Privacy Policy & HIPAA Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Golden Life (GLC) Wellness Center, LLC and its affiliated clinics ("GLC," "we," "our," or "us") respect your privacy. This Privacy Policy explains how we collect, use, and protect information you provide through our website (www.glcwellness.com) and the protected health information ("PHI") we create or receive in the course of providing mental and behavioral health services across our Illinois, Nevada, Texas, and Florida locations.

1. Locations Covered by This Policy

This policy applies to all GLC Wellness Center locations:

State	Address
Illinois	7118 S. Jeffery Blvd., Chicago, IL 60649
Nevada	1530 E Charleston Blvd., Las Vegas, NV 89104
Texas	708 Main St., Houston, TX 77002
Florida	Fort Lauderdale, FL

2. Information We Collect

A. Protected Health Information (PHI)

When you receive services from us, we collect and maintain PHI, including: identifying information (name, address, phone, date of birth, emergency contacts); insurance and billing information; mental health and medical history; assessment results, diagnoses, and treatment notes; medication records; and any other information necessary to deliver care.

B. Website Information

When you visit our website, we may automatically collect: IP address, browser type and version, pages visited, referring URL, and date/time of visits. We use this for analytics and to improve our website. We do not collect PHI through our public website. PHI is only transmitted through our secure client portal (SimplePractice).

C. Cookies and Similar Technologies

Our website may use cookies and similar technologies for analytics. You can disable cookies through your browser settings without affecting your ability to receive care.

3. How We Use and Disclose Your PHI

A. For Treatment, Payment, and Healthcare Operations (TPO)

We may use and disclose your PHI without your written authorization for the following purposes:

Treatment: coordinating care among your providers, including therapists, psychiatric nurse practitioners, and consulting clinicians.
Payment: billing your insurance, obtaining prior authorizations, and collecting payment for services.
Healthcare Operations: internal quality reviews, training, credentialing, audits, and business management activities.

B. Disclosures Requiring Your Written Authorization

We will obtain your written authorization before using or disclosing your PHI for any purpose not described in this Notice, including:

Most uses and disclosures of psychotherapy notes (where separately maintained).
Uses and disclosures for marketing purposes.
Disclosures that constitute a sale of PHI.

You may revoke your authorization in writing at any time, except to the extent we have already relied on it.

C. Disclosures Permitted or Required by Law (No Authorization Required)

We may use or disclose your PHI without your authorization in the following limited circumstances:

Public health activities (e.g., reporting communicable diseases).
Mandated reporting of suspected abuse, neglect, or domestic violence involving children, elders, or vulnerable adults, as required by state law.
Health oversight activities by government agencies.
Judicial and administrative proceedings in response to a court order, subpoena, or other lawful process.
Law enforcement purposes as required by law.
Serious threat to health or safety — to prevent or lessen an imminent and serious threat to you or others (duty to warn/protect).
Workers' compensation claims, as required by law.
Coroners, medical examiners, and funeral directors, as permitted.
Specialized government functions, including military, national security, and protective services.
Research, provided an Institutional Review Board has approved the research and waiver of authorization.

4. Your Rights Under HIPAA

You have the following rights regarding your PHI maintained by GLC:

Right to Access: You may inspect and obtain a copy of your PHI, subject to limited exceptions. Requests must be submitted in writing.
Right to Amend: You may request that we amend PHI you believe is incorrect or incomplete. We may deny your request under certain circumstances.
Right to an Accounting of Disclosures: You may request a list of certain disclosures we have made of your PHI in the six years prior to your request.
Right to Request Restrictions: You may request that we limit how we use or disclose your PHI for treatment, payment, or healthcare operations. We are not required to agree, except in the case of disclosures to a health plan for items or services you paid for in full out of pocket.
Right to Confidential Communications: You may request that we contact you in a specific way (e.g., by mail to a particular address or by phone at a particular number).
Right to a Paper Copy: You may request a paper copy of this Notice at any time, even if you have agreed to receive it electronically.
Right to Breach Notification: You will be notified following any breach of unsecured PHI as required by law.

To exercise any of these rights, please contact our Privacy Officer using the information at the end of this Notice.

5. Telehealth Services

If you receive services via telehealth (video, audio, or secure messaging), we use HIPAA-compliant platforms (including SimplePractice) and employ administrative, physical, and technical safeguards consistent with HIPAA. You acknowledge that telehealth carries inherent risks, including the possibility of technology failures or unintended disclosures, despite our reasonable safeguards.

6. SimplePractice and Third-Party Services

We use SimplePractice, a HIPAA-compliant electronic health record and client portal, to schedule appointments, communicate securely, deliver telehealth, and maintain treatment records. SimplePractice operates under a Business Associate Agreement with GLC. By using our scheduling and contact widgets, you acknowledge that your information will be transmitted to SimplePractice for the purpose of facilitating your care.

We may also share PHI with other business associates (e.g., billing services, secure document storage providers, accountants, attorneys) who have signed Business Associate Agreements ensuring they protect your PHI under HIPAA.

7. Website Privacy

A. Information Collection

Our public website does not require you to provide personal information to browse. The "Request Appointment" and "Send a Message" widgets are operated by SimplePractice and are governed by SimplePractice's HIPAA-compliant terms.

B. Analytics

We may use standard web analytics tools to understand site traffic. These tools collect aggregated, non-identifying information.

C. Children's Privacy

We do not knowingly collect personal information from children under 13 through our website. Services for minors are arranged by a parent or legal guardian.

8. State-Specific Notices

Illinois

Illinois law (Mental Health and Developmental Disabilities Confidentiality Act, 740 ILCS 110) provides additional protections for mental health records. Disclosures of mental health records generally require your written consent, except as specifically permitted by Illinois law (e.g., court orders, mandated reporting).

Nevada

Nevada Revised Statutes Chapter 629 governs the confidentiality of healthcare records. Mental health records receive additional protections, and certain disclosures require specific consent.

Texas

Texas Health and Safety Code Chapter 611 protects the confidentiality of mental health information. The Texas Medical Records Privacy Act (HB 300) imposes requirements broader than HIPAA, including specific authorization and breach notification rules.

Florida

Florida Statutes Chapter 456 and Section 394.4615 govern the confidentiality of psychiatric and behavioral health records. The Florida Information Protection Act (FIPA) requires notification of certain data breaches within 30 days.

Where state law provides greater privacy protections than HIPAA, the state law applies.

9. Our Duties

GLC is required by law to: (1) maintain the privacy and security of your PHI; (2) provide you with this Notice describing our legal duties and privacy practices; (3) follow the terms of the Notice currently in effect; and (4) notify you following a breach of unsecured PHI.

10. Changes to This Notice

We reserve the right to change this Notice at any time and to make the revised Notice effective for PHI we already have, as well as PHI we receive in the future. We will post the most current Notice on our website and make printed copies available at each location.

11. Complaints

If you believe your privacy rights have been violated, you may file a complaint with us by contacting our Privacy Officer (below), or directly with the U.S. Department of Health and Human Services, Office for Civil Rights:

U.S. Department of Health and Human Services
Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
1-877-696-6775
www.hhs.gov/ocr/privacy/hipaa/complaints/

We will not retaliate against you for filing a complaint.

12. Contact Us

For questions about this Notice, to exercise any of your rights, or to file a privacy complaint, please contact our Privacy Officer:

GLC Wellness Center — Privacy Officer
Phone: 877.767.1692
Fax: 877.847.7616
Email: privacy@glcwellness.com

Acknowledgment of Receipt

By scheduling or receiving services from GLC Wellness Center, you acknowledge that you have been provided access to this Notice. A signed acknowledgment will be requested at the time of your first appointment.