Privacy Policy

1. Introduction

Steel City Therapy ("we," "our," or "us") operates a therapeutic practice located in Bethel Park, Pennsylvania. We provide mental health counseling and therapy services to individuals, couples, and families. This Privacy Policy applies to all patients, website visitors, and individuals who interact with our services.

We comply with applicable federal and state laws regarding the privacy and security of personal and health information, including the Health Insurance Portability and Accountability Act (HIPAA) and the Pennsylvania Mental Health Procedures Act.

2. Information We Collect

2.1 Personal Information

We collect personal information that you provide directly to us, including:

• Full name and preferred name
• Date of birth
• Contact information (address, phone number, email address)
• Emergency contact information
• Social Security number (for billing and insurance purposes)
• Demographic information

2.2 Health-Related Information

As a healthcare provider, we collect sensitive health information necessary for your treatment, including:

• Medical history and current health conditions
• Mental health history and diagnoses
• Treatment records and session notes
• Medication information
• Psychological assessments and evaluations
• Progress reports and treatment plans

2.3 Billing and Payment Information

We collect financial information for billing purposes, including:

• Credit card and payment information
• Insurance policy numbers and coverage details
• Billing records and payment history
• Claims and reimbursement documentation

2.4 Website and Cookie Information

When you visit our website, we may automatically collect certain information, including:

• Browser type and version
• Operating system
• IP address
• Pages visited and time spent on pages
• Referring website addresses
• Device information

3. How We Use Your Information

We use the information we collect for the following purposes:

• Treatment: To provide, manage, and coordinate your mental health care and therapy services
• Communication: To communicate with you about appointments, treatment, and services
• Billing: To process payments, submit insurance claims, and manage billing
• Operations: To conduct quality assessments and improve our services
• Compliance: To comply with legal and regulatory requirements
• Website Improvement: To analyze website usage and improve user experience

4. Who Has Access to Your Data

Access to your personal and health information is strictly limited to authorized personnel who need the information to perform their job duties.

4.1 Internal Access

The following individuals may have access to your information:

• Licensed therapists and counselors involved in your care
• Clinical supervisors and consultants
• Administrative staff for scheduling and billing purposes
• IT personnel for system maintenance and security

4.2 Access Controls

We implement appropriate administrative, technical, and physical safeguards to protect your information, including:

• Role-based access controls limiting information access to minimum necessary
• Secure authentication requirements for electronic systems
• Physical security measures for paper records
• Regular training on privacy and confidentiality for all staff

5. Third-Party Sharing

We may share your information with third parties in the following circumstances:

5.1 Payment Processors

We share necessary billing information with payment processing companies to process your payments. These entities are contractually obligated to protect your information.

5.2 Insurance Companies

If you use insurance to pay for services, we may share relevant information with your insurance company to process claims and verify coverage. This typically includes diagnosis codes, treatment dates, and service descriptions.

5.3 Legal Requirements

We may disclose your information when required by law, including:

• Court orders or subpoenas
• Reports of suspected child abuse or neglect
• Reports of suspected elder abuse
• Threats of harm to self or others
• Health and safety investigations

5.4 Business Associates

We may share information with business associates who perform services on our behalf, such as electronic health record providers, billing services, and IT support. These associates are bound by confidentiality agreements.

5.5 Your Authorization

We may share your information with other parties when you provide written authorization, such as when you request records be sent to another healthcare provider.

6. Data Security

We implement comprehensive security measures to protect your personal and health information:

• Encryption: All electronic data is encrypted in transit and at rest using industry-standard encryption protocols
• Secure Storage: Electronic records are stored in secure, HIPAA-compliant systems with regular backups
• Physical Security: Paper records are stored in locked cabinets within secured facilities
• Access Controls: Multi-factor authentication and role-based access limit who can view your information
• Regular Audits: We conduct regular security audits and risk assessments
• Staff Training: All staff receive regular training on data security and privacy practices

Despite our security measures, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your personal and health information in accordance with applicable laws and professional standards:

• Treatment records are retained for a minimum of seven years after your last date of service
• Records for minors are retained until the individual reaches the age of majority plus seven years, or as required by state law
• Billing records are retained for a minimum of seven years
• Insurance documentation is retained per contractual and regulatory requirements

When retention periods expire, we securely destroy or anonymize records in accordance with applicable laws.

8. Your Rights

You have certain rights regarding your personal and health information:

8.1 Right to Access

You have the right to request access to your treatment records and receive copies. We will respond to your request within 30 days.

8.2 Right to Amend

You have the right to request amendments to your records if you believe the information is inaccurate or incomplete. We will review your request and respond within 60 days.

8.3 Right to Request Restrictions

You have the right to request restrictions on certain uses and disclosures of your information. We are not required to agree to all requests but will consider each request.

8.4 Right to Confidential Communications

You have the right to request that we communicate with you in a specific manner or at a specific location to protect your privacy.

8.5 Right to an Accounting of Disclosures

You have the right to request a list of certain disclosures of your information made by us.

8.6 Right to a Copy of This Notice

You have the right to receive a paper copy of this Privacy Policy upon request.

9. How to Request Data Deletion

If you wish to request deletion of your personal information, please note the following:

• Submit a Written Request: Send a written request to our Privacy Officer at the address below or email support@steelcity-therapy.com
• Include Required Information: Your full name, date of birth, contact information, and specific data you want deleted
• Verification: We will verify your identity before processing your request
• Response Time: We will respond to your request within 30 days
• Limitations: Certain records, such as treatment records, may be legally required to be retained for specified periods and cannot be deleted before those requirements are met

Please contact us if you have questions about data deletion requests.

10. Cookie Usage

Our website uses cookies and similar tracking technologies to enhance your browsing experience. Cookies are small text files stored on your device when you visit our website.

10.1 Types of Cookies We Use

• Essential Cookies: Required for basic website functionality, such as page navigation and access to secure areas
• Analytics Cookies: Help us understand how visitors interact with our website so we can improve the user experience
• Preference Cookies: Remember your preferences and settings for a personalized experience

10.2 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to:

• View existing cookies and delete them individually
• Block third-party cookies
• Block cookies from specific websites
• Block all cookies

Please note that blocking cookies may affect the functionality of our website.

10.3 Cookie Consent

When you first visit our website, you will be presented with a cookie consent banner. You can choose to accept or decline non-essential cookies. Your preference will be stored for future visits.

11. Contact Information for Privacy Concerns

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

If you believe your privacy rights have been violated, you may file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights or with the Pennsylvania Department of Health.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated Privacy Policy on our website with a new "Last Updated" date. We encourage you to review this Privacy Policy periodically.

Material changes to our privacy practices will be communicated to you through our website, email, or other appropriate means.