Privacy Policy & Notice of Privacy Practices

About Us

About Suite 615 Therapy Collective, PLLC

Suite 615 Therapy Collective, PLLC (“the Collective,” “we,” “us,” or “our”) is a professional limited liability company organized under the laws of the State of Texas. We provide shared clinical space and administrative infrastructure to a community of independently licensed mental health clinicians (“Member Clinicians”) who operate their own independent therapy practices within our facility.

Our services include designated space for individual therapy, couples therapy, family therapy, and group therapy sessions delivered in-person at our Arlington, TX location and via HIPAA-compliant telehealth platforms.

Section 1

Scope of This Policy

This Privacy Policy applies to:

• Information collected by Suite 615 Therapy Collective, PLLC in its capacity as a facility and administrative entity
• Data processed through the Collective's shared systems, platforms, scheduling tools, and communication channels
• Information about prospective, current, and former clients who engage with our shared intake or scheduling processes
• Personal and professional information about Member Clinicians utilizing our space
• Website visitors and individuals who contact us for general inquiries

Section 2

Key Definitions

Protected Health Information (PHI)

Individually identifiable health information created, received, maintained, or transmitted by a covered entity, including demographic data, diagnosis, treatment, and payment information. 45 C.F.R. § 160.103.

Electronic PHI (ePHI)

PHI that is created, stored, transmitted, or received in electronic form.

Business Associate

A person or entity that performs functions or activities involving PHI on behalf of a covered entity. 45 C.F.R. § 160.103.

Member Clinician

A pre-licensed or independently licensed mental health professional who has entered into a Membership Agreement with Suite 615 Therapy Collective and operates an independent practice within our facility.

Texas Medical Privacy Act (TMPA)

Texas Health & Safety Code Chapter 181, which provides additional privacy protections for health information in Texas and in some instances applies more broadly than HIPAA.

Section 3

Information We Collect

4.1 Client Information

In our role as a shared facility and administrative entity, the Collective may collect the following types of information:

• Contact information (name, address, phone number, email address)
• Scheduling and appointment information
• Insurance and billing information processed through shared administrative systems
• Emergency contact information
• Referral source information
• General demographic information for administrative purposes

4.2 Member Clinician Information

We collect professional and personal information about Member Clinicians in connection with their Space Use Agreements, including:

• Full legal name, professional credentials, and licensure information
• State licensure numbers and licensing board information
• Contact information (professional and emergency)
• Malpractice and liability insurance documentation
• Business entity information and Tax ID / EIN
• Banking and payment information for space lease transactions
• Background check results (where applicable)
• Professional biography and marketing materials (if provided for shared use)

4.3 Website and Communications Data

When you visit our website or contact us digitally, we may collect:

• IP address and browser/device information
• Pages visited and referral sources
• Information submitted through contact forms or inquiry requests
• Email correspondence

Section 4

How We Use Information

5.1 Permitted Uses of Client PHI

To the extent the Collective holds or processes any client PHI through shared administrative systems, such information is used only for the following HIPAA-permissible purposes:

• Treatment: Facilitating coordination of space and scheduling to support continuity of care
• Payment: Processing billing and insurance verification where applicable through shared systems
• Healthcare Operations: Quality assurance, administrative operations, and facility management
• Legal Compliance: Responding to lawfully issued subpoenas, court orders, or regulatory inquiries
• Safety: Preventing or lessening a serious and imminent threat to the health or safety of a person or the public, consistent with 45 C.F.R. § 164.512(j)

5.2 Uses of Clinician Information

• Administering Space Use Agreements and lease payments
• Verifying professional credentials and licensure status
• Managing emergency contact and safety protocols
• Coordinating collective-wide communications and operational updates
• Marketing and directory listings, with clinician consent
• Legal compliance and dispute resolution

5.3 Uses of Website Data

• Responding to general inquiries and referral requests
• Improving website functionality and user experience
• Analytics to understand how our site is used

Section 5

Disclosure of Information

6.1 Disclosures of PHI We May Make Without Authorization

Consistent with 45 C.F.R. § 164.512 and Texas Health & Safety Code § 181.054, we may disclose PHI without your written authorization in limited circumstances, including:

• As required by law (court orders, warrants, subpoenas)
• To public health authorities for disease reporting or safety monitoring
• To avert a serious threat to health or safety
• For workers’ compensation purposes as permitted by Texas law
• To coroners, medical examiners, or funeral directors as required
• For oversight of the healthcare system by authorized agencies
• To the U.S. Department of Health and Human Services (HHS) for HIPAA compliance investigations

6.2 Disclosures Requiring Written Authorization

All other disclosures of PHI require your written authorization, including:

• Marketing communications (we will never sell your health information)
• Release to attorneys, employers, or family members not otherwise authorized
• Psychotherapy notes (which receive heightened protection under both HIPAA and Texas law)
• Disclosure for research purposes beyond standard legal permissions

You may revoke a written authorization at any time, except to the extent we have already acted in reliance on it.

6.3 Texas-Specific Protections

Texas law provides additional protections that may exceed HIPAA requirements. Under the Texas Medical Privacy Act (Tex. Health & Safety Code § 181.001 et seq.):

• Certain genetic information, mental health records, and substance use treatment records are subject to heightened protection
• We may not sell PHI without explicit authorization
• Clients have the right to request an accounting of disclosures going back six years
• Minors’ rights to access their own records may differ depending on the nature of treatment and applicable Texas Family Code provisions

6.4 Business Associates

We may share PHI with third-party vendors who perform services on our behalf (e.g., scheduling software, billing platforms, secure email providers, IT support). All such vendors are required to enter into a Business Associate Agreement (BAA) prior to accessing any PHI, consistent with 45 C.F.R. § 164.504(e). Business associates are bound to use PHI only for the purposes for which it was shared and to implement appropriate safeguards.

Section 6

Your Privacy Rights

Under HIPAA and Texas law, you have the following rights with respect to PHI we hold:

7.1 Right to Access

You have the right to inspect and obtain a copy of your PHI held in our designated record sets. Requests should be submitted in writing. We will respond within 30 days (extendable by 30 additional days with written notice). We may charge a reasonable, cost-based fee. 45 C.F.R. § 164.524.

7.2 Right to Amend

You may request that we amend PHI that you believe is inaccurate or incomplete. We may deny your request if the information was not created by us, is not part of our designated record set, or is already accurate and complete. 45 C.F.R. § 164.526.

7.3 Right to Accounting of Disclosures

You may request a list of certain disclosures of your PHI made by us or our business associates in the past six years. This right does not apply to disclosures for treatment, payment, or healthcare operations. 45 C.F.R. § 164.528.

7.4 Right to Request Restrictions

You may ask us to restrict how we use or disclose your PHI. We are not required to agree to all restrictions, but if we do agree, we are bound by that agreement. We must honor requests to restrict disclosures to health plans when you have paid out-of-pocket in full. 45 C.F.R. § 164.522.

7.5 Right to Confidential Communications

You may request that we communicate with you about your PHI by alternative means or at alternative locations (e.g., by email rather than phone, or at a different address). We will accommodate reasonable requests. 45 C.F.R. § 164.522(b).

7.6 Right to a Paper Copy

You have the right to receive a paper copy of this Notice of Privacy Practices at any time, even if you have agreed to receive it electronically. 45 C.F.R. § 164.520(c)(1)(ii).

7.7 Right to Non-Retaliation

We will not retaliate against you for exercising any of your privacy rights.

Section 7

Telehealth Services & Electronic Communications

Suite 615 Therapy Collective supports the delivery of telehealth services by Member Clinicians using HIPAA-compliant video and communication platforms. The following applies to telehealth and electronic communications facilitated through the Collective's shared systems:

• Only HIPAA-compliant platforms with executed BAAs are approved for use in connection with Collective systems
• Clients are advised not to communicate PHI through standard (non-encrypted) email, standard SMS, or social media direct messages
• Any telehealth platform recommended or made available through the Collective complies with 45 C.F.R. §§ 164.312 (technical safeguards) and applicable HHS telehealth guidance
• Clients should confirm with their individual clinician which telehealth platform is used for their sessions and obtain that clinician’s specific telehealth consent
• Geographic restrictions may apply; clinicians are responsible for verifying that telehealth delivery complies with Texas licensure laws and any applicable interstate compact provisions

Section 8

Group Therapy Confidentiality

Suite 615 Therapy Collective hosts group therapy sessions facilitated by Member Clinicians. While the facilitating clinician is bound by HIPAA and professional ethics codes, participants in group therapy are not covered entities and are not legally bound by HIPAA. Accordingly:

• Group facilitators will review confidentiality expectations with all participants prior to the commencement of any group
• Group agreements regarding confidentiality will be documented and signed by all participants
• Breaches of group confidentiality by participants do not constitute a HIPAA violation but may result in removal from the group
• The facilitating clinician retains all obligations under HIPAA with respect to clinical records arising from group sessions

Section 9

Minors, Couples, and Family Therapy

10.1 Minor Clients

When a minor (under 18) is a client, privacy rights are typically held by a parent or legal guardian. However, under Texas law, minors may have independent rights to consent to and maintain the confidentiality of certain categories of treatment, including:

• Outpatient mental health services (Texas Family Code § 32.004)
• Substance use counseling (Texas Family Code § 32.003)
• Services related to sexual assault or abuse

When a minor has independently consented to treatment, the clinician may limit disclosure to parents or guardians. Clients and families with questions about minor confidentiality should speak directly with the treating clinician.

10.2 Couples and Family Therapy

In the context of couples or family therapy, the clinician's “client” may be the relationship or family unit rather than any individual member. This can affect the way PHI is handled. Prior to beginning couples or family therapy, clients will receive clarification from their clinician about:

• Who is considered the client of record
• How records requests from individual members will be handled
• Policies regarding individual sessions or disclosures within a conjoint treatment context

Section 10

Data Security and Safeguards

Suite 615 Therapy Collective implements administrative, physical, and technical safeguards consistent with the HIPAA Security Rule (45 C.F.R. Part 164, Subpart C) and Texas Health & Safety Code § 181.101:

11.1 Administrative Safeguards

• Designation of a HIPAA Privacy Officer and Security Officer
• Workforce training on privacy and security policies
• Sanction policies for workforce members who violate privacy standards
• Regular review of information access controls
• Business Associate Agreement execution prior to any third-party PHI access

11.2 Physical Safeguards

• Access controls to physical facility spaces, including private therapy rooms
• Secure storage of any paper records within the facility
• Workstation use and security policies
• Visitor and access log procedures for sensitive areas

11.3 Technical Safeguards

• Unique user identification and access controls for electronic systems
• Encryption of ePHI in transit and at rest using industry-standard protocols
• Automatic logoff on shared or facility devices
• Audit controls and activity logging for access to electronic records
• Secure, HIPAA-compliant platforms for scheduling, communications, and telehealth

Section 11

Breach Notification

In the event of a breach of unsecured PHI, Suite 615 Therapy Collective will comply with the HIPAA Breach Notification Rule (45 C.F.R. §§ 164.400–164.414) and Texas Health & Safety Code § 181.101:

• Affected individuals will be notified without unreasonable delay, and no later than 60 days after discovery of a breach
• Notification will include a description of the breach, the types of information involved, steps individuals should take to protect themselves, what we are doing to investigate and mitigate harm, and contact information for follow-up questions
• Breaches affecting 500 or more individuals will also be reported to HHS and, in certain circumstances, to prominent media outlets serving the affected area
• Breaches affecting fewer than 500 individuals will be logged and reported to HHS annually
• Where a breach involves information held by a Member Clinician’s independent practice, that clinician bears primary responsibility for breach notification to their clients

Section 12

Record Retention

Administrative records maintained by Suite 615 Therapy Collective are retained in accordance with applicable federal and Texas law:

• HIPAA policies and procedures: Minimum 6 years from creation or last effective date (45 C.F.R. § 164.530(j))
• Business Associate Agreements: Minimum 6 years
• Breach documentation: Minimum 6 years
• Member Clinician contractual records: Duration of agreement plus 7 years

Clinical records held by individual Member Clinicians are subject to Texas State Board of Examiners of Professional Counselors rules (22 Tex. Admin. Code § 681.47) or applicable licensing board requirements, which generally require retention for a minimum of 5 years from the date of last service (7 years for minor clients from the date of majority). Clients should consult their clinician for specific record retention policies.

Section 13

Children's Online Privacy

Our website and online systems are not directed at children under the age of 13, and we do not knowingly collect personal information online from children under 13 without verifiable parental consent, consistent with the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq. If you believe a child under 13 has submitted personal information through our website without proper consent, please contact us immediately.

Section 14

Changes to This Policy

Suite 615 Therapy Collective reserves the right to change the terms of this Privacy Policy and to make the revised policy effective for all PHI we maintain, including PHI created or received prior to such changes. We will post the revised policy on our website and make paper copies available at our facility. Significant changes will be communicated to active clients and Member Clinicians by written notice.

Section 15

Complaints & How to Exercise Your Rights

If you believe your privacy rights have been violated, or to submit a request to exercise any of the rights described in Section 6, please contact our Privacy Officer:

You also have the right to file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights:

Section 16

Governing Law

This Privacy Policy is governed by the laws of the State of Texas and applicable federal law, including HIPAA (42 U.S.C. § 1320d et seq.), the HITECH Act (Pub. L. 111-5), and the Texas Medical Privacy Act (Tex. Health & Safety Code § 181.001 et seq.). Any disputes arising under this Policy shall be resolved in the courts of Dallas County, Texas.