PRIVACY POLICY
Wholeness Within Counseling
Last Updated: Nov 6th, 2025
---
INTRODUCTION
Welcome to Wholeness Within Counseling. This Privacy Policy explains how we collect, use, protect, and share your personal information when you use our services, visit our website, or communicate with us. We are committed to protecting your privacy and maintaining the confidentiality of your information in accordance with applicable laws, including the Health Insurance Portability and Accountability Act (HIPAA) and Alabama state regulations.
By using our services or website, you acknowledge that you have read and understood this Privacy Policy.
---
CONTACT INFORMATION
Practice Name: Wholeness Within Counseling
Therapist: Missy Beaird, LPC-S (Licensed Professional Counselor Supervisor)
Address: 1025 Montgomery Highway, Suite 214, Vestavia Hills, Alabama 35216
Phone: (205) 370-4191
Email: missy@wholenesswithincounseling.com
Service Area: Alabama, surrounding Birmingham area
Privacy Officer: Missy Beaird, LPC-S
For privacy-related questions or requests, please contact us using the information above.
---
1. INFORMATION WE COLLECT
We collect various types of information to provide you with quality mental health services:
Personal Identification Information:
- Full name
- Date of birth
- Contact information (email address, phone number, mailing address)
- Emergency contact information
Health and Clinical Information:
- Mental health history and symptoms
- Treatment goals and progress notes
- Family history relevant to treatment
- Current medications and medical conditions
- Information about chronic illnesses (including autoimmune conditions, thyroid disorders, arthritis)
- Substance use history
- Previous therapy experiences
- Assessment and diagnostic information
Financial and Insurance Information:
- Payment information (credit card details, billing address)
- Insurance information (if applicable)
- Sliding scale fee arrangements
Technical and Website Information:
- IP address
- Browser type and version
- Device information
- Pages visited on our website
- Time and date of visits
- Referring website addresses
- Cookie data and analytics information
Communication Records:
- Email correspondence
- Phone call records
- Text messages (if applicable)
- Video call session data (for telehealth services)
---
2. HOW WE COLLECT INFORMATION
We collect information through the following methods:
Direct Collection:
- Intake forms and questionnaires completed during your initial consultation
- Information you provide during in-person or virtual therapy sessions
- Phone calls and email communications
- Contact forms submitted through our website
- Video conferencing platforms used for telehealth sessions
Automated Collection:
- Cookies and similar tracking technologies on our website
- Analytics tools that track website usage and performance
- Accessibility tools (see Section 14 for details about UserWay)
Third-Party Sources:
- Electronic Health Record (EHR) system: SimplePractice
- Healthcare providers (with your written authorization)
- Insurance companies (if you use insurance for payment)
---
3. WHY WE COLLECT AND USE YOUR INFORMATION
We collect and use your information for the following purposes:
Treatment and Care:
- Providing mental health counseling and therapy services
- Developing and implementing treatment plans
- Monitoring your progress and adjusting interventions
- Conducting clinical assessments
- Providing crisis intervention when necessary
- Offering clinical supervision services
Administrative Operations:
- Scheduling and managing appointments
- Processing payments and billing
- Maintaining accurate clinical records
- Managing our practice operations
- Responding to your inquiries and requests
Communication:
- Sending appointment reminders
- Following up on missed appointments
- Providing information about our services
- Sending occasional newsletters or updates (with your consent)
- Responding to feedback or complaints
Legal and Compliance:
- Complying with state and federal laws
- Responding to legal requests and court orders
- Protecting against fraud and unauthorized access
- Maintaining professional licensing requirements
- Fulfilling mandatory reporting obligations (such as risk of harm)
Website Improvement:
- Analyzing website traffic and user behavior
- Improving website functionality and user experience
- Troubleshooting technical issues
- Ensuring website accessibility
---
4. HOW WE PROTECT YOUR INFORMATION
We take the security of your information seriously and implement multiple safeguards:
Technical Security Measures:
- Encryption of sensitive data both in transit and at rest
- Secure, password-protected Electronic Health Record system (SimplePractice)
- Secure email communications when discussing sensitive information
- Firewalls and anti-virus software
- Regular security updates and patches
- Secure video conferencing platforms for telehealth sessions
- Two-factor authentication where available
- Regular data backups stored securely offsite
Physical Security Measures:
- Locked filing cabinets for paper records
- Restricted access to office space
- Secure disposal of documents (shredding)
- Controlled access to physical files
Administrative Security Measures:
- Staff training on HIPAA compliance and confidentiality
- Clear policies and procedures for handling sensitive information
- Regular review and updates of security practices
- Business Associate Agreements with all third-party vendors
- Limited access to your information on a need-to-know basis
---
5. WHO WE SHARE YOUR INFORMATION WITH
We may share your information in the following circumstances:
With Your Written Authorization:
- Other healthcare providers involved in your care
- Family members or others you designate
- Insurance companies for billing purposes
- Legal representatives
- Any other party you specifically authorize
Third-Party Service Providers:
We work with trusted third-party vendors who assist us in operating our practice. These vendors are required to protect your information and use it only for the purposes we specify:
- SimplePractice (Electronic Health Record system and practice management)
- Payment processors for billing and credit card transactions
- IT service providers for technical support and data security
- Cloud storage providers for secure data backup
- Video conferencing platforms for telehealth sessions (virtual appointments)
- UserWay (website accessibility services - see Section 14)
- Website hosting providers
- Email service providers
- Analytics providers (Google Analytics or similar)
Without Your Authorization (As Required or Permitted by Law):
- When there is a serious threat to your health or safety, or the health or safety of another person
- To report suspected child abuse, elder abuse, or abuse of vulnerable adults
- When required by court order or legal process
- To comply with workers' compensation laws
- For health oversight activities (such as audits by licensing boards)
- For law enforcement purposes in specific situations
- To coroners, medical examiners, or funeral directors as necessary
- For national security or intelligence activities
- To correctional institutions if you are an inmate
We will never sell your personal information to third parties for marketing purposes.
---
6. DATA RETENTION POLICY
We retain your information in accordance with professional standards and legal requirements:
Clinical Records:
- Active client records are maintained throughout the duration of our therapeutic relationship
- After termination of services, clinical records are retained for a minimum of 7 years from the date of the last service, or until you reach age 25 (whichever is longer), in compliance with Alabama state law and professional standards
- In some cases, records may be retained longer if required by law or for legal proceedings
Financial Records:
- Billing and payment records are retained for 7 years for tax and accounting purposes
Email and Communication Records:
- General correspondence is retained for the duration of the therapeutic relationship and may be retained for up to 3 years after termination
Website and Analytics Data:
- Website usage data and cookies are typically retained for 24-26 months
- Contact form submissions are retained as part of your client record
Deletion Protocol:
After the required retention period, records are securely destroyed:
- Paper records are shredded
- Electronic records are permanently deleted using secure deletion methods
- Backup copies are removed from all storage systems
You may request early deletion of your records; however, we may be required to retain certain information to comply with legal obligations.
---
7. YOUR RIGHTS REGARDING YOUR INFORMATION
As a client, you have the following rights:
Right to Access:
- You have the right to inspect and obtain a copy of your health records
- Requests must be made in writing
- We will respond to your request within 30 days
- We may charge a reasonable fee for copying costs
Right to Amend:
- You may request corrections to your health information if you believe it is incorrect or incomplete
- Requests must be made in writing with an explanation of the requested change
- We may deny your request if we determine the information is accurate and complete, but we will explain our decision
Right to Request Restrictions:
- You may request limitations on how we use or disclose your information
- We are not required to agree to all restrictions, but we will consider each request
- If we agree to a restriction, we will honor it unless the information is needed for emergency treatment
Right to Confidential Communications:
- You may request that we communicate with you in a specific way (e.g., only by phone or email) or at a specific location
- We will accommodate reasonable requests
Right to an Accounting of Disclosures:
- You may request a list of certain disclosures we have made of your information
- This does not include disclosures made for treatment, payment, or healthcare operations, or disclosures made with your authorization
Right to Receive Notification of a Breach:
- You have the right to be notified if your unsecured health information is breached
Right to Revoke Authorization:
- You may revoke any authorization you have given us in writing at any time
- The revocation will not affect any uses or disclosures we made in reliance on your authorization before it was revoked
Right to Obtain a Copy of This Policy:
- You may request a paper copy of this Privacy Policy at any time
Exceptions to Your Rights:
In certain circumstances, we may be unable to fulfill your requests, including:
- When records are involved in litigation or legal proceedings
- When information was obtained from someone else under a promise of confidentiality
- When disclosure could endanger you or another person
- When information was compiled in anticipation of legal action
- When required by law to maintain records for a specified period
To Exercise Your Rights:
Please contact us in writing at the address or email listed above. We will respond to your request within 30 days and provide an explanation if we are unable to fulfill your request.
---
8. NOTICE OF PRIVACY PRACTICES (HIPAA)
This section provides specific information required under the Health Insurance Portability and Accountability Act (HIPAA) regarding Protected Health Information (PHI).
What is Protected Health Information (PHI)?
PHI includes any information about your health status, provision of healthcare, or payment for healthcare that can be linked to you. This includes information in your medical record, conversations about your care, billing information, and most other health information.
How We May Use and Disclose PHI:
For Treatment:
We may use your PHI to provide, coordinate, or manage your mental health treatment. For example, we may discuss your symptoms and treatment plan during therapy sessions or consult with other healthcare providers involved in your care (with your authorization).
For Payment:
We may use and disclose your PHI to bill and collect payment for services. This may include submitting claims to insurance companies, verifying coverage, and collecting payment.
For Healthcare Operations:
We may use your PHI for activities such as quality improvement, staff training, business planning, and compliance activities.
Your Authorization:
For uses and disclosures beyond treatment, payment, and healthcare operations, we will obtain your written authorization. You may revoke your authorization in writing at any time.
Psychotherapy Notes:
We maintain psychotherapy notes (personal observations and analysis separate from your medical record) that receive special protection. We will not disclose psychotherapy notes without your specific written authorization, except in very limited circumstances required by law.
---
9. DATA BREACH NOTIFICATION PROCEDURE
Despite our best efforts to protect your information, no security system is completely impenetrable. In the event of a data breach:
Our Response:
- We will conduct an immediate investigation to determine the scope and cause of the breach
- We will take steps to contain the breach and prevent further unauthorized access
- We will assess the risk of harm to affected individuals
- We will report the breach to appropriate authorities as required by law
Your Notification:
If we determine that your information has been compromised and there is a risk of harm, we will:
- Notify you without unreasonable delay, but no later than 60 days after discovery of the breach
- Provide notification by mail to your last known address, or by email if you have agreed to electronic communication
- Include information about what happened, what information was involved, steps we are taking, and steps you can take to protect yourself
- Offer credit monitoring services if financial information was compromised
What You Should Do:
If you receive a breach notification from us:
- Review the information carefully to understand what data was affected
- Follow any recommended steps to protect yourself
- Monitor your financial accounts and credit reports
- Contact us with any questions or concerns
- Consider placing a fraud alert on your credit file
---
10. COOKIES AND TRACKING TECHNOLOGIES
Our website uses cookies and similar tracking technologies to improve your experience and analyze website performance.
What Are Cookies?
Cookies are small text files stored on your device when you visit our website. They help us remember your preferences and understand how you use our site.
Types of Cookies We Use:
Essential Cookies:
- Required for basic website functionality
- Enable you to navigate the site and use features
- Cannot be disabled without affecting site performance
Analytics Cookies:
- Help us understand how visitors interact with our website
- Collect anonymous information about pages visited, time spent on site, and navigation patterns
- We use this data to improve website design and content
- We may use Google Analytics or similar services
Accessibility Cookies:
- Support website accessibility features through UserWay (see Section 14)
- Remember your accessibility preferences
Third-Party Cookies:
We do not currently use advertising or marketing cookies. We do not sell your data to third parties for advertising purposes.
Managing Cookies:
You can control cookies through your browser settings:
- Most browsers allow you to refuse cookies or delete existing cookies
- Consult your browser's "Help" section for instructions
- Note that disabling cookies may affect website functionality
- You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on
Do Not Track Signals:
Some browsers have "Do Not Track" features. Our website does not currently respond to Do Not Track signals, but we do not engage in behavioral tracking for advertising purposes.
---
11. WEBSITE ACCESSIBILITY AND USERWAY
We are committed to making our website accessible to all individuals, including those with disabilities. To support this commitment, we use UserWay, an accessibility software application.
What is UserWay?
UserWay is a web accessibility tool that provides various features to help individuals with disabilities access and navigate our website more easily.
Information Collected by UserWay:
UserWay may collect the following information to provide accessibility services:
- Technical information about your device and browser
- Your accessibility preferences and settings
- Usage data related to accessibility features
- Information about how you interact with accessibility tools
How UserWay Uses Information:
- To provide and improve accessibility features on our website
- To remember your accessibility preferences for future visits
- To analyze accessibility feature usage and effectiveness
- To ensure compliance with accessibility standards (WCAG 2.1)
UserWay Features May Include:
- Screen reader compatibility
- Keyboard navigation enhancements
- Text size and spacing adjustments
- Color contrast modifications
- Content highlighting and visual aids
- Cursor and tooltip customization
UserWay's Privacy Practices:
UserWay operates as a third-party service provider and has its own privacy policy governing the data it collects. We encourage you to review UserWay's privacy policy at https://userway.org/privacy/ for detailed information about their data practices.
Your Control Over UserWay:
- You can access UserWay features through the accessibility icon on our website
- You can customize or disable accessibility features at any time
- Your accessibility preferences are stored locally or through cookies
- You can clear these preferences by clearing your browser cookies
---
12. TELEHEALTH SERVICES
We offer virtual therapy sessions through secure video conferencing platforms as part of our hybrid service model.
Telehealth Privacy Considerations:
- We use HIPAA-compliant video conferencing platforms
- Video sessions are not recorded unless you provide explicit written consent
- You are responsible for ensuring you are in a private location during sessions
- We recommend using a secure internet connection (avoid public WiFi)
- Technical issues may occasionally interrupt sessions; we will reschedule if needed
Telehealth Data Collection:
During virtual sessions, the following information may be collected:
- Connection data (IP address, device type)
- Session duration and time
- Video and audio data (transmitted in real-time, not typically stored)
- Any chat messages or file sharing during sessions
Third-Party Platform Providers:
Our video conferencing platform provider(s) have Business Associate Agreements in place and are required to protect your information in accordance with HIPAA. They may collect technical data to provide and improve their services.
Your Responsibilities:
- Ensure you are alone or in a confidential space during sessions
- Use headphones if others are nearby
- Confirm your identity at the beginning of each session
- Inform us immediately if someone unauthorized enters your space
- Use a secure, password-protected device
---
13. MINORS AND PARENTAL RIGHTS
Our practice primarily serves adult women (age 40+). However, the following applies if we provide services to individuals under 18:
Parental Access:
- Parents or legal guardians generally have the right to access their minor child's health information
- In certain circumstances, Alabama law may limit parental access if disclosure would harm the therapeutic relationship or endanger the minor
- We will discuss parental access and confidentiality boundaries during the initial consultation
Minor's Privacy:
- We strive to maintain appropriate confidentiality with adolescent clients to build trust
- We will explain confidentiality limits to both minors and parents
- Minors will be informed about circumstances in which we may need to share information with parents
---
14. MARKETING COMMUNICATIONS
We may occasionally send you information about our services, helpful resources, or practice updates.
Types of Communications:
- Appointment reminders (essential communication, cannot opt out)
- Practice announcements and policy updates
- Newsletters with mental health tips and resources
- Information about new services or specialties
Your Choices:
- Marketing communications are sent only with your consent
- You may opt out of marketing emails at any time by clicking "unsubscribe" in any marketing email
- You may also contact us directly to update your communication preferences
- Opting out of marketing does not affect appointment reminders or essential communications
---
15. SOCIAL MEDIA
We may maintain a professional presence on social media platforms. Please be aware:
Interactions on Social Media:
- We do not accept friend requests or follows from current or former clients to maintain appropriate boundaries
- "Liking" or following our professional pages may be visible to others
- Comments or messages on social media are not confidential
- Do not share personal health information or urgent matters via social media
- For confidential communications, please use the contact methods listed in this policy
Third-Party Platforms:
Social media platforms have their own privacy policies and data collection practices. We are not responsible for the privacy practices of these platforms.
---
16. LINKS TO OTHER WEBSITES
Our website may contain links to third-party websites, resources, or recommended books and podcasts. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.
---
17. UPDATES TO THIS PRIVACY POLICY
We reserve the right to update this Privacy Policy as needed to reflect changes in our practices, services, or legal requirements.
How We Notify You of Changes:
- We will post the updated policy on our website with a new "Last Updated" date
- For significant changes, we may notify you by email or during your next appointment
- Continued use of our services after changes indicates your acceptance of the updated policy
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
---
18. YOUR CONSENT
By using our services, visiting our website, or providing us with your personal information, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy and in accordance with applicable laws.
If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us:
Missy Beaird, LPC-S
Wholeness Within Counseling
1025 Montgomery Highway, Suite 214
Vestavia Hills, Alabama 35216
Phone: (205) 370-4191
Email: missy@wholenesswithincounseling.com