This Privacy Policy explains how Sharma Psychology PLLC (“we,” “us,” or “our”) collects, uses, and protects information submitted through our website. We are committed to protecting your privacy and complying with the Health Insurance Portability and Accountability Act (HIPAA) and all applicable federal and state privacy laws.

1. Who We Are

We are a licensed mental health and therapy practice offering both in-person and telehealth services. Dr. Sharma serves as the Privacy Officer for this practice and is responsible for ensuring compliance with all applicable privacy laws.

Privacy Officer Contact:

• Name: Dr. Sharma
• Role: Privacy Officer
• Contact: [email protected]
• Phone: +1 (312) 355-1212

2. What Information We Collect

Our website collects limited information to allow you to contact us and submit intake forms. We do not store any patient health information directly on our website servers.

Information Collected Through Contact Forms

• Your name
• Email address
• Phone number
• The nature of your inquiry

Information Collected Through Intake Forms

All patient intake forms on our website are provided and managed by IntakeQ, a HIPAA-compliant third-party platform. When you complete an intake form, your information is submitted directly and securely to IntakeQ’s servers. We have a signed Business Associate Agreement (BAA) with IntakeQ, as required under HIPAA.

Website Usage Information

We use Google Analytics to understand how visitors use our website. Google Analytics collects non-identifiable information such as pages visited, time spent on pages, and general location data. Google Analytics is not active on any page where patient intake forms are displayed.

We use the WP Consent API and a cookie consent tool on our website. Google Analytics will only activate after you provide explicit consent through our cookie banner.

3. How We Use Your Information

We use the information you provide only for the following purposes:

• To respond to your inquiries and contact requests
• To process and manage your patient intake information through IntakeQ
• To schedule and coordinate appointments
• To provide mental health and therapy services, both in-person and via telehealth
• To improve our website and patient experience using anonymized analytics data

We do not sell, rent, or share your personal or health information with any third party for marketing purposes.

4. Protected Health Information (PHI)

As a HIPAA-covered entity, we handle all Protected Health Information (PHI) in accordance with the HIPAA Privacy Rule and Security Rule. PHI includes any information that relates to your health condition, treatment, or payment for healthcare services that can be linked to you as an individual.

All PHI submitted through our intake forms is handled exclusively by IntakeQ. This information is encrypted in transit using TLS 1.2 or higher and stored securely on IntakeQ’s HIPAA-compliant servers.

For a full description of your rights regarding your PHI, please refer to our Notice of Privacy Practices, which is available on our website and upon request at our office.

5. Third-Party Service Providers

We work with the following third-party service providers who may have access to certain information through our website:

IntakeQ

IntakeQ is our HIPAA-compliant patient intake and scheduling platform. A signed Business Associate Agreement is in place. All patient form data is submitted directly to IntakeQ and is not stored on our website. Learn more at intakeq.com.

Google Analytics

We use Google Analytics to analyze general website traffic. Google Analytics is not active on pages containing patient intake forms. Analytics data is only collected after you provide cookie consent. Google Analytics does not have access to any patient health information. Note that Google does not sign a Business Associate Agreement and is used only for general, non-health website analytics.

Website Hosting Provider

This website is hosted by Newfold Digital, Inc. (iPage) with traffic managed through Cloudflare, Inc. Our website does not store patient health information on our hosting servers. All patient intake data is submitted directly to IntakeQ, our HIPAA-compliant intake platform.

6. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. You will be asked for your consent before any non-essential cookies are activated. You may withdraw your consent at any time through the cookie settings on our website.

Types of cookies we use:

• Essential cookies: Required for the website to function. These cannot be disabled.
• Analytics cookies: Used to understand how visitors use our site. Only activated with your consent. Not used on intake form pages.

7. Telehealth Services

Our practice offers telehealth therapy sessions in addition to in-person appointments. Telehealth sessions are conducted through a separate HIPAA-compliant platform. Any information exchanged during telehealth sessions is protected under HIPAA and handled in accordance with this Privacy Policy and our Notice of Privacy Practices.

8. Data Security

We take reasonable and appropriate steps to protect your information from unauthorized access, disclosure, alteration, or destruction. Our security measures include:

• HTTPS encryption on all website pages
• TLS 1.2 or higher for all data transmitted through intake forms
• HIPAA-compliant data handling through IntakeQ
• Cookie consent management to prevent unauthorized tracking
• Regular review of third-party service providers and their compliance status

9. Your Rights

As a patient, you have the following rights regarding your health information under HIPAA:

• The right to access and obtain a copy of your health records
• The right to request corrections to your health records
• The right to request restrictions on how your information is used or disclosed
• The right to receive a list of disclosures of your health information
• The right to request communications through a specific method or location
• The right to file a complaint if you believe your privacy rights have been violated

To exercise any of these rights, please contact Dr. Sharma directly using the contact information provided in Section 1 of this policy.

10. How to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with us directly by contacting Dr. Sharma at the contact information listed in Section 1. You will not be retaliated against for filing a complaint.

You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights:

• Website: hhs.gov/hipaa/filing-a-complaint
• Phone: 1-877-696-6775
• Address: 200 Independence Avenue, S.W., Washington, D.C. 20201

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make changes, we will update the effective date at the top of this page. We encourage you to review this policy periodically.

If we make material changes that affect how we handle your PHI, we will notify you as required under HIPAA.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your information, please contact us:

• Practice Name: Sharma Psychology PLLC
• Privacy Officer: Dr. Sharma
• Email: [email protected]
• Phone: +1 (312) 355-1212
• Address: 1030 W. North Ave.
  Suite 409, Chicago, IL 60642 – Free Parking on site in the Extra Space Storage Garage.