Privacy Policy

Mindful Healing Mental Health Services ("we," "us," or "our") is a telehealth psychiatric practice led by Astrude Charles, PMHNP-BC. We are committed to protecting the privacy and security of your Protected Health Information (PHI) and other personal information.

This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit our website, submit an inquiry, become a patient, or receive psychiatric care through telehealth. It is designed for a mental health practice and should be read together with our Notice of Privacy Practices provided at intake.

PHI is information about your health, mental health treatment, or payment for care that identifies you or could reasonably be used to identify you. Examples include psychiatric evaluations, diagnoses, treatment notes, medication records, insurance information, and communications about your care.

PHI receives heightened protection under the Health Insurance Portability and Accountability Act (HIPAA) and applicable state mental health privacy laws. We treat all clinical information as confidential unless disclosure is permitted or required by law.

Website and inquiry information: name, email, phone number, state of residence, messages you send through our contact form, and technical data such as IP address, browser type, and pages visited.

Clinical and intake information: date of birth, medical and psychiatric history, medications, symptoms, insurance or payment details, emergency contacts, and records created during telehealth visits.

We collect only the information needed to respond to inquiries, determine whether we can provide care, deliver treatment, bill for services, and meet legal obligations.

We use PHI for treatment, payment, and health care operations (TPO) as permitted by HIPAA — for example, to evaluate your needs, provide psychiatric care, coordinate with other providers you authorize, process insurance claims, and manage our practice.

We use website and contact information to respond to inquiries, schedule appointments, send appointment reminders, and improve our website. We do not sell PHI or use clinical information for unrelated marketing.

Clinical records are maintained in secure electronic health record systems designed for health care providers. These systems store visit documentation, treatment plans, prescriptions, billing records, and intake forms.

Access to electronic records is limited to authorized personnel on a need-to-know basis. Systems use encryption, access controls, automatic log-off, and audit trails to help protect PHI.

You may request copies of your records in accordance with HIPAA and applicable state law. Requests should be submitted in writing to our Privacy Officer.

When we use vendors that create, receive, maintain, or transmit PHI on our behalf, we require a signed Business Associate Agreement (BAA) as required by HIPAA. BAAs contractually obligate those vendors to safeguard PHI and use it only for authorized purposes.

Examples of services that may involve business associates include practice management and electronic health record platforms, HIPAA-compliant telehealth video services, payment processors handling health information, and secure email or messaging tools used for clinical communication.

We do not allow vendors with access to PHI to use or disclose that information for their own marketing or unrelated purposes.

Psychiatric care is provided by secure video telehealth for patients located in NY, CA, FL at the time of each visit. Audio, video, and clinical data transmitted during sessions are handled through platforms selected for health care use.

You are responsible for participating from a private location and using a secure internet connection. You should not record sessions without written consent from the practice and applicable parties.

With your written authorization, except where HIPAA permits disclosure without authorization.

For treatment, payment, and health care operations, including coordination with therapists or other providers you designate.

As required by law, such as mandatory reporting of child abuse, elder abuse, or when a patient poses a serious and imminent threat of harm to self or others.

To health oversight agencies, law enforcement, or courts when required by valid legal process.

We will not disclose psychotherapy notes (where maintained separately) without your authorization except in limited circumstances permitted by law.

Right to access and obtain a copy of your PHI, subject to limited exceptions.

Right to request amendment of PHI you believe is inaccurate or incomplete.

Right to an accounting of certain disclosures of PHI.

Right to request restrictions on uses or disclosures (we are not required to agree in all cases).

Right to request confidential communications by alternative means or at alternative locations.

Right to receive a paper or electronic copy of our Notice of Privacy Practices.

Right to file a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your privacy rights have been violated. We will not retaliate against you for filing a complaint.

We maintain administrative, physical, and technical safeguards designed to protect PHI, including workforce training, role-based access, encryption where appropriate, secure disposal of records, and policies addressing breach response.

No method of transmission or storage is completely secure. If you believe your information has been compromised, contact us immediately.

If a breach of unsecured PHI occurs, we will notify affected individuals as required by HIPAA and applicable state law, including information about what happened, what information was involved, and steps you can take to protect yourself.

We treat adolescents ages 12 and older in licensed states. State and federal laws govern when parents or guardians may access a minor's mental health records. We will explain applicable rights during intake for minor patients.

Our website may use cookies and similar technologies for essential functionality and to understand how visitors use the site. These tools are not used to collect PHI from clinical systems.

You can manage cookie preferences through your browser. Disabling cookies may affect some website features.

Medical and mental health records are retained for the period required by HIPAA, New York law, and other applicable state requirements — generally at least six years from the date of last service for adults, and longer where required for minors.

Non-clinical website inquiry data may be deleted sooner upon request where no ongoing care relationship exists.

We may update this Privacy Policy when our practices or legal requirements change. Material updates will be posted on this page with a revised date. For active patients, significant changes may also be communicated directly when appropriate.

Privacy Officer: Mindful Healing Mental Health Services

Address: 418 Broadway, Ste R, Albany, NY 12207

Email: info@mindfulhealingmentalservices.com

Phone: +1 (347) 506-3881

To exercise HIPAA rights or ask questions about this policy, contact our Privacy Officer using the information above.