical practice. All vendors are carefully screened for their reputation, security protocols, and adherence to HIPAA. Vendors that may have access to any health information must sign a Business Associates Agreement with us, in accordance with HIPAA, which holds them to the same responsibility as we have regarding the protection of your health information. Furthermore, whenever possible, only the minimum necessary information is shared with these vendors. Here is a list of vendors with whom we have signed Business Associates Agreements, in accordance with HIPAA:

• Google 

• IntakeQ, Inc.

• Spruce, Inc. 

• SRFax, Inc 

• Heidi Health

USE OF THIS WEBSITE

By using the Website, you agree to the collection and use of personal data in accordance with this Privacy Policy. 

VISITING THE WEBSITE

This website is hosted by Squarespace. Squarespace may collect personal data when you visit this website, including:

• Information about your browser, network and device

• Web pages you visited prior to coming to this website

• Information about how you use this website, including: clicks, internal links, pages visited, scrolling, searches, and timestamps

• Your IP address

According to Squarespace, they use the data to run this website, and to protect and improve their platform and services. Squarespace has stated that they analyze data in depersonalized form.

We do not retain, access or disclose any of your personal information outside of Squarespace or third-party service providers, unless we have good faith belief that such action is necessary to:

• Comply with a legal obligation

• Protect and defend the rights or property of the company

• Prevent or investigate possible wrongdoing in connection with the website

• Protect the personal safety of users of the website or the public

• Protect against legal liability

COOKIES

This website uses cookies and similar technologies, which are small files or pieces of text that download to a device when a visitor accesses a website or app. 

For information about the cookies dropped on your device, please visit: The Cookies Squarespace Uses.

• The Functional and Required Cookies, described here, are ALWAYS used, which allow Squarespace, our hosting platform, to securely publish this website. 

• The Analytics and Performance Cookies, described here, are used on this website ONLY when you choose “Accept” from our cookie banner. This website uses analytics and performance cookies to view site traffic, activity, and other data.

THIRD-PARTY SERVICES PROVIDERS

Squarespace informs us that they may share personal data collected with third party providers, such as Google Fonts and Adobe Fonts, who help render fonts on this website.  

We also may directly share your data with carefully selected third-party service providers to improve your web experience.

The third-party service providers collect, store, use, process and transfer information about your activity on this website in accordance with their Privacy Policies, and are listed here: 

• Google https://policies.google.com/privacy

• IntakeQ https://intakeq.com/privacy 

• Yelp https://terms.yelp.com/privacy/en_us/20220831_en_us/ 

PAYMENTS

We use Stripe for (and only for) payment processing. We do not store your payment card details. Instead, that information is provided directly to Stripe, which adheres to standards (PCI-DSS) set forth by the PCI Security Standards Council, a joint effort of brands like Visa, Mastercard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of payment information. Stripe’s Privacy Policy can be viewed at https://stripe.com/us/privacy

LINKS TO OTHER WEBSITES

Our website may contain links to other websites that we do not operate. If you click on a third-party link, you will be directed to that third-party's site. We strongly encourage you to review every site's privacy policy. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

CHANGES TO THE PRIVACY POLICY

We may update Our Privacy Policy from time to time. We will post the new policy on this page to notify you of any changes.

We will notify you via email and/or prominent notice on our Website before the change becomes effective and update the "Last updated" date at the top of this Privacy Policy.

You should periodically review this Privacy Policy for any updates. Changes to this Privacy Policy take effect when they are posted on this page.

CONTACT US

If you have any questions about this Privacy Policy, please feel free to info@cmbh.health.