PRIVACY POLICY AND HIPAA NOTICE OF PRIVACY PRACTICES

PART I: ABOUT OUR PRACTICE

Integrated Psych Solutions (“IPS,” “we,” “our,” or “us”) is a neuropsychological evaluation and behavioral health practice headquartered at 1265 Interstate Parkway, Suite B, Augusta, GA 30909. We provide neuropsychological testing, psychological evaluations, medical disability evaluations, and related behavioral health services.

IPS delivers services both in person at our physical locations and via telehealth across multiple states, including Georgia, Florida, South Carolina, Maryland, New Mexico, and Arizona. This Privacy Policy and Notice of Privacy Practices applies to all services provided by IPS, regardless of whether those services are delivered in person or through telehealth technology.

Our website is located at https://integratedpsych.care/ and is operated by Integrated Psych Solutions.

PART II: WEBSITE PRIVACY PRACTICES

This section describes how we collect, use, and protect information gathered through our website. This section does not govern the use or disclosure of Protected Health Information (PHI), which is covered in Part III below.

1. Information We Collect Through Our Website

Information You Provide Voluntarily. When you contact us through our website, submit an inquiry form, request an appointment, or communicate with us electronically, we may collect personal information you voluntarily provide, including your name, email address, phone number, and any information you include in your message. Please note that standard email and website contact forms are not encrypted and should not be used to transmit sensitive health information.

Automatically Collected Information. When you visit our website, we may automatically collect certain technical information, including your IP address, browser type and version, operating system, device type, referring URLs, pages viewed, time spent on pages, and other browsing behavior data. This information is collected through cookies, web beacons, and similar tracking technologies.

Cookies. Our website uses cookies—small text files stored on your device—to enhance your browsing experience, analyze site traffic, and understand visitor behavior. You may control cookie settings through your browser preferences. Disabling cookies may affect certain website functionality.

2. How We Use Website Information

We use information collected through our website for the following purposes:

• To operate, maintain, and improve our website
• To respond to your inquiries and communications
• To analyze website usage patterns and optimize user experience
• To detect, prevent, and address technical issues or security threats
• To comply with legal obligations
• To send you information about our services, if you have opted in to receive such communications

3. Sharing of Website Information

We do not sell your personal information. We may share website information with:

• Service Providers: Third-party vendors who perform services on our behalf, such as website hosting, analytics, and technical support. These providers are contractually obligated to protect your information and use it only for the purposes we specify.
• Legal Requirements: When required by law, regulation, legal process, or governmental request.
• Protection of Rights: When we believe disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.
• With Your Consent: In any other circumstances where you provide consent for us to share your information.

4. Third-Party Links and Services

Our website may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policy of every site you visit.

5. Analytics

We may use third-party analytics services (such as Google Analytics) to help us understand how visitors use our website. These services may collect information about your use of our website, including your IP address, and may use cookies and similar technologies. The information generated is used to evaluate visitor activity and compile reports for us. You may opt out of certain analytics tracking by adjusting your browser settings or using available opt-out tools provided by the analytics service.

PART III: HIPAA NOTICE OF PRIVACY PRACTICES

6. Our Duty to Protect Your Health Information

We are required by federal and state law to maintain the privacy and security of your Protected Health Information (PHI). PHI is individually identifiable health information that relates to your past, present, or future physical or mental health condition, the provision of health care to you, or payment for health care services. We are required to:

• Maintain the privacy and security of your PHI
• Provide you with this Notice of our legal duties and privacy practices with respect to your PHI
• Follow the terms of the Notice that is currently in effect
• Notify you if a breach occurs that may have compromised the privacy or security of your PHI

7. How We May Use and Disclose Your PHI

The following describes the ways we may use and disclose your PHI without your written authorization:

Treatment. We may use and disclose your PHI to provide, coordinate, or manage your health care and related services. This includes sharing information among members of your treatment team, consulting with other health care providers involved in your care, and coordinating referrals. For telehealth services, this includes transmitting your PHI through secure, HIPAA-compliant telehealth platforms.

Payment. We may use and disclose your PHI to bill and collect payment for the services we provide. This may include disclosures to your health plan, insurance company, or other third-party payer to obtain prior authorization, determine eligibility, or submit claims. It may also include providing PHI to business associates such as billing companies and claims processing services.

Health Care Operations. We may use and disclose your PHI for our health care operations, which include quality assessment and improvement activities, reviewing the competence or qualifications of health care professionals, conducting or arranging for medical reviews, legal services, auditing functions, business planning, and general administrative activities.

Appointment Reminders and Health-Related Communications. We may use and disclose your PHI to contact you to remind you of appointments or to provide information about treatment alternatives or other health-related benefits and services that may be of interest to you.

As Required by Law. We will disclose your PHI when required to do so by federal, state, or local law.

Public Health Activities. We may disclose your PHI to public health authorities for purposes of preventing or controlling disease, injury, or disability, and for other public health activities as permitted by law.

Health Oversight Activities. We may disclose your PHI to health oversight agencies for activities authorized by law, such as audits, investigations, inspections, and licensure.

Judicial and Administrative Proceedings. We may disclose your PHI in response to a court order. We may also disclose your PHI in response to a subpoena, discovery request, or other lawful process, but only if efforts have been made to notify you of the request or to obtain a protective order.

Law Enforcement. We may disclose your PHI to law enforcement officials for certain law enforcement purposes as permitted or required by law, such as in response to a court order, warrant, or grand jury subpoena.

Coroners, Medical Examiners, and Funeral Directors. We may disclose your PHI to a coroner or medical examiner as authorized by law.

Serious Threats to Health or Safety. We may use and disclose your PHI when necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public, consistent with applicable law and ethical standards.

Military and Veterans. If you are a member of the armed forces, we may disclose your PHI as required by military command authorities.

Workers’ Compensation. We may disclose your PHI as authorized by and to the extent necessary to comply with workers’ compensation laws or similar programs.

Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may disclose your PHI to the institution or official as necessary for your health and safety, the health and safety of others, or for the safety of the correctional institution.

Research. Under certain circumstances, we may use and disclose your PHI for research purposes, provided the research has been approved by an Institutional Review Board or privacy board and appropriate protections are in place.

De-Identified Information. We may use or disclose health information about you in a way that does not personally identify you, or as part of a limited data set for research, public health, or health care operations purposes, with a data use agreement in place.

8. Uses and Disclosures Requiring Your Written Authorization

Except as described above, we will not use or disclose your PHI without your written authorization. Specifically, we are required to obtain your written authorization for the following:

• Psychotherapy Notes. Psychotherapy notes receive special protection under HIPAA. These are notes recorded by a mental health professional documenting or analyzing the contents of a conversation during a private, group, joint, or family counseling session, and that are maintained separately from the rest of your medical record. We will not use or disclose psychotherapy notes without your written authorization, except in limited circumstances permitted by law (such as for our own training, to defend ourselves in a legal action brought by you, for the Secretary of HHS for compliance investigations, or to avert a serious and imminent threat).
• Marketing. We will not use or disclose your PHI for marketing purposes without your written authorization.
• Sale of PHI. We will not sell your PHI without your written authorization.
• Other Uses. Any other uses and disclosures of your PHI not described in this Notice will be made only with your written authorization. You may revoke any authorization at any time by submitting a written request to us. Revocation will not affect any actions we have already taken in reliance on the authorization.

9. Substance Use Disorder (SUD) Records

Effective February 16, 2026, federal law provides additional protections for records related to substance use disorder (SUD) treatment. While IPS does not provide substance use disorder treatment as a primary service, if we receive, create, or maintain any records relating to substance use disorder, those records are subject to the following additional protections:

• SUD records may not be used or disclosed without your written consent except as specifically permitted by federal law (42 CFR Part 2).
• SUD treatment records and any testimony relating to those records may not be used or disclosed in any civil, criminal, administrative, or legislative proceeding conducted by any federal, state, or local authority without your written consent or a court order that meets specific criteria. A subpoena or other legal demand alone is not sufficient.
• Information disclosed from SUD records may be accompanied by a notice prohibiting further redisclosure, and any recipient is bound by those restrictions.
• You have the right to request restrictions on the use and disclosure of your SUD records beyond what is otherwise permitted by law.

If you have questions about how SUD records are handled at IPS, please contact our Privacy Officer at the contact information listed below.

10. Telehealth-Specific Privacy Practices

IPS provides telehealth services across multiple states. The following additional provisions apply to telehealth encounters:

• All telehealth sessions are conducted using HIPAA-compliant, encrypted telehealth platforms that meet federal security standards.
• PHI transmitted during telehealth encounters is encrypted in transit and at rest.
• We require that telehealth sessions take place in a private setting on both ends of the connection to the extent practicable.
• Recordings of telehealth sessions are not made without your explicit written consent.
• The privacy protections described in this Notice apply equally to information collected during in-person and telehealth encounters.
• State-specific telehealth privacy laws may provide additional protections depending on the state in which you are located at the time of the telehealth session. We comply with all applicable state telehealth privacy laws.

11. Your Rights Regarding Your PHI

You have the following rights with respect to your Protected Health Information:

Right to Access. You have the right to inspect and obtain a copy of your PHI that is maintained in a designated record set. This includes medical records, billing records, and other records used to make decisions about your care. Your request must be submitted in writing. We may charge a reasonable, cost-based fee for copies. We will respond within 30 days of receiving your request (or 60 days if the records are maintained off-site). In limited circumstances, we may deny your request, and you will have the right to have the denial reviewed.

Right to Amend. You have the right to request that we amend your PHI if you believe it is incorrect or incomplete. Your request must be submitted in writing and must include the reason for the amendment. We may deny your request under certain circumstances, such as if we did not create the information or if we determine the information is accurate and complete. If we deny your request, you may submit a written statement of disagreement.

Right to an Accounting of Disclosures. You have the right to request a list of certain disclosures we have made of your PHI. This accounting does not include disclosures made for treatment, payment, or health care operations, disclosures made with your authorization, or certain other disclosures. Your request must be submitted in writing and must specify a time period (not longer than six years prior to the date of the request).

Right to Request Restrictions. You have the right to request that we restrict certain uses and disclosures of your PHI for treatment, payment, or health care operations. We are not generally required to agree to your request, except that we must agree to restrict disclosures to a health plan for payment or health care operations if you have paid for the service in full out of pocket. Your request must be submitted in writing.

Right to Request Confidential Communications. You have the right to request that we communicate with you about your health information in a particular way or at a particular location. For example, you may ask that we contact you only at a certain phone number or only by mail. We will accommodate all reasonable requests.

Right to a Paper Copy. You have the right to obtain a paper copy of this Notice of Privacy Practices at any time, even if you have previously agreed to receive it electronically. You may request a paper copy by contacting our Privacy Officer.

Right to Be Notified of a Breach. You have the right to be notified in the event of a breach of your unsecured PHI. We will notify you of any such breach as required by law, including a description of what happened, the types of information involved, steps you should take to protect yourself, what we are doing to investigate and mitigate the breach, and contact information for further questions.

PART IV: DATA SECURITY

12. Security Measures

We have implemented administrative, physical, and technical safeguards designed to protect the privacy and security of your personal information and PHI. These measures include but are not limited to:

• Encryption of electronic PHI in transit and at rest
• Role-based access controls that limit access to PHI to authorized personnel on a need-to-know basis
• Secure, HIPAA-compliant electronic health record systems
• Regular security risk assessments and vulnerability monitoring
• Workforce training on privacy and security policies and procedures
• Business Associate Agreements with all third-party vendors who access or handle PHI on our behalf
• Physical safeguards for paper records and workstations
• Incident response and breach notification procedures

While we strive to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining the highest practicable level of protection for your information.

13. Business Associates

We may share your PHI with third-party service providers (known as Business Associates) who perform functions on our behalf that require access to PHI. Examples include electronic health record vendors, billing services, IT support providers, and telehealth platform providers. All Business Associates are required to enter into a Business Associate Agreement (BAA) that obligates them to safeguard your PHI in accordance with HIPAA requirements.

PART V: ADDITIONAL PROVISIONS

14. Minors

We provide evaluation services for minors. A parent or legal guardian generally may exercise the rights of a minor with respect to PHI, except as limited by applicable state law. We comply with all federal and state laws governing the privacy of minors’ health information, including any state-specific provisions regarding adolescent access to behavioral health records.

15. Personal Representatives

We will treat a personal representative as the individual for purposes of this Notice if the personal representative has legal authority to act on the individual’s behalf regarding health care decisions, in accordance with applicable law. However, if we reasonably believe that the individual has been or may be subjected to domestic violence, abuse, or neglect by the personal representative, or that treating the person as a personal representative could endanger the individual, we may choose not to treat that person as a personal representative.

16. State Law

IPS provides services across multiple states, and certain states may have privacy laws that provide greater protections than HIPAA. Where state law provides greater privacy protections, we will comply with the more protective standard. This may include additional consent requirements, restrictions on disclosure of mental health information, or enhanced patient rights. If you have questions about the privacy laws applicable to your care, please contact our Privacy Officer.

17. Children’s Online Privacy (COPPA)

Our website is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13 through our website. If we learn that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information as soon as possible. If you believe a child under 13 has provided us with personal information through our website, please contact us immediately.

18. Do Not Track Signals

Some web browsers transmit “do not track” signals to websites. Our website does not currently respond to “do not track” signals. However, you may manage your cookie preferences through your browser settings.

19. Data Retention

We retain your PHI in accordance with applicable federal and state record retention laws, professional licensing requirements, and our own record retention policies. Website usage data is retained for a reasonable period necessary to fulfill the purposes described in this policy. When records are no longer required to be maintained, they are securely destroyed in accordance with our data destruction procedures.

PART VI: COMPLAINTS AND CONTACT INFORMATION

20. Right to File a Complaint

If you believe your privacy rights have been violated, you have the right to file a complaint. You will not be retaliated against for filing a complaint. You may file a complaint with:

Our Privacy Officer:

Integrated Psych Solutions

Attn: Privacy Officer

1265 Interstate Parkway, Suite B

Augusta, GA 30909

Email: [email protected]

The U.S. Department of Health and Human Services, Office for Civil Rights:

U.S. Department of Health and Human Services

200 Independence Avenue, S.W.

Washington, D.C. 20201

Website: www.hhs.gov/ocr/privacy/hipaa/complaints

Phone: 1-877-696-6775

21. Changes to This Notice

We reserve the right to change the terms of this Privacy Policy and Notice of Privacy Practices at any time. Any changes will apply to PHI we already have about you as well as any information we receive in the future. We will post the revised Notice on our website and make it available at our office. The revised Notice will be effective for all PHI that we maintain from the effective date of the revision. We encourage you to review this Notice periodically.

22. Contact Information

For questions about this Privacy Policy, our privacy practices, or to exercise any of your rights described in this Notice, please contact:

Integrated Psych Solutions — Privacy Officer

1265 Interstate Parkway, Suite B

Augusta, GA 30909

Email: [email protected]

Website: https://integratedpsych.care