Privacy Policy

Effective Date: 03/01/2024

At Joy Therapy, your privacy is our priority. We are committed to protecting your personal and
health information with the highest standards of care and compliance. This Privacy Policy
explains the types of information we collect, how we use it, and your rights regarding your data.
Our practices adhere to all applicable laws and regulations, including the Health Insurance
Portability and Accountability Act (HIPAA), California Consumer Privacy Act (CCPA),
Children’s Online Privacy Protection Act (COPPA), General Data Protection Regulation
(GDPR) principles, and PCI Data Security Standards (PCI DSS).
This policy applies to all interactions with Joy Therapy through our website, mobile applications,
or services.

1. Information We Collect
At Joy Therapy, we collect several types of information to provide effective care and improve
our services. This includes personally identifiable information, such as your name, email address,
phone number, mailing address, and date of birth. For the purposes of therapy, we may collect
protected health information (PHI), which encompasses your medical records, treatment plans,
and therapy notes.

To facilitate payments, we securely process credit card information in accordance with PCI DSS
standards. We also collect usage data, such as your IP address, browser details, device type, and
activity on our platforms, to optimize your experience. In some cases, with your consent, we may
collect demographic information, including details such as ethnicity or gender identity, to
improve care outcomes and provide tailored therapeutic services.

As part of your rights, you may request access to your medical records in electronic or paper
format. Upon request, we will provide a copy or summary of your health information within 30
days, and we may charge a reasonable, cost-based fee for this service. If you believe there are
inaccuracies in your health records, you can request corrections, and if we cannot comply, we
will explain the reason in writing within 60 days.

You also have the option to request confidential communications, such as contacting you at a
specific phone number or sending mail to a different address. Additionally, you may ask us to
limit the use or sharing of certain health information, though in some cases, such requests may be
denied if they interfere with your care. However, if you pay for services out of pocket in full, you
may request that we not share that specific information with your health insurer, and we will
honor this request unless legally required to disclose it.

2. How We Use Your Information
The information we collect is used to provide therapeutic services, schedule appointments, send
reminders, and process payments securely. It also helps us personalize and enhance your
experience by tailoring services to meet your needs.

In rare cases, we may need to use or disclose your information to prevent a serious threat to your
health and safety, or that of the public or another person. Any disclosure in such circumstances
will be made only to someone qualified to help mitigate the threat, and only when absolutely
necessary.

3. Information Sharing
We value your trust and only share information in specific situations. In the course of providing
services, we may work with third-party vendors for purposes such as payment processing, IT
support, or secure data storage. We also collaborate with other healthcare professionals directly
involved in your care to ensure seamless coordination and the highest quality of service.
Additionally, we are obligated to share information when required by law, such as in response to
subpoenas or regulatory requests. Outside these scenarios, we will only share your information
with your explicit consent. Rest assured, Joy Therapy does not sell or rent your personal
information under any circumstances.

4. Your Privacy and Rights
You have several rights regarding your personal and health information. You may request access
to your data or ask for corrections to ensure it is accurate and complete. If you wish, you can
request the deletion of your data, provided there are no legal obligations requiring us to retain it.
You also have the right to restrict how we process your information and to opt out of certain
communications, such as marketing emails or specific tracking technologies. To exercise any of
these rights, please contact us using the information provided at the end of this policy.
Employee Privacy Responsibilities

All employees are required to handle client and organizational information responsibly, ensuring
that all protected health information (PHI) and sensitive company data remain secure. Any
access, use, or disclosure of confidential information outside the scope of your job
responsibilities is strictly prohibited. Employees found in violation may face disciplinary action,
up to and including termination, as well as legal consequences.

5. Bring Your Own Device (BYOD) Policy
Joy Therapy recognizes that employees may use personal devices (e.g., smartphones, tablets,
laptops) for work purposes. While this practice can enhance convenience and flexibility, it also
introduces potential risks to the security and confidentiality of company and client data. To
mitigate these risks, we have established the following guidelines:

1. Device Security Requirements:
o Employees must enable password protection, biometric authentication (e.g.,
fingerprint or facial recognition), or similar security measures on all personal
devices used for work.

o Devices must have up-to-date operating systems, antivirus software, and firewall
protections installed.

o Employees must not store client PHI or other sensitive data on personal devices
unless authorized and encrypted.

2. Prohibited Activities:
o Employees may not use personal devices to access or share PHI through
unsecured networks or platforms.

o Downloading unauthorized software or applications that could compromise the
security of work-related data is strictly prohibited.

3. Data Breach Prevention and Reporting:
o Employees must take reasonable precautions to prevent the loss, theft, or
unauthorized use of personal devices.

o Any suspected data breach, accidental disclosure, or loss of a personal device
containing work-related data must be reported immediately to the Privacy Officer.

4. Liability:
o Employees are solely responsible for the cost of their personal devices, including
repair and maintenance.

o Joy Therapy will not be held liable for any data breaches, loss, or damages caused
by an employee's personal device unless the company has expressly authorized its
use and confirmed compliance with all security requirements.

6. Cookies and Tracking
We use cookies and similar tracking technologies to enhance your experience on our website.
These tools help us recognize returning visitors, analyze website functionality, and deliver
personalized content. You can manage your cookie preferences through your browser settings or
opt out of tracking by using tools provided by organizations like the Digital Advertising
Alliance.

7. Children’s Privacy
We take the privacy of children under 18 years of age seriously. Our services are designed to
support children and their families while ensuring that their personal and health information is
protected.

Before collecting, using, or sharing any information about a child, we require verifiable consent
from a parent or legal guardian. This consent may be obtained through signed authorization
forms at the start of therapy or secure digital tools.

Information collected about children includes basic personal details, such as name, age, and
contact information, as well as health data like therapy notes and treatment plans. In some cases,
we may also collect educational information, such as academic records or IEPs (Individualized
Education Programs), with parental consent.

We use this information to deliver individualized therapeutic care, create treatment plans, and
communicate progress to parents or guardians. We only share children’s information with
healthcare professionals involved in their care, secure service providers, or as required by law.
Parents have the right to access their child’s information, request corrections, and withdraw
consent for further data collection, subject to legal or therapeutic requirements.

8. Data Security and Retention
To protect your information, we use advanced security measures such as encryption, secure
access controls, and regular audits. Your data is retained only as long as necessary to deliver
services or meet legal obligations.

9. Jurisdiction Statement
This Privacy Policy is governed by the laws of the United States and specifically the states of
Oklahoma and Nebraska. Any disputes arising under this policy shall be resolved in accordance
with applicable federal and state laws.

10. Disclaimer
This Privacy Policy is provided for informational purposes only and does not constitute legal or
therapeutic advice. For questions regarding specific legal obligations or personal therapy, please
consult a qualified professional.

11. Updates to This Policy
We may update this Privacy Policy to reflect changes in our practices. The most recent version
of the policy will always include a revised Effective Date at the top of the page.

12. Acknowledgment
By using Joy Therapy’s services, you acknowledge that you have read, understood, and agreed to
this Privacy Policy.

13. Contact Us
For questions about this Privacy Policy or to exercise your privacy rights, please contact us:
Joy Therapy
P.O. Box 251
Vian, OK 74962
Phone: (402) 520-7883
Email: angelyce@joytherapy.org
Website: JoyTherapy.org
Angelyce L. Phipps, M.S., L.P.C., L.I.M.H.P.
President & Owner

14. Definitions and Commonly Used Terms
Throughout the above Privacy Policy, you may encounter the following terms:
• Personal Identifiable Information (PII): Information that can be used to identify an
individual, such as name, email address, phone number, and date of birth.

• Protected Health Information (PHI): Health-related information that includes medical
records, therapy notes, treatment plans, or any data related to an individual's health or
care that is protected under HIPAA.

• Cookies: Small text files stored on your device to track and enhance your interaction
with our website or app.

• Encryption: A method of securing information by converting it into a code to prevent
unauthorized access.
• Demographic Information: Data that may include details like ethnicity, gender identity,
or other sensitive personal information, collected with your consent to improve
therapeutic services.
• HIPAA (Health Insurance Portability and Accountability Act): A U.S. law that
establishes standards for the protection of sensitive patient health information.

• CCPA (California Consumer Privacy Act): A California law providing consumers
with rights over their personal data, including the right to access, delete, and opt out of
data sales.
• COPPA (Children’s Online Privacy Protection Act): A law protecting the privacy of
children under 13 years of age by requiring parental consent for data collection.

• PCI DSS (Payment Card Industry Data Security Standard): Security standards to
ensure secure handling of credit card information.
• GDPR (General Data Protection Regulation): A European Union regulation that
governs data protection and privacy for individuals within the EU.

This section is designed to clarify the terms used throughout the policy, ensuring you have a
clear understanding of the language and practices described.

policy, in whole or in part, is strictly prohibited.