HIPAA NOTIce of privacy policy

Licensed in New York & Connecticut · Telehealth Practice

Effective Date: April 24, 2026

This Privacy Policy explains how Succor Psychotherapy collects, uses, discloses and protects your information. As a HIPAA-covered entity, this practice is bound by federal law to safeguard your Protected Health Information. Please read this document carefully.

1. About This Policy

Succor Psychotherapy LMHC, PLLC (“the Practice” or “the clinician”) is a solo telehealth psychotherapy practice facilitated by a Licensed Mental Health Counselor in the State of New York (License # 009806) and the State of Connecticut (License # 007945). This Privacy Policy describes how the practice handles information about visitors to this website (succortherapy.com) and prospective or current clients who contact the practice or uses its services.

This policy applies to:

  • Information collected through this website

  • Information collected through the contact and intake forms

  • Information collected during free consultations

  • Protected Health Information (PHI) governed by HIPAA

2. HIPAA & Protected Health Information

2.1 The Practice’s Status as a Covered Entity

Succor Psychotherapy LMHC, PLLC is a HIPAA Covered Entity. This means that any Protected Health Information (PHI) you share with the clinician, including information about your health, mental health treatment and payment for services, is protected under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations.

2.2 Notice of Privacy Practices

As a HIPAA Covered Entity, the practice is required to provide you with a separate Notice of Privacy Practices (NPP) before or at the time of your first clinical service. The NPP describes in detail how the clinician may use and disclose your PHI, your rights regarding your PHI and the clinician’s legal duties with respect to it. You will receive the NPP as part of your intake paperwork.

In brief, the practice may use and disclose your PHI for the following purposes without your authorization:

  • Treatment — to provide, coordinate or manage your mental health care

  • Payment — to bill for services and process superbill information

  • Healthcare Operations — for quality assessment, training and practice administration

  • As Required by Law — including mandatory reporting obligations under NY and CT law

2.3 Mandatory Reporting

As a licensed mental health professional, the clinician is required by law to breach confidentiality in limited circumstances, including:

  • Reasonable suspicion of child abuse or maltreatment (New York Social Services Law § 413; Connecticut General Statutes § 17a-101)

  • Reasonable suspicion of elder abuse or abuse of a vulnerable adult

  • Credible imminent threat of harm to an identifiable third party (Tarasoff duty)

  • A court order requiring disclosure

Any such disclosure will be limited to the minimum information necessary and will be documented in your clinical record.

2.4 Your HIPAA Rights

With respect to your PHI, you have the right to:

  • Access and receive a copy of your records

  • Request amendments to your records for accuracy

  • Request restrictions on how your PHI is used or disclosed

  • Request confidential communications

  • Receive an accounting of disclosures

  • File a complaint with the U.S. Department of Health and Human Services

To exercise any of these rights, contact the practice at the information provided in Section 10.

3. Information Collected Through the Website

3.1 Information You Provide Voluntarily

When you contact the practice through the website, including through a contact form, consultation request or email, the practice may collect:

  • Your name

  • Your email address and/or phone number

  • The general reason for your inquiry

  • Any additional information you choose to share

You are never required to share sensitive health information to inquire about services or schedule a consultation. The practice encourages you to keep initial contact messages general.

3.2 Information Collected Automatically

When you visit this website, certain technical information may be collected automatically through cookies and similar technologies, including:

  • IP address and general geographic location (city/region level only)

  • Browser type and version

  • Device type and operating system

  • Pages visited and time spent on each page

  • Referring website or search query

This information is used solely for website analytics, performance monitoring and improving user experience. It is not linked to any individually identifiable health information and is not used for targeted advertising.

3.3 Cookies

This website uses minimal cookies, limited to those necessary for website functionality and anonymized analytics. The practice does not use advertising cookies, tracking pixels or third-party behavioral tracking tools. You may disable cookies in your browser settings without affecting your ability to use this site.

4. How We Use Your Information

The practice uses information collected through the website only for the following purposes:

  • To respond to your inquiries and schedule consultations

  • To assess whether the practice’s services may be appropriate for your needs

  • To send practice-related communications (appointment reminders, superbills, policy updates)

  • To improve website content and user experience

  • To comply with legal and licensing obligations

The practice does not use your contact information for marketing purposes and will never sell, rent or share your information with third parties for their marketing use.

5. Information Sharing & Disclosure

5.1 Business Associates

The practice shares limited PHI with vendors who perform services on its behalf and who have signed a Business Associate Agreement (BAA) as required by HIPAA. These vendors include:

  • SimplePractice — practice management, scheduling and telehealth platform

  • Thrizer — payment processing

  • Other HIPAA-compliant platforms as needed for clinical operations

All Business Associates are contractually required to safeguard your information in accordance with HIPAA standards.

5.2 The Practice Does Not Sell Your Data

The practice does not sell, rent, license or otherwise transfer your personal information or PHI to any third party for commercial purposes. This practice is not supported by advertising and does not participate in data brokerage of any kind.

5.3 Legal Disclosures

The practice may disclose your information where required by law, including in response to a valid court order, subpoena or legal process. The practice will notify you of any such request to the extent permitted by law and will disclose only the minimum information required.

6. Data Security

The practice takes the security of your information seriously and implement the following safeguards:

  • All clinical records and PHI are stored in HIPAA-compliant, encrypted cloud platforms

  • All devices used for clinical work use full-disk encryption and password protection

  • Telehealth sessions are conducted through platforms with end-to-end encryption and BAAs

  • Access to PHI is limited to authorized personnel only (in a solo practice, the clinician)

  • The practice conducts regular security reviews of all platforms and access controls

No data transmission or storage system can be guaranteed to be 100% secure. In the event of a breach affecting your PHI, the practice will notify you and relevant authorities as required by the HIPAA Breach Notification Rule.

7. Telehealth-Specific Privacy Considerations

All clinical services are delivered via HIPAA-compliant telehealth platforms. By engaging in telehealth sessions, you acknowledge:

  • Sessions are conducted over encrypted video or phone connections

  • You are responsible for ensuring your own physical environment is private during sessions

  • You should not participate in sessions from a location where others may overhear without your consent

  • Recording of sessions by either party is strictly prohibited

The practice does not record sessions.

8. Minors

This practice does not provide services to individuals under the age of 18. This website is not directed at minors and the practice does not knowingly collect information from anyone under 18. If you believe the clinician may have inadvertently collected information from a minor, please contact the practice immediately and the clinician will delete it promptly.

9. Data Retention

The practice retains client records for a minimum of seven (7) years from the date of last service, consistent with New York State requirements and applicable licensing board standards. Website inquiry information not associated with an active clinical relationship is retained for no longer than 12 months.

You may request deletion of non-clinical contact information at any time. Clinical records subject to HIPAA may not be deleted during the required retention period but may be restricted per your rights described in Section 2.4.

10. Contact & Complaints

If you have questions about this Privacy Policy, wish to exercise your rights under HIPAA or believe your privacy has been violated, please contact the practice:

Practice

Succor Psychotherapy LMHC, PLLC

Privacy Contact

contact@succortherapy.com

Phone

(718) 404-9853

You also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/ocror with the New York or Connecticut state licensing authorities. The practice will not retaliate against you for filing a complaint.

11. Changes to This Policy

The practice may update this Privacy Policy from time to time to reflect changes in law, technology or its practices. The effective date at the top of this document will be updated accordingly. The practice will notify active clients of material changes via email or through the practice management platform. Continued use of this website following notice of changes constitutes acceptance of the updated policy.

PRIVACY QUESTIONS?