Book Now
 

MONDAY COUNSELING LLC PRIVACY POLICY

Your trust is important — and so is your confidentiality. This page outlines how your personal information is collected, used, and protected at Monday Counseling. Whether you’re just browsing or already a client, you deserve to understand how your privacy is respected every step of the way.

Effective Date: May 2025

Welcome to Monday Counseling LLC. Your privacy and the confidentiality of your health information are very important to us. This Privacy Policy explains what personal and health information we collect, how we use and store it, your rights, and how we protect your data. We follow all applicable federal (HIPAA) and Ohio laws and regulations to ensure your information remains secure and confidential. We use clear, straightforward language to help you understand our practices.

Information We Collect

We collect two kinds of information: Personal information you provide and health information (also called Protected Health Information, or PHI) related to your care. Examples include:

  • Contact and identity information: name, birth date, address, email, phone number.

  • Medical and therapy information: mental health history, diagnoses, treatment plans, progress notes, session notes, and other clinical records.

  • Payment and insurance information: insurance policy details, billing statements, and (if applicable) credit card or bank information for payment.

  • Website contact data: if you use our website contact form, we collect the information you submit (e.g., your name, email, phone, and message). We do not ask for sensitive health details on the contact form, but any information you do share may become part of your records and is protected accordingly.

  • Website usage data: we use cookies and analytics tools to collect non-identifiable data about how visitors use our website (e.g., pages visited, time spent). This data is aggregated and does not include your health information.

All PHI we collect is protected by the HIPAA Privacy Rule. We will not collect more information than necessary for providing counseling services and administrative needs.

How We Use and Store Information

We use your information to provide quality care and manage our practice. In particular, we may use or disclose information for:

  • Treatment: to deliver mental health services. For example, we share clinical information with other health professionals (e.g. if you are referred to a specialist) to coordinate your care.

  • Payment: to bill for services. For example, we may send information about your treatment to your insurance carrier for payment or submit claims.

  • Practice operations: for managing and improving our services (scheduling, quality assurance, training, accreditation, audits). For example, we may use health information internally for our practice’s administration and auditing.

  • Appointment reminders and administrative notices: to remind you of upcoming appointments or inform you about treatment options or changes in our practice. For example, we may call, email, or text you appointment reminders unless you request another method.

  • With your authorization: any other uses. We will obtain written authorization before using or disclosing your PHI for purposes not covered above (for instance, marketing or any sale of information). You can revoke such authorization anytime in writing, except for actions already taken based on that authorization.

All information is stored securely. Electronic records (ePHI) are stored in our HIPAA-compliant EHR and telehealth system (SimplePractice) with industry-standard encryption during transmission and at rest. Any paper records are kept in locked files and shredded when no longer needed. We retain records only as long as required by law or practice policy, and then dispose of them securely.

Confidentiality and Legal Disclosures

Your information is private and confidential. We do not share your health or personal information for marketing or sell it to anyone. Monday Counseling LLC staff and associates (including interns, trainees, or volunteers) are obligated by law and professional ethics to maintain confidentiality. All staff receive training in privacy practices and must follow our strict confidentiality policies.

There are certain situations where we are legally required or allowed to disclose information without your authorization, such as:

  • Required by law: Reporting suspected child, elder, or dependent adult abuse; responding to a court order or subpoena; or complying with other laws (e.g., public health reporting).

  • Risk of harm: If we believe you are a danger to yourself or others, or if others’ safety is at risk, we may share information with appropriate individuals or authorities to prevent harm.

  • Judicial or legal proceedings: If you are involved in a lawsuit or legal matter, a judge may order disclosure of your records.

  • Health oversight: If a government agency audits or investigates our practice, we may share information for those oversight purposes.

  • Law enforcement: In limited circumstances, such as if required to assist in an involuntary commitment or to comply with a warrant.

  • With your written permission: Any other situation not covered above requires your specific written authorization. For example, disclosing information to family members, friends, or employers will only happen with your signed consent.

Whenever we disclose information under these exceptions, we will limit the information shared to the minimum necessary. We keep detailed records of all disclosures as required by law. We also will notify you if a breach of unsecured PHI occurs, as required by the HIPAA Breach Notification Rule.

Your Rights

HIPAA grants you several important rights regarding your health information. These include the right to:

  • Request access: You have the right to see and obtain a copy of your records (your PHI) in our designated record sethhs.gov. We may charge a reasonable fee for copying and postage. In very limited cases, we may deny access (e.g. rare situations where we believe it could cause harm), but such denials can be reviewed by a licensed health professional.

  • Request amendments: If you believe information in your records is inaccurate or incomplete, you can request a correction or additionhhs.gov. We will respond to your amendment request and either make the change or provide you with a written explanation of why we cannot. You can also submit a statement of disagreement for our file.

  • Request restrictions: You can ask us to restrict certain uses or disclosures of your PHI (for example, to not share information with your insurer). We are not required to agree, but if we do, we will honor the restriction (except in emergencies)hhs.gov. To request a restriction, please submit your request in writing to our Privacy Officer (see Contact below).

  • Request confidential communications: You may request that we communicate with you by alternative means or at an alternate location (for example, sending communications to a different address or using email only with encryption)hhs.gov. We will accommodate reasonable requests whenever possible.

  • Receive an accounting of disclosures: You have the right to ask for a list (accounting) of certain disclosures we have made of your PHI for purposes other than treatment, payment, or operations, going back up to six yearshhs.gov.

  • Receive this notice: You can request a copy of this Privacy Policy/Notice at any time. We will provide a copy (including electronically) if you ask.

  • File a complaint: If you believe your privacy rights have been violated, you can file a complaint with Monday Counseling LLC (see Contact below) or with the U.S. Department of Health and Human Services (HHS) Office for Civil Rightshhs.gov. We will not retaliate against you for filing a complainthhs.gov.

To exercise any of these rights, please contact our Privacy Officer in writing (see Contact below). We may charge a reasonable fee for copies of records or postage as permitted by law.

Third-Party Services

We use certain third-party service providers in running our practice. These are carefully chosen and bound by contracts to protect your privacy:

  • SimplePractice (EHR & Telehealth): We use SimplePractice for appointment scheduling, record-keeping, billing, and telehealth video sessions. SimplePractice is a fully HIPAA-compliant platform with robust security (encrypted data, secure servers, multi-factor authentication, and HITRUST certification). We have a Business Associate Agreement (BAA) with SimplePractice requiring them to safeguard your PHI.

  • Analytics and cookies: Our website may use Google Analytics or similar tools to understand site usage. These tools only collect aggregate, non-identifiable data (e.g. number of visitors, pages viewed) and do not capture personal health information. We do not disclose your identity or health details through analytics. These analytics providers are required to follow their own privacy policies and we ensure no PHI is sent to them.

  • Email and text services: If we email or text you (for appointment reminders, etc.), we use secure platforms. We do not use unencrypted email to share sensitive PHI. You may receive general appointment notices or practice news via email or text if you’ve opted in; such communications do not contain your health records.

  • Payment processors: If you pay by credit card online, the transaction is handled through a secure, PCI-compliant payment system. We do not store your full payment card numbers.

  • Other healthcare providers and insurance: When necessary for treatment and payment, we may disclose information to other professionals (doctors, therapists, labs) or insurers. These parties are also required by law or contract to protect your information.

Any third party that handles PHI on our behalf is considered a “Business Associate” under HIPAA and is required to enter into a BAA with us. This ensures they use the information only as allowed by law and maintain strong safeguards.

Website Data and Cookies

Our website uses cookies and similar tracking technologies to enhance user experience and analyze website use. Cookies are small data files stored on your device. We use them for:

  • Essential functions: Enabling basic features of the website.

  • Analytics: Collecting data on site performance (pages visited, duration, etc.) using tools like Google Analytics. This data is anonymous and aggregated (no personal or health data).

We do not use cookies to store your personal health information, and we do not engage in online tracking or advertising that profiles you. You can disable or delete cookies in your browser, though some site features may then be unavailable.

Our contact forms collect information only when you voluntarily submit it. We do not automatically gather personal data about you (such as health status) from the site; any details you share in a form are treated as provided by you and are protected under this policy.

Data Protection Measures

We take multiple steps to protect your information:

  • Encryption: All electronic communications and records (in SimplePractice and email) are encrypted in transit (e.g. SSL/TLS for website and video) and encrypted at rest on secure servers.

  • Access controls: Only authorized staff can access your records, using unique logins and strong passwords. We use two-factor authentication where possible.

  • Physical security: Paper records (if any) are kept in locked filing cabinets in a secure office. Computers are password-protected. We shred any documents with personal information before disposal.

  • Administrative safeguards: We maintain written privacy policies and train all our staff on themhhs.gov. We have a designated Privacy Officer responsible for overseeing compliance.

  • Technical safeguards: Our practice software (SimplePractice) is housed in HIPAA-compliant, Tier-1 data centers with intrusion detection, firewalls, regular security audits, and backup systems.

  • Personal security: We require our staff and any contractors to sign confidentiality agreements. We monitor and restrict access to PHI to only what is needed for their role.

  • Incident response: In case of any suspected privacy breach, we will promptly investigate, mitigate harm, and notify affected individuals and authorities as required by law.

In short, we maintain reasonable and appropriate safeguards (administrative, physical, and technical) to prevent unauthorized use or disclosure of your information.

Updates to This Privacy Policy

We may revise this Privacy Policy from time to time (for example, if regulations change or our practices evolve). When we make significant changes, we will update the Effective Date and notify you (for example, by email or posting a notice on our website). You can always request the latest version.

Contact Information

If you have any questions about this policy, or if you want to exercise your privacy rights (e.g. request access to your records, ask for an amendment, or file a complaint), please contact:

Monday Counseling LLC – Privacy Officer

60 Rhoads Center Dr, Ste C
Dayton, OH 45458
Phone: (937) 892-4519
Email: [email protected] 
 

Your trust is important to us. Monday Counseling LLC is committed to safeguarding your privacy and ensuring that your personal and health information is handled responsibly and securely.