Our proprietary technology platform uses advanced data-driven tools to personalize your care, and to enhance evidence of care, care continuity, outcomes metrics and data-based learnings. We provide mental health professionals with insights and capabilities to drive improved and measurable clinical outcomes for patients receiving virtual therapeutic services on our platform. You can access our platform through our mobile application available in the app stores. Our APP is called SMnBH.
When you enroll, inquire about enrolling for or use of our services (as defined below), we keep a record of medical information that you provide to us or your therapist as well as any medical information that SMnBH employees or independently contracted therapists provide to you via our platform (such as information on and related to your diagnosis). Medical information means any information that:
- identifies you; and
- relates to your past, present, or future physical or mental health, treatment, the provision of health care services or payment for treatment.
This Policy explains our practices where we process “personal data”, which is information that relates to an identified or identifiable individual. To “process” or “processing” means the use of personal data including, collecting, recording, storing, using, analyzing, combining, transferring, disclosing, or deleting.
- What is included in this Policy?
- Personal Data We Process & How We Use It
- Using the SMnBH App
- Advanced Data Processing
- What choices do you have about how we collect or use your information?
- Your California Privacy Rights
- EU/EEA/UK Privacy Rights
- The SMnBH APP and Minors
- Other Mobile Applications and Services
- Applying for a Job
- How to Contact Us
- Additional Information for EU and UK users
What is included in this Policy?
The information on this page applies to the personal data we collect about your interactions, use, and experience with our website at SMnBH , Android and iOS app in connection with the online therapy services we provide (the Website, App and our online therapy services are together, the “Services”). As noted below, our data practices depend on how you interact with our Services, and how you receive and pay for Services, for example whether purchasing Services as a consumer or receiving them through an employment-related benefit.
This Policy does not apply to any other websites that you visit before our Website or any third-party sites that may be accessible through the SMnBH APP Services. Please read this Policy carefully so that you understand your rights in relation to personal data, and how we will process that personal data. This Policy supplements our Notice of Privacy Practices (for US patients) any other privacy related disclosures we may provide from time to time (including during your enrollment or management of your account with The SMnBH APP) and is not intended to override them.
If you do not want us to share personal data or feel uncomfortable with the ways we use information in order to deliver our Services, please do not use the Services.
Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED BY SMnBH AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW THIS DOCUMENT CAREFULLY.
SMnBH keeps a record of medical information that you provide to us and medical information related to the health care services we provide to you. Medical information means any information that identifies you and relates to your past, present, or future physical or mental health, treatment, or payment for treatment. Medical information includes your medical history, diagnoses, treatments, current medical condition, and use of prescription medications.
Most SMnBH patients receive therapeutic services from our network of independently contracted licensed therapists (“Providers”), in which case SMnBH acts as a Business Associate under HIPAA, by providing platform and other services on behalf of a Provider, pursuant to a written agreement called a Business Associate Agreement. Some SMnBH patients receive therapeutic services directly from a SMnBH employee, in which case SMnBH acts in the role of a Covered Entity, under HIPAA. This Notice of Privacy Practices outlines our responsibilities, and your rights and options, when we are acting in either capacity.
If you have any questions about this Notice, please contact our Chief Privacy Officer using the contact information listed below.
We are required by law to:
- Maintain the privacy and security of your medical information
- Assure that you are notified if a breach occurs that may have compromised the privacy or security of your medical information
- Follow the duties and practices described in this Notice and provide you with a copy
- SMnBH will not sell your any information.
Our Uses and Disclosures
Pursuant to HIPAA, SMnBH typically uses or shares your medical information for the following purposes, without your written authorization:
- Treatment: We use your information to provide you with mental health and related medical services, which you receive from SMnBH directly or from one of our contracted Providers. For example, we may disclose your medical information to therapists and other persons who need the information to provide care to you.
- Health Care Operations: We use and share your medical information to run our organization and contact you or your designated and approved contacts when necessary. These uses and disclosures help us operate the SMnBH platform and improve patient care. For example, we may use your medical information to review provider performance, comply with laws and regulations, or analyze information to create new models of treatment, so that we can continuously improve the delivery of health care services to you.
Bill for services: We can use and share your medical information to bill and get payment for services, from you, or from health plans. For example, we can use and share your payment information with payment processors or use and share your medical information to bill and get payment from your insurer.
We may share your medical information in other ways as permitted by HIPAA. For example, we may also use and disclose your medical information without your written authorization as follows:
- Business Associates. As a Covered Entity or when acting as a Business Associate, SMnBH also contracts with third parties to perform certain services for us, such as information technology or advisory and accounting services. In some cases, these third-party service providers, also called Business Associates, may need to access your medical information to perform the services. Business Associates are required by law and contract to protect your medical information, and to limit use and disclosure to the services provided on our behalf.
- Disclosures to Parents or Legal Guardians. We may release a minor’s medical information to their parents or legal guardians consistent with applicable laws.
- Public Health and Safety. We may share your medical information for certain situations such as reporting adverse reactions to medications; reporting suspected abuse, neglect, or violence; or preventing or reducing a serious threat to anyone’s health or safety.
- Research. We may use your medical information to conduct research and/or disclose it to researchers with your authorization and/or when the research study is reviewed and approved by an Institutional Review Board before the study begins.
- Comply with the Law. We will disclose your medical information when required to do so by applicable law.
- Military and Veterans. If you are a member or veteran of the armed forces, we may disclose your medical information as required by military authorities.
- Health Oversight Activities: We may disclose your medical information to a health oversight agency for activities authorized by law, including audits, investigations, inspections, and licensure.
Legal Activities: We may share your medical information in response to a court or administrative order; a subpoena; a workers’ compensation claim; a law enforcement request; or in connection with special government functions such as military, national security, and presidential protective services. If you are or become an inmate of a correctional institution, we may disclose your medical information to the institution or its agents for your health and the health and safety of others.
Uses and disclosures of medical information that are not discussed by this Notice or required by law will only be made with your written permission. For example, your written authorization will be required for uses and disclosures of psychotherapy notes and uses and disclosures of your protected health information for marketing. SMnBH will not sell your medical information to others.
If you provide us authorization to use or disclose your medical information, you may revoke that authorization in writing at any time by sending a revocation request to the address listed at the end of this Notice. If you revoke your authorization, we will no longer use or disclose your medical information about you for the reasons covered by your written authorization except to the extent that we have already acted in reliance on your authorization.
When it comes to your medical information, you have certain rights. This section explains your rights and some of SMnBH’s responsibilities to help you.
Inspect or get an electronic or paper copy of your medical record.
You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. If you would like, we also can send this information in either paper or electronic form to another person you identify in your request.
For more information, or to request a copy of your information, please send your request to email@example.com.
We will provide a copy, or a summary of your health record designated record set, usually within 30 days of your request. We may charge a reasonable, cost-based fee for the costs of copying, mailing or other supplies and services associated with your request.
We may deny your request to inspect or obtain a copy in certain circumstances (e.g., we may deny access if your provider believes it will be harmful to your health or could cause a threat to others). If this occurs, you may request that the denial be reviewed, if permitted by law. If such a review is agreed upon, another licensed health care professional, chosen by Southern Minnesota Behavioral Health, may review your request and we will comply with the outcome of that review.
Ask Southern Minnesota Behavioral Health to correct your medical record.
You can ask us to correct health information about you that you think is incorrect or incomplete. You can request a correction for as long as the information is kept by us. Your request must be in writing and include a reason for your request.
We may say “no” to your request, if the request is not in writing or is incomplete. We may also deny your request if the information to be corrected was not created by SMnBH, is no longer held by SMnBH, is not part of the information you would be permitted to inspect or copy, or the information is accurate and complete. We will respond to your request within 60 days. If we say “no” to your request, you may submit a statement disagreeing with us, or you may ask that your request for correction and our denial be included anytime we share the information you requested us to change.
To request a correction, contact firstname.lastname@example.org.
Get a copy of this privacy notice.
You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. Southern Minnesota Behavioral Health will provide you with a paper copy promptly.
Choose someone to act for you.
If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
We will make sure the person has this authority and can act for you before we take any action.
File a complaint if you feel your rights are violated.
You can complain if you feel we have violated your rights by contacting us at email@example.com.
You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by:
Sending a letter: 200 Independence Avenue, S.W., Washington, D.C. 20201
We will not retaliate against you for filing a complaint.
Personal Data We Process & How We Use It
This table presents the types of information (whether legally classified as personal data or PHI under HIPAA), the sources, and the uses.
Personal Data Processing
Types of Personal Data
Information you provide when you create an account for yourself (or an authorized account for a minor), are matched to a therapist, or register yourself (or on behalf of a minor) as a patient:
- Name (e.g. your name or the name of your parent/guardian)
- Date of birth
- Phone number
- Gender and the preferred gender of therapist
- Information on why you are accessing our Services including what you are hoping to get from therapy
How We Get It
You provide this when you go through the intake process
What we do with it
- Provide you with the Services
- Use the data to appropriately match you to a therapist
- Provide you with treatment information
- Enroll you in services and administer your account
- Provide you with support
- Process insurance claims, billing, and payment information
- Maintaining the safety and security of our users, our Services, and our business
- Provide announcements and communicate with you, including for marketing purposes
- Provide mandatory reporting to law enforcement or other governmental authorities, for example in instances of abuse, or ascertainable threats of violence to another person (See Notice of Privacy Practices for more information)
- Respond to a valid legal request.
- Process claims or insurance information
- Provide you with and to evaluate, improve and develop the Services
- Conduct therapist oversight
- Control the quality of the Services
- Permissive reporting of abuse; expressed threats of violence towards an ascertainable victim
Use of the Services
Data you provide when you use our therapy service, including:
- Information you disclose in chat data and your chat sharing preferences (transcripts)
- Audio/Video communication
- Documents you share with your therapist via our chat functionality
- Information collected via our symptom tracker and information on your clinical progress
- Information collected via chat, telephone, or email support channels
- Messages that you “star”
- Information on friends you refer
- Information you provide as part of treatment intake including emergency contact details, information on your health and mental health and medical history
- If you use couples therapy, sharing of contact details and some communications will be conducted jointly.
- If you choose to admit another individual to a therapy “room” for a session, their contact information will be collected and used for that purpose.
Through your use of the Services
- To provide you with the Services
- To build, modify, and develop new products, features, and Services.
- To conduct clinical and other academic research, internally and with approved research partners and identify summary trends or insights for use in external communications (where direct identifiers such as name and contact details have been removed, or pursuant to explicit patient authorization). For more information see “Research” below. See Notice of Privacy Practices.
- To address patient concerns or complaints
- To carry out quality assurance and compliance activities
- To provide you with assistance in the event of an emergency
When Website visitors contact us
We collect information when you communicate with us via email. This includes information that you provide when you contact us as well as your email address.
You provide this information to us directly
- To respond and address your communication
- To provide you with the Services
- To improve the Services
- Provide support to users (therapists and patients)
Technical information from software or systems hosting the Services, and from the systems, applications and devices that are used to access the Services, such as:
- Information on the device operating system
- Metrics on system or App feature use
Information on system events and status
Automatically through use of the Services
- Create anonymized and/or aggregated data to improve and deliver our Services
- Comply with legal obligations
- Maintain the security of our infrastructure
- Facilitate the delivery and optimization of Services
- Monitor performance of our data centers and networks, systems and applications
- Provide support to users (therapists and patients)
- Administer our business continuity and disaster recovery plans and policies
- Detect, investigate, and remediate stop fraudulent, harmful, unauthorized, or illegal activity (“fraud and abuse detection”) through automated and manual means
- To provide you with and to evaluate, improve and develop the Services
- To develop new products
Data collected via cookies, pixels and other tracking technologies (such as Google Analytics and Google Ads), such as:
- Internet protocol (IP) addresses
- Device ID
- Browser type
- Internet service provider (ISP)
- Referrer URL
- Geolocation information (derived from IP Address,
- Exit pages, the pages and files viewed on our Website (e.g., HTML pages, graphics, etc.)
- Operating system
- Date/time stamp
Collected automatically when you use the Services
- To provide you with and to evaluate, improve and develop the Services
- To develop new products
- Analyze how our Services are used so we can improve your experience
- Evaluate the success of our marketing campaigns
- Marketing, including tailoring advertising
Using the SMnBH App
The SMnBH App includes third party software development kits (Agora SDK for video call and real time chat messaging.) from a number of other companies whom we engage as service providers, for identifying and logging code issues, errors and events; managing interactive communication within the SMnBH App; compiling analytics on which features get used the most; facilitating customer service contacts regarding subscriptions and service; and processing device identifiers and event logs for ad attribution purposes (such as the initial login event, account creation, subscription events). These third parties process data as a service to SMnBH only, pursuant to written agreements
Advanced Data Processing
The therapy experience is enhanced by advanced data processing activities, carried out in order to measure and improve clinical outcomes. Our proprietary matching algorithm and machine-learning tools provide real-time engagement insights, inform treatment, and track clinical progress, and are fundamental to our care delivery model.
Matching Algorithm. During onboarding we ask you to provide information so that we can assess your condition and incorporate your preferences. We then leverage a proprietary algorithm to match you to a provider.
Optimizing Diagnosis and Treatment. Throughout your experience, your provider uses the Services to manage your diagnosis and treatment plan. The advanced machine learning features of our proprietary Services include natural language processing of communications with therapists. A core focus of our machine learning strategy is to provide the therapist with insights on patient needs and behaviors and offer techniques and suggestions that we believe are likely to maximize clinical outcomes.
We will retain your information in accordance with the appropriate statutory limitation periods as required by local law, in line with our legitimate business purposes for as long as your account is active or for as long as needed to provide you with the Services, as required in order to comply with our legal obligations, a court order or to defend or pursue legal claims, in line with industry codes of practice, to resolve disputes and enforce our agreements.
In the United States, SMnBH may collect information and may provide Services to minors ages 13 – 17 with the written authorization of a parent or guardian. SMnBH does not provide therapeutic services to minors outside of the US.
We take commercially reasonable steps to protect the integrity and confidentiality of personally identifiable and health information that you may share with us. We have complied with the HIPAA security rule for administrative, technical, and physical security safeguards and have third party assessments of our controls performed annually. However, please be aware that no security measures are perfect or impenetrable and we cannot guarantee the absolute security of your information.
We will do our part to protect your information, but it is important for you to protect your information as well. In addition, we do not control the actions of anyone with whom you or any other user may choose to share information. As such, you should be cautious about the access you provide to others when using the SMnBH APP, and the information you choose to share when using the SMnBH App.
APPs that provide services in highly-regulated fields (such as banking and financial services, healthcare, gambling, legal cannabis use, and air travel) or that require sensitive user information should be submitted by a legal entity that provides the services, and not by an individual developer. APPS that facilitate the legal sale of cannabis must be geo-restricted to the corresponding legal jurisdiction.
How to Contact Us
If you have any privacy-related questions or comments related to this Policy, please send an email to: firstname.lastname@example.org.