Notice of HIPAA Compliance and Privacy Practices
Effective Date: December 12, 2025
Last Updated: December 12, 2025
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
Our Commitment to HIPAA Compliance
Sessionably is committed to protecting the privacy and security of your Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations.
As a Business Associate to healthcare providers who use our platform, we:
- Maintain comprehensive administrative, physical, and technical safeguards
- Enter into Business Associate Agreements with all covered entities
- Train our workforce on HIPAA requirements and privacy practices
- Conduct regular security assessments and risk analyses
- Implement incident response procedures for potential breaches
- Maintain audit trails of all access to PHI
Information We Collect
Through the Sessionably platform, the following types of information may be collected and stored:
- Demographic Information: Name, date of birth, address, phone number, email address, emergency contacts
- Clinical Information: Mental health history, treatment plans, progress notes, diagnoses, medications
- Insurance Information: Insurance provider, policy numbers, coverage details
- Appointment Information: Scheduling data, session notes, attendance records
- Billing Information: Payment history, invoices, account balances
- Documents: Intake forms, consent forms, clinical assessments, signed agreements
How We Protect Your Information
We implement multiple layers of security to protect your information:
- Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption
- Access Controls: Role-based access ensures only authorized personnel can view your information
- Audit Logging: All access to PHI is logged and monitored for unauthorized activity
- Secure Infrastructure: Our systems are hosted on HIPAA-compliant cloud infrastructure
- Regular Backups: Data is backed up regularly to prevent loss
- Security Testing: We conduct regular vulnerability assessments and penetration testing
How We Use Your Information
Your information may be used for the following purposes:
- Treatment: To facilitate the provision of mental health services by your healthcare provider
- Payment: To process payments and billing for services rendered
- Healthcare Operations: To support your provider's practice operations, quality improvement, and training
- As Required by Law: When required by federal, state, or local law
- Health and Safety: To prevent or lessen a serious threat to health or safety
- With Your Authorization: For any other purpose with your written consent
Your Rights
Under HIPAA, you have the following rights regarding your health information:
- Right to Access: You may request copies of your health records
- Right to Amend: You may request corrections to your health information
- Right to Accounting: You may request a list of disclosures of your information
- Right to Restrict: You may request restrictions on certain uses and disclosures
- Right to Confidential Communications: You may request that we communicate with you in a specific way or location
- Right to a Copy of This Notice: You may request a paper copy of this notice at any time
- Right to File a Complaint: You may file a complaint with us or the Secretary of Health and Human Services if you believe your rights have been violated
Contact Information
Questions or Concerns?
If you have any questions about this notice or our privacy practices, please contact us:
Sessionably Privacy Office
Email: privacy@sessionably.com
Phone: 720-808-2150
Address: 75 Manhattan Dr. Ste. 206, Boulder, CO 80303
To file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights, visit www.hhs.gov/ocr/complaints or call 1-800-368-1019.
This notice is effective as of December 12, 2025.