Privacy Policy
Effective Date: [Insert Date]
Rhea (“we,” “our,” or “us”) is headquartered in New York State and is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal and health information when you engage with our website, platform, and services.
1. Information We Collect
Personal Information
Name, email, phone (if provided), city and state, and demographic/lifestyle details you provide.
Health Information (PHI)
Includes physical/emotional health data you submit via intakes, telehealth, or wellness sessions — protected under HIPAA.
Usage Data
Technical details such as IP address, device, browser, pages visited, and timestamps — used to enhance our platform.
2. How We Use Your Information
We use your data to:
Provide personalized care recommendations and communication
Send reminders and maintain support channels
Improve platform functionality and user experience
Facilitate telehealth sessions and bookings
Rhea does not sell or rent personal or health data.
3. How We Protect Your Information
We employ robust security practices:
SSL encryption across all data channels
Restricted access to PHI with strict internal controls
HIPAA-aligned safeguards and regular security audits
Required Business Associate Agreements (BAAs) with any partners handling PHI
4. HIPAA & PHI Protections
As a Covered Entity or Business Associate under HIPAA, Rhea adheres to federal privacy rules (45 CFR §§ 160–164). We:
Limit PHI use to treatment, operations, and required disclosures
Only share PHI with authorized partners under BAAs
Mandate secure storage, restricted access, and breach protocols
5. New York Telehealth & Privacy Requirements
Consent & Confidentiality
As mandated by NY Public Health Law Article 29‑G and Medicaid telehealth rules, we:
Obtain and document informed consent before your first telehealth session en.wikipedia.org+1omh.ny.gov+1en.wikipedia.org+3cchpca.org+3op.nysed.gov+3
Confirm your identity and clarify session advantages, risks, and voluntary nature
Do not record sessions without explicit consent
Conduct all telehealth from secure, private environments
6. New York Health Information Privacy Act (NYHIPA)
New York’s new law (S.929, as passed 1/22/2025) expands privacy protections beyond HIPAA to include all health-related data (e.g., wellness app usage, location, inferences) paubox.com. Although not in effect yet, Rhea is proactively aligning with its expectations:
Health data used only for clearly defined, necessary purposes
Explicit consent required to collect, use, or share health information
Rights to access, correct, and delete data
Implementing robust technical and organizational safeguards
7. Your Rights Over Your Data
Whether under HIPAA or NYHIPA, you have the right to:
Access and review your PHI
Request corrections to inaccurate data
Ask for use/disclosure restrictions
Choose how we contact you (email, phone, text)
Withdraw PHI consent (not affecting care already in progress)
Request data deletion or portability (once NYHIPA is active)
To exercise these rights, email [yourprivacy@yourdomain.com]
8. Children's and Age Restrictions
Rhea is designed for adults 18+. We do not knowingly collect data from anyone under 18.
By using our services, you confirm you are at least 18 years old. If we discover data from minors, it will be erased promptly.
9. Third-Party Tools & Business Associates
We partner with HIPAA-compliant vendors (telehealth, scheduling, analytics). These services only receive the minimal data necessary, and BAAs are in place when PHI is shared.
10. California, CCPA & Other Rights
While NYHIPA currently applies, we also support privacy rights similarly honored in other states (e.g., access, deletion, data portability). If you have additional requests, contact us.
11. Changes to This Policy
We may update this policy to reflect legal or operational changes. Updates will be posted here with an updated effective date.
12. Contact Us
Email: [yourprivacy@yourdomain.com]
Address: Rhea, [Your Business Address], New York, NY