MindRefined | Mental Health

MindRefined.us Privacy Policy

Last Modified: 305-290-2175

Table of Contents

1. [Introduction]

2. [Scope of Policy]

3. [Definitions]

4. [Compliance Framework]

5. [Information We Collect]

5A. [Personal Identification Information]

5B. [Health Information (PHI/ePHI)]

5C. [Technical Information]

5D. [Financial Information]

6. [How We Use and Disclose Your Information]

6A. [Treatment]

6B. [Payment]

6C. [Healthcare Operations]

6D. [Communication]

6E. [Disclosures by Authorization or Law]

6F. [De-identified & Aggregated Data]

7. [HIPAA Notice of Privacy Practices]

8. [Security Measures]

9. [Data Retention and Destruction]

10. [Your Rights and Choices]

11. [Children’s Privacy]

12. [Cookies and Similar Technologies]

13. [Data Breach Response (Florida)]

14. [Session Recording, Transcription, and AI Tools]

15. [Changes to This Policy]

16. [Acknowledgment and Consent]

17. [Contact Information]

1. Introduction

Welcome to MindRefined LLC (“MindRefined,” “we,” “us,” or “our”). We provide telehealth and in-person mental health services throughout Florida. We recognize the highly sensitive nature of mental health care and the paramount importance of privacy and security. This Privacy Policy explains how we collect, use, disclose, and protect your personal and health information, including Protected Health Information (PHI) and electronic PHI (ePHI), in accordance with applicable federal and state laws.

2. Scope of Policy

This Privacy Policy applies to all individuals (“you” or “your”) who interact with MindRefined in Florida, including through:

- Telehealth services (online video consultations and phone sessions)

- In-person visits at our Florida-based offices

- Use of our website, mobile applications, and patient portals

- Phone, SMS, email, and other electronic communications

- Billing and payment processes

- Any other interaction where we handle personal or health information

Important: For detailed information on how we use and disclose health information, please refer to our HIPAA Notice of Privacy Practices below.

3. Definitions

- Protected Health Information (PHI): Individually identifiable health information protected under HIPAA.

- ePHI: Electronic PHI.

- Covered Entity: A health plan, health care clearinghouse, or health care provider electronically transmits health information in connection with transactions.

- Business Associate: A third party that performs functions or services for a Covered Entity and requires access to PHI.

- Florida Information Protection Act (FIPA): Florida law governing personal information security and breach notification obligations.

- Two-Party Consent: A Florida requirement that all parties to a conversation consent to its recording.

4. Compliance Framework

MindRefined complies with:

- Health Insurance Portability and Accountability Act (HIPAA)

- Health Information Technology for Economic and Clinical Health Act (HITECH)

- Florida Information Protection Act (FIPA)

- Florida statutes and telehealth regulations

- Other applicable federal and state privacy and security laws

We continuously monitor regulatory updates from the U.S. Department of Health and Human Services (HHS) and Florida authorities and integrate any final requirements into our security policies and procedures.

5. Information We Collect

A. Personal Identification Information

- Full name, date of birth, and other demographic details

- Mailing address, phone number, and email address

- Emergency contact information

- Insurance and payment details (e.g., policy numbers, credit card information)

B. Health Information (PHI/ePHI)

- Medical and mental health history

- Diagnoses, treatment plans, prescriptions, progress notes, and care coordination details

- Telehealth session data (including minimal technical metadata)

- Any other health information required for providing quality mental health care

C. Technical Information

- IP address, device identifiers, and browser type

- Website usage statistics (e.g., pages viewed, session duration)

- Telehealth platform logs (e.g., connection errors, usage data)

- Security logs for network monitoring

D. Financial Information

- Billing addresses

- Payment histories and transaction records (including dates, amounts, and methods)

6. How We Use and Disclose Your Information

We use and disclose your information by HIPAA, Florida law, and other applicable regulations.

A. Treatment

- Coordinate care and manage treatment plans

- Consult with other providers as necessary (with your consent when required)

B. Payment

- Verify insurance coverage and process claims

- Manage billing and payment activities

C. Healthcare Operations

- Quality assessment and improvement

- Workforce training and internal audits

- Scheduling, recordkeeping, and administrative functions

D. Communication

- Appointment reminders via text, call, or email

- Secure messaging for follow-up care and updates

- Telehealth platform notifications and confirmations

E. Disclosures by Authorization or Law

- Business Associates: PHI/ePHI may be shared with service providers (e.g., billing software, telehealth platforms) under Business Associate Agreements (BAAs).

- Legal & Regulatory: Disclosures may occur as required by Florida or federal law (e.g., court orders, subpoenas, mandatory reporting).

F. De-identified & Aggregated Data

- Information stripped of identifiers is used for research, analytics, or quality improvement.

7. HIPAA Notice of Privacy Practices

MindRefined publishes a HIPAA Notice of Privacy Practices (NPP) that details:

- How to access and amend your PHI

- Procedures for requesting restrictions on PHI usage or disclosures

- How to obtain an accounting of disclosures

- Methods for confidential communications

- How to file a privacy complaint

Please contact us using the Contact Information below to obtain a copy of our NPP.

8. Security Measures

We implement administrative, physical, and technical safeguards to protect ePHI and other sensitive data. These include:

Administrative Safeguards:

- Written security policies and procedures

- Workforce training on privacy and security

- Background checks and role-based access controls

Physical Safeguards:

- Secured offices with controlled entry and locked filing systems

- Secure document disposal practices (e.g., shredding)

- Video surveillance and badge-access systems

Technical Safeguards:

- Encryption of data in transit (including telehealth sessions and patient portals) and at rest

- Firewalls, anti-malware, and intrusion detection systems

- Multi-factor authentication where feasible

- Regular vulnerability scans and software updates

- Use of a HIPAA-compliant telehealth platform

9. Data Retention and Destruction

We retain personal and health information only as long as necessary to:

- Provide our services

- Comply with federal and Florida law

- Fulfill legitimate business purposes

After the retention period, data is securely destroyed (e.g., via shredding or cryptographic erasure) in compliance with HIPAA, FIPA, and other applicable statutes.

10. Your Rights and Choices

Under HIPAA and Florida law, you have the right to:

- Access and Correction: Request copies of your PHI and correct inaccuracies.

- Restrictions: Ask for limits on using or disclosing your PHI.

- Confidential Communications: Request alternative means or locations for receiving communications.

- Revoke Consent: Withdraw previously given authorizations where permitted by law.

- File a Complaint: Contact us, the U.S. Department of Health and Human Services (Office for Civil Rights), or the Florida Attorney General if your privacy rights have been violated.

*Florida-specific protections* may apply, offering additional safeguards for mental health, substance use, or other sensitive information. Please contact us if you have questions about telehealth-specific disclosures required by Florida regulations.

11. Children’s Privacy

In compliance with Florida law, we do not provide services to individuals under 18 without the consent of a parent or legal guardian. When PHI for minors is involved, it may be disclosed to parents or guardians unless otherwise restricted by law or court order.

12. Cookies and Similar Technologies

We use cookies on our website to:

- Analyze usage patterns and improve site performance

- Enhance user navigation and experience

- Collect analytical and performance data (note: we do not collect PHI via cookies)

You may block cookies through your browser settings, though doing so may affect some features of our Site.

13. Data Breach Response (Florida)

In the event of a data breach, MindRefined will:

- Investigate: Promptly investigate any suspected or confirmed breach.

- Notification: Notify affected individuals as soon as possible and within 30 days unless a delay is requested by law enforcement. We will also notify the Florida Attorney General and/or federal OCR if required.

- Mitigation: Take steps to reduce harm, secure our systems, and prevent future breaches.

14. Session Recording, Transcription, and AI Tools

A. Florida Two-Party Consent

Because Florida is a two-party consent state, we only record telehealth or in-person sessions when:

- All parties (therapists and patients) have provided explicit consent and

- Recording is necessary for purposes such as creating accurate clinical notes or for training (with your written permission).

B. Recording and Transcription Process

- Purpose: Session recordings may be used solely for generating accurate clinical notes and enhancing care documentation.

- Duration: Recordings (audio/video) are stored in a secure environment only until final clinical notes or transcripts are produced.

- Destruction: Once finalized, the original recordings are securely deleted unless legally required to be retained.

- Patient Consent: If you do not consent to the session recording, you may opt out, understanding that manual note-taking may be less detailed or could require extended time.

C. Use of AI for Transcription

- HIPAA-Compliant Providers: If AI tools (e.g., automated speech-to-text) are used, they operate via HIPAA-compliant platforms with a Business Associate Agreement (BAA) in place.

- Access Controls & Data Security: Access to recorded sessions and transcriptions is strictly limited, and all data processed through AI is encrypted. AI vendors are contractually obligated not to use your data for any purposes other than transcription.

- Integration: Final transcripts become part of your medical record or are stored according to our data retention policies.

D. Patient Rights

You may request details regarding how your sessions are recorded or transcribed, withdraw consent where allowed by law, or review and correct transcripts that form part of your health record.

15. Changes to This Policy

We reserve the right to update or revise this Privacy Policy as necessary. For any material changes, we will provide at least 30 days’ notice via our website or by email before the revised policy becomes effective. Continued use of our services after notice of such changes constitutes your acceptance of the updated policy.

16. Acknowledgment and Consent

By accessing our telehealth or in-person services in Florida, you confirm that:

- You have read and understood this Privacy Policy.

- You consent to our collection, use, and disclosure of your information as described herein.

- You understand that certain disclosures are required or permitted by Florida and federal law.

- If you do not agree with any part of this policy, you must discontinue using our services.

17. Contact Information

If you have any questions or concerns about this Privacy Policy, or if you wish to exercise your rights (such as accessing, correcting, or deleting your information), please contact:

MindRefined Privacy Office

Email: [office@mindrefined.us](mailto:office@mindrefined.us)

Phone: 305-290-2175

Address:

14649 SW 42nd St

Miami, FL 33175

Office Hours: - Sat-Mon: Appointment Only - Tue - Fri: Closed

For emergencies, please note that MindRefined’s telehealth services are not intended for emergencies. If you are experiencing a mental health emergency or require immediate medical attention, please call 911 or visit your nearest emergency room.

If you are experiencing emotional distress, the following free and confidential resources are available 24/7:

- Suicide Prevention Lifeline: 305-290-2175

- Crisis Text Line: Text HOME to 305-290-2175

Additionally, you have the right to file a complaint with the U.S. Department of Health and Human Services (Office for Civil Rights) or with the Florida Attorney General if you believe your privacy rights have been violated.