top of page

 

Privacy Policy for Mind Therapy Works

Last Updated: May 8, 2025

Mind Therapy Works ("Mind Therapy Works," "we," "us," or "our") is committed to protecting the privacy and security of the information we collect and process. This Privacy Policy describes how we collect, use, disclose, and protect Personal Information and Protected Health Information (PHI) when you (mental health professionals and their authorized staff, hereafter "you" or "Subscribers") access or use our website, mindtherapy.works (the "Site"), our Electronic Health Record (EHR) platform, practice management software, AI-assisted notation tools, and any related services, features, content, or applications (collectively, the "Services").

This Privacy Policy is incorporated into our Terms of Service. By accessing or using our Services, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your Personal Information and the PHI you manage through our Services, as described in this Privacy Policy and our Terms of Service.  

A Special Note About Protected Health Information (PHI): As a provider of EHR and practice management services to healthcare professionals, Mind Therapy Works acts as a "Business Associate" under the Health Insurance Portability and Accountability Act (HIPAA). We handle PHI on behalf of our Subscribers (the "Covered Entities" under HIPAA). Our collection, use, disclosure, and protection of PHI are governed by HIPAA, the HITECH Act, and the terms of the Business Associate Agreement (BAA) entered into between Mind Therapy Works and each Subscriber. This Privacy Policy supplements the BAA. If there is any conflict between this Privacy Policy and the BAA with respect to PHI, the BAA will control.

1. Information We Collect

We collect information in the following ways:

  • Information You Provide to Us (Subscribers):

    • Account and Profile Information: When you create an account, we collect information such as your name, practice name, email address, phone number, professional credentials (license information), physical address, and payment information.

    • Communications: If you contact us directly, we may receive additional information about you, such as the contents of your message, attachments, and any other information you may choose to provide.  

    • Service Configuration Data: Information you provide to customize and configure your account and use of the Services.

  • Information Processed on Behalf of Subscribers (Patient PHI):

    • Through your use of the Services, you will input, upload, or store PHI of your patients/clients ("Patient PHI"). This may include, but is not limited to, names, dates of birth, contact information, medical history, diagnoses, treatment plans, progress notes (including those generated with AI assistance), billing information, and insurance details.

    • Mind Therapy Works processes Patient PHI solely on your behalf and as instructed by you, in accordance with the BAA and applicable law. You, as the Covered Entity, are responsible for obtaining necessary patient consents and authorizations for the collection, use, and disclosure of Patient PHI through the Services.

  • Information We Collect Automatically When You Use Our Services:

    • Log Data and Usage Information: We collect information about your interactions with our Services, such as IP address, browser type, operating system, device information, pages visited, features used, access times, and referring website addresses.

    • Cookies and Similar Tracking Technologies: We use cookies and similar technologies (e.g., web beacons, pixels) to collect information about your Browse activities and preferences, to operate and improve our Services, and to personalize your experience. You can control the use of cookies at the individual browser level. For more information, please see our [Link to your Cookie Policy, if separate, or expand here].  

    • AI Feature Data (De-identified/Aggregated): To improve our AI-assisted notation and other AI features, we may process de-identified and/or aggregated data derived from the content processed through these features. This data will not be personally identifiable and will be handled in accordance with HIPAA's de-identification standards as outlined in the BAA.

  • Information from Third Parties:

    • We may receive information about you from third-party services if you choose to integrate them with your Mind Therapy Works account (e.g., payment processors, labs, or other practice tools), in accordance with your authorizations.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To Provide, Operate, and Maintain Our Services:  

    • To create and manage your account.

    • To enable you to use all features of the Services, including EHR functionalities, scheduling, billing, and AI-assisted tools.

    • To process payments for the Services.

  • To Support Our Subscribers:

    • To respond to your inquiries, comments, and questions, and to provide customer service and technical support.

  • To Improve, Personalize, and Develop Our Services:

    • To understand and analyze how you use our Services to develop new products, services, features, and functionality.  

    • To personalize your experience with our Services.

    • To conduct research and analysis using de-identified and/or aggregated data to enhance our offerings (subject to BAA and HIPAA).

  • For Security and Compliance:

    • To maintain the security and integrity of our Services.

    • To detect and prevent fraud, abuse, and security incidents.

    • To comply with legal obligations, including HIPAA, and to enforce our Terms of Service and BAA.

    • To respond to lawful requests from public authorities.

  • To Communicate With You:

    • To send you service-related communications, including updates, security alerts, and administrative messages.

    • To send you information about new features, promotions, or other news about Mind Therapy Works (you can opt out of marketing communications as described below).

Mind Therapy Works does not and will not sell your Personal Information or the Patient PHI you entrust to us. We do not use Patient PHI for marketing or advertising purposes.

3. How We Share Your Information

We may share information we collect in the following circumstances:

  • With Service Providers (Sub-processors): We may share information with third-party vendors, consultants, and other service providers who perform services on our behalf (e.g., cloud hosting, payment processing, data analytics, customer support). These service providers are contractually obligated to protect the information, act as Business Associates under HIPAA if they access PHI, and only use it for the purposes for which it was disclosed.  

  • As Directed by You (the Subscriber): We will share and disclose Patient PHI as you direct through your use of the Services (e.g., when you generate a report, share records with another provider with patient consent, submit claims to payers). You are responsible for ensuring you have the necessary authority and consents for such sharing.

  • For Legal Reasons and Protection: We may disclose information if required to do so by law or in the good faith belief that such action is necessary to:

    • Comply with a legal obligation, subpoena, court order, or other governmental request.  

    • Protect and defend the rights or property of Mind Therapy Works.

    • Prevent or investigate possible wrongdoing in connection with the Services.

    • Protect the personal safety of users of the Services or the public.

    • Protect against legal liability.  

  • Business Transfers: In the event of a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your information (including PHI, subject to the requirements of HIPAA and the BAA) may be transferred as part of that transaction. We will notify you of any such deal and outline your choices in that event.  

  • De-identified or Aggregated Data: We may share de-identified and/or aggregated data (which does not identify you or any individual patient) for research, industry analysis, or other legitimate business purposes, consistent with HIPAA requirements.

4. Data Security

Mind Therapy Works takes the security of your information, especially Patient PHI, very seriously. We implement and maintain appropriate administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of the information we process. These measures include:  

  • Encryption of data in transit and at rest.

  • Access controls and authentication mechanisms (including two-factor authentication).

  • Regular security assessments and vulnerability management.

  • Employee training on privacy and security obligations.

  • Maintaining compliance with HIPAA security standards.

While we strive to use commercially acceptable means to protect your information, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security. You are also responsible for maintaining the security of your account credentials and the devices you use to access the Services.  

In the event of a security breach involving PHI, we will comply with our obligations under HIPAA and the BAA, including providing any required notifications.

5. Data Retention

We will retain your Personal Information for as long as your account is active or as needed to provide you with the Services and to fulfill the purposes outlined in this Privacy Policy. We will retain and use your information as necessary to comply with our legal obligations (including HIPAA record retention requirements for PHI as specified in the BAA), resolve disputes, and enforce our agreements.  

Patient PHI is retained in accordance with the terms of our BAA with you, the Subscriber, and applicable law. Upon termination of your account and the BAA, we will return or destroy PHI as stipulated in the BAA, unless retention is required by law.

6. Your Privacy Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your Personal Information. For Subscribers, these may include:  

  • Access and Correction: You can review and update your account information through your account settings.

  • Opt-out of Marketing Communications: You may opt out of receiving promotional emails from us by following the unsubscribe instructions in those emails or by contacting us. You will still receive essential service-related communications.  

  • Cookies: You can typically remove or reject cookies via your browser settings.

Regarding Patient PHI: Patients/clients should direct any requests regarding their PHI (such as access, amendment, or an accounting of disclosures) to their healthcare provider (our Subscriber), who is the Covered Entity responsible for managing their PHI. Mind Therapy Works will assist Subscribers in responding to such requests as required by the BAA and HIPAA.

7. Children's Privacy

Our Services are not directed to individuals under the age of 13 for their own account registration or direct use. We do not knowingly collect Personal Information from children under 13 for such purposes. If we become aware that a child under 13 has provided us with Personal Information directly, we will take steps to delete such information.

However, our Subscribers (mental health professionals) may use our Services to store and manage Patient PHI related to children as part of their provision of healthcare services. The handling of such information is governed by the BAA and HIPAA.

8. Third-Party Links and Services

Our Site and Services may contain links to other websites or services not operated or controlled by Mind Therapy Works ("Third-Party Sites"). The information that you share with Third-Party Sites will be governed by the specific privacy policies and terms of service of the Third-Party Sites and not by this Privacy Policy. We do not endorse and are not responsible for the privacy practices of these Third-Party Sites.  

9. International Data Transfers

If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located and our central database is operated. Data protection laws in the U.S. may be different from those in your country. By using our Services, you consent to the transfer of your information to the U.S.  

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you by email (sent to the email address specified in your account), by posting a notice on our Site, or as otherwise required by applicable law, prior to the change becoming effective. We encourage you to review this Privacy Policy periodically for any updates. Your continued use of the Services after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy.  

11. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our privacy practices, please contact us at:  

 

Mind Therapy Works

921 Cranston Drive

support@ehrcommunityhelpdesk.com

833-693-1972

If you are a patient of one of our Subscribers, please direct your privacy questions and requests regarding your PHI to your healthcare provider.

bottom of page