Privacy Policy

Effective Date: January 1, 2023
Last Updated: December 14, 2025

Our Commitment to Your Privacy

Envisioning Wellness LLC ("we," "us," or "our") is committed to protecting the privacy and security of your personal and health information. This Privacy Policy explains how we collect, use, protect, and share information when you visit our website or use our telehealth mental health services.

This policy applies to:

  • Our website at envisioningwellness.com

  • Our telehealth therapy services

  • Communications between you and our practice

  • All locations where we provide services (Minnesota, Wisconsin, North Dakota, and Washington)

1. Information We Collect

1.1 Information You Provide Directly

Contact Information:

  • Name, address, phone number, email address

  • Emergency contact information

  • Preferred communication methods

Health Information (Protected Health Information - PHI):

  • Medical and mental health history

  • Treatment records and session notes

  • Insurance information

  • Assessment results and diagnoses

  • Treatment plans and progress notes

Financial Information:

  • Insurance policy details

  • Payment history

  • Billing addresses

1.2 Information Collected Automatically

Website Usage Data:

  • IP address and browser type

  • Pages visited and time spent on site

  • Referring website information

  • Device information (computer, tablet, mobile)

  • Location data (general geographic area)

Cookies and Similar Technologies:

  • Session cookies for website functionality

  • Analytics cookies (see Section 4 for details)

  • Preference cookies to remember your settings

1.3 Information from Third Parties

We may receive information from:

  • Healthcare providers (with your authorization)

  • Insurance companies

  • Family members or caregivers (with appropriate consent)

  • Referral sources

2. How We Use Your Information

2.1 Treatment Purposes

  • Providing mental health assessment and therapy services

  • Developing and updating treatment plans

  • Coordinating care with other healthcare providers

  • Communicating with you about appointments and treatment

2.2 Payment Purposes

  • Processing insurance claims

  • Billing for services

  • Collecting payment

  • Verifying insurance coverage and benefits

2.3 Healthcare Operations

  • Quality improvement activities

  • Training and supervision

  • Business planning and development

  • Customer service and complaint resolution

  • Compliance with legal requirements

2.4 Website and Communication

  • Responding to your inquiries

  • Sending appointment reminders (with your consent)

  • Providing information about services

  • Improving website functionality and user experience

3. How We Protect Your Information

3.1 HIPAA Compliance

As a covered entity under the Health Insurance Portability and Accountability Act (HIPAA), we are required to:

  • Maintain the privacy and security of your Protected Health Information (PHI)

  • Provide you with notice of our privacy practices

  • Notify you if a breach affects your unsecured PHI

  • Follow the duties and practices described in this notice

3.2 Security Measures

Physical Safeguards:

  • Locked file cabinets for paper records

  • Restricted access to offices and records areas

  • Secure disposal of documents containing PHI

Technical Safeguards:

  • Encryption for electronic PHI transmission

  • Secure, HIPAA-compliant telehealth platforms

  • Password-protected systems and databases

  • Regular security updates and patches

  • Automatic logoff from inactive sessions

Administrative Safeguards:

  • Staff training on privacy and security

  • Business Associate Agreements with third-party vendors

  • Access controls limiting PHI to authorized personnel

  • Regular risk assessments and audits

3.3 Telehealth Security

For telehealth services, we:

  • Use HIPAA-compliant video conferencing platforms

  • Require secure internet connections

  • Verify patient identity before sessions

  • Conduct sessions in private settings

  • Never record sessions without explicit consent

4. Website Analytics and Cookies

4.1 Google Analytics

We use Google Analytics to understand how visitors use our website. This service collects:

  • Pages visited and time on site

  • General geographic location (city/state level)

  • Browser and device type

  • How you arrived at our site

Google Analytics does NOT collect:

  • Your name or other identifying information

  • Specific address or precise location

  • Health or treatment information

To opt-out of Google Analytics, visit: Google Analytics Opt-out Browser Add-on

4.2 Cookie Management

Essential Cookies: Required for website functionality Analytics Cookies: Help us understand website usage Preference Cookies: Remember your settings and choices

You can control cookies through your browser settings. Disabling cookies may limit some website features but will not affect your ability to receive services.

5. Information Sharing and Disclosure

5.1 With Your Consent

We share your information when you provide written authorization, including:

  • Coordination with other healthcare providers

  • Family involvement in treatment (when authorized)

  • Disability determinations or other specific requests

5.2 Without Your Consent (As Permitted/Required by Law)

Treatment, Payment, and Healthcare Operations:

  • Consulting with other clinicians about your care

  • Processing insurance claims

  • Healthcare oversight activities

Legal Requirements:

  • Court orders or subpoenas (we will attempt to notify you)

  • Reports required by law (see mandatory reporting below)

  • Public health activities

  • Health oversight agency audits or investigations

Safety Situations:

  • When there is imminent danger to you or others

  • Medical emergencies requiring immediate care

  • To prevent a serious threat to health or safety

5.3 Mandatory Reporting

As licensed mental health professionals, we are required to report:

  • Suspected child abuse or neglect

  • Suspected vulnerable adult abuse or neglect

  • Imminent risk of serious harm to self or others

  • Court-ordered disclosures

5.4 Business Associates

We may share PHI with Business Associates who:

  • Provide services on our behalf (billing, IT support, telehealth platforms)

  • Sign agreements to protect your information

  • Are bound by HIPAA requirements

We NEVER sell, rent, or trade your personal or health information.

6. Your Privacy Rights

6.1 Under HIPAA

You have the right to:

Access Your Records:

  • Request copies of your health records

  • Receive records in electronic format if available

  • We may charge reasonable fees for copies

Request Amendments:

  • Ask us to correct information you believe is incorrect

  • We may deny requests but will explain why in writing

Accounting of Disclosures:

  • Receive a list of certain disclosures of your PHI

  • Covers 6 years prior to your request

  • Excludes treatment, payment, and healthcare operations

Request Restrictions:

  • Ask us to limit how we use or share your information

  • We are not required to agree but will honor agreed restrictions

  • You can restrict disclosures to insurance if you pay out-of-pocket in full

Confidential Communications:

  • Request we contact you in specific ways or locations

  • Specify alternative addresses or phone numbers

  • We will accommodate reasonable requests

Paper Copy of This Notice:

  • Receive a paper copy even if you agreed to electronic notice

  • Available at our office or by request

6.2 State-Specific Rights

Minnesota Residents:

  • Additional protections under Minnesota Health Records Act

  • Special protections for mental health records under Minnesota Statutes Chapter 144

Wisconsin Residents:

  • Rights under Wisconsin's healthcare records laws

  • Additional consent requirements for certain mental health disclosures

North Dakota Residents:

  • Protections under North Dakota Century Code regarding health information

Washington Residents:

  • Rights under Washington's Uniform Health Care Information Act

  • Additional protections for mental health treatment records

6.3 Telehealth-Specific Rights

  • Choice of communication platforms (where technically feasible)

  • Information about telehealth security measures

  • Option to decline telehealth and request referrals

  • Notification if telehealth session recording is proposed

7. Information Retention

7.1 Health Records

We retain health records according to state requirements:

  • Minnesota: Adult records for 7 years minimum

  • Wisconsin: Adult records for 5 years minimum

  • North Dakota: Adult records for 7 years minimum

  • Washington: Adult records for 5 years minimum

  • Minor records: Until age 18 plus applicable adult retention period

7.2 Other Information

  • Financial records: 7 years

  • Website analytics: 26 months

  • Email communications: As clinically relevant

7.3 Secure Disposal

When retention periods expire, we:

  • Shred paper documents containing PHI

  • Permanently delete electronic files

  • Ensure complete destruction of all PHI

8. Minors and Parental Rights

8.1 Minors' Privacy Rights

Privacy rights for minors vary by state and situation:

  • Parents generally have access to minor children's records

  • Exceptions exist for certain confidential services

  • Mature minors may have additional privacy rights

  • We follow state-specific laws regarding minor consent and privacy

8.2 Parental Access

Parents/guardians may:

  • Access their minor child's records (with legal exceptions)

  • Authorize disclosure of their child's information

  • Be involved in treatment planning (as clinically appropriate)

8.3 Online Privacy for Children

We comply with the Children's Online Privacy Protection Act (COPPA):

  • Do not knowingly collect information from children under 13 online

  • Require parental consent for online services to minors

  • Provide parents control over their child's information

9. Breach Notification

9.1 Our Obligations

If a breach of unsecured PHI occurs, we will:

  • Notify you within 60 days of discovery

  • Provide details about what happened

  • Describe the information involved

  • Explain steps you can take to protect yourself

  • Outline our response and prevention measures

9.2 Your Rights Following a Breach

You may:

  • Request additional information about the breach

  • File a complaint with our office or HHS

  • Take steps to protect your identity and accounts

  • Receive credit monitoring services (if applicable)

10. Changes to This Privacy Policy

10.1 Updates and Modifications

We may update this Privacy Policy to:

  • Reflect changes in our practices

  • Comply with new laws or regulations

  • Improve clarity and transparency

  • Address new technologies or services

10.2 Notification of Changes

When we make material changes:

  • Post the updated policy on our website

  • Update the "Last Updated" date

  • Provide notice at our office

  • Notify clients via preferred communication method for significant changes

10.3 Your Continued Rights

Changes to this policy do not affect your fundamental privacy rights under HIPAA and state law.

11. How to Exercise Your Rights

11.1 Making Requests

To exercise your privacy rights:

  1. Submit requests in writing when possible

  2. Use our designated request forms (available at our office)

  3. Provide necessary identification

  4. Specify the right you're exercising

11.2 Response Timeline

We will respond to your requests within:

  • Access requests: 30 days (one 30-day extension possible)

  • Amendment requests: 60 days (one 30-day extension possible)

  • Other requests: As required by law

11.3 Denial of Requests

If we deny your request, we will:

  • Provide the denial in writing

  • Explain the reason for denial

  • Inform you of your right to file a complaint

  • Provide complaint procedure information

12. Complaints and Contact Information

12.1 How to File a Complaint

If you believe your privacy rights have been violated:

With Our Practice:

  1. Contact our Privacy Officer

  2. Submit your complaint in writing

  3. We will investigate and respond within 30 days

  4. No retaliation for filing complaints

With Federal Authorities:

  • U.S. Department of Health and Human Services

  • Office for Civil Rights

  • Website: HHS OCR Complaint Portal

  • Phone: 1-877-696-6775

With State Authorities:

  • Minnesota: Department of Health (651-201-5000)

  • Wisconsin: Department of Health Services (608-266-1865)

  • North Dakota: Department of Health (701-328-2372)

  • Washington: Department of Health (360-236-4501)

12.2 Contact Our Privacy Officer

For questions about this policy or your privacy rights:

Privacy Officer
Envisioning Wellness LLC
Dorothee Tshiela, MA, LPCC
3470 Washington Drive, Suite 216
Eagan, MN 55122

Phone: (952) 314-8364
Fax: (952) 213-6042
Secure Communications: Available through client portal

12.3 Effective Dates

  • This Policy Effective: January 1, 2025

  • Last Updated: December 14, 2024

  • Previous Version: September 20, 2022

13. Acknowledgment of Receipt

By using our services or website, you acknowledge:

  • You have been provided access to this Privacy Policy

  • You understand your privacy rights

  • You know how to contact us with questions

  • You can request a paper copy at any time

Additional Resources

Privacy and Security Information:

State Resources:

This Privacy Policy is provided in accordance with HIPAA Privacy Rule (45 CFR Part 160 and Part 164, Subparts A and E) and applicable state laws. Envisioning Wellness LLC reserves the right to use and disclose your health information as permitted by law.