DescripTHIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Who We Are

Conscious Connections Therapy, A Professional Corporation, is a HIPAA covered entity. This Notice of Privacy Practices (NPP) applies to all protected health information (PHI) created or received by Lynzie Genel, LCSW, and supervising associates Brigetta Alexander, ASW, and Kimberly Robertson, ASW. Our Legal Duty

We are required by law to: maintain the privacy of your protected health information (PHI); provide you with notice of our legal duties and privacy practices with respect to PHI; notify you following a breach of unsecured PHI; and abide by the terms of the notice currently in effect.

How We May Use and Disclose Your Health Information

The following categories describe the ways we may use and disclose your PHI without your written authorization:

•       Treatment: We may use and disclose your PHI to provide, coordinate, or manage your mental health care and related services.

•       Payment: We may use and disclose your PHI to obtain payment for services, verify insurance eligibility, or process billing.

•       Healthcare Operations: We may use and disclose PHI for quality assessment, clinical supervision, training, and administrative activities.

•       As Required by Law: We will disclose PHI when required by federal, state, or local law.

•       Public Health Activities: Disclosures may be made to public health authorities for activities authorized by law.

•       Victims of Abuse, Neglect, or Domestic Violence: We may disclose PHI to government agencies authorized to receive such information.

•       Health Oversight Activities: We may disclose PHI to agencies conducting oversight activities authorized by law (e.g., audits, investigations, inspections).

•       Judicial and Administrative Proceedings: We may disclose PHI in response to a court or administrative order, subpoena, or other lawful process.

•       Law Enforcement: We may disclose PHI to law enforcement officials as required by law or in limited circumstances permitted by HIPAA.

•       Serious Threats to Health or Safety: We may disclose PHI if necessary to prevent or lessen a serious and imminent threat to a person or the public.

•       Workers' Compensation: We may disclose PHI as authorized by workers' compensation laws.

Your HIPAA Rights

You have the following rights with respect to your PHI:

•       Right to Access: You have the right to inspect and obtain a copy of your PHI used to make decisions about your care. Requests for access to outpatient psychotherapy records are subject to additional documentation requirements under California Civil Code § 56.104.

•       Right to Amend: You may request that we amend your PHI if you believe it is incorrect or incomplete.

•       Right to an Accounting of Disclosures: You have the right to receive an accounting of certain disclosures of your PHI made in the six years prior to your request.

•       Right to Request Restrictions: You may request that we restrict uses or disclosures of your PHI for treatment, payment, or healthcare operations.

•       Right to Confidential Communications: You may request that we communicate with you in a certain way or at a certain location.

•       Right to a Paper Copy of This Notice: You may request a paper copy of this Notice at any time.

•       Right to Notification of Breach: You have the right to be notified in the event of a breach of your unsecured PHI.

California Patient Access Rights (PAHRA)

Under California's Patient Access to Health Records Act (Health & Safety Code § 123100 et seq.) and more recent PAHRA updates, you have the right to access your medical records within five (5) business days of your request. Fees for copies are limited as specified by California law.

As a California licensed clinical social worker, we are legally required to report the following, regardless of confidentiality:

•       Suspected child abuse or neglect (California Penal Code § 11164 et seq. — Mandatory Reporter)

•  Suspected elder abuse or dependent adult abuse (California Welfare and Institutions Code § 15630 et seq.)

•  Tarasoff duties: We are required to take reasonable steps to protect an identifiable third party when a client makes a serious, credible threat of imminent harm (Tarasoff v. Regents of University of California; California Civil Code § 43.92)

•  Imminent danger to self: When a client poses an imminent danger to themselves, we may be required to take protective action

•  Reporting to licensing boards as required by Business and Professions Code § 801 et

We will obtain your written authorization before using or disclosing your PHI in the following circumstances:

•       Most disclosures of psychotherapy notes (maintained separately from the medical record)

•       Sale of PHI

•       Marketing communications using PHI

•       Any disclosure not otherwise permitted or required by law

You may revoke your authorization in writing at any time. Your revocation will not apply to any action taken prior to our receipt of your written revocation.

California Psychotherapy Notes — Enhanced Protections

California law (Civil Code § 56.104) affords additional protections to psychotherapy notes (process notes) beyond general HIPAA protections. Psychotherapy notes are kept separately from the general medical record and generally require a separate written authorization for disclosure. These notes document the therapist's personal observations, impressions, and the content of sessions and are afforded the highest level of confidentiality.

Confidentiality of Sensitive Services — California CMIA

Under the California Confidentiality of Medical Information Act (CMIA) and AB 352 (effective January 1, 2024), your medical information related to the following sensitive services receives heightened legal protection:

•       Mental and behavioral health services

•       Sexual and reproductive health services

•       Substance use disorder diagnosis and treatment

•       Gender-affirming care

•       Intimate partner violence services

Conscious Connections Therapy has implemented administrative, technical, and physical safeguards to limit access to such information to only those authorized individuals directly involved in your care. This information will not be disclosed outside California without your explicit authorization, except as required by law.

The therapeutic relationship depends upon trust and confidentiality. All information you share in therapy is strictly confidential. No information will be released without your written consent, except in the specific circumstances described below.

Exceptions to Confidentiality

In accordance with California law, NASW Code of Ethics, and federal regulations, confidentiality may be breached under the following circumstances:

•  Child Abuse/Neglect Reporting: As mandated reporters under California Penal Code § 11166, we are required to report known or reasonably suspected child abuse or neglect immediately to child protective services and/or law enforcement.

•  Elder and Dependent Adult Abuse: We are required to report known or suspected abuse, neglect, or financial exploitation of elders (65+) or dependent adults to Adult Protective Services under California Welfare and Institutions Code § 15630.

•  Duty to Protect (Tarasoff): If a client makes a credible, serious, and imminent threat of violence against a reasonably identifiable victim, we are required by law to take protective action. This may include warning the potential victim, contacting law enforcement, and/or initiating an involuntary psychiatric hold.

•  Imminent Danger to Self: When a client presents an imminent risk of suicide or self-harm, we may take protective action including initiating a 5150 hold under California Welfare and Institutions Code § 5150.

•  Court Orders and Subpoenas: We may be compelled to disclose PHI by court order or valid legal process. We will inform you of such requests and seek to limit disclosures to the minimum necessary.

•  Supervision: Associate therapists Brigetta Alexander, ASW, and Kimberly Robertson, ASW, provide services under the clinical supervision of Lynzie Genel, LCSW. Case information is routinely discussed in supervision as required by California law. All supervisors are bound by the same confidentiality obligations.

•  Consultation: We may occasionally consult with other professionals (e.g., psychiatrists, medical providers) regarding client care. Identifying information is protected to the extent possible.

•  Insurance and Billing: If you use insurance benefits, we are required to submit certain information including diagnosis codes. By using your insurance benefits, you authorize such limited disclosures.

Conscious Connections Therapy provides services exclusively via telehealth. All telehealth services are provided to clients physically located within the State of California at the time of each session, consistent with the licensure requirements of the California Board of Behavioral Sciences.

California Telehealth Law

Telehealth services are provided in accordance with the California Telehealth Advancement Act of 2011 (California Business and Professions Code § 2290.5) and subsequent updates. Clients have the right to refuse telehealth services and request in-person services where available.

Telehealth-Specific Risks and Limitations

•       Technology failures (internet disruptions, video/audio loss) may occasionally interrupt sessions

•       Despite reasonable security measures, absolute confidentiality of internet-based communication cannot be guaranteed

•       Clients must participate from a private location where they will not be overheard

•       The therapist cannot provide the same physical assessment as an in-person provider

•       Emergency interventions may be limited by geographic distance

Platform Security

Telehealth sessions are conducted using HIPAA-compliant, encrypted Electronic Health Record platform, TherapyNotes. We require a complete Telehealth Informed Consent form prior to initiating services, which is provided through our secure client portal.

License Display — Telehealth (SB 1024)

In accordance with Senate Bill 1024 (effective January 1, 2025), licensees providing services via telehealth are not required to physically display their license or registration during remote sessions. However, all required licensee information is provided to clients in this Notice and in the intake documentation.

Website Privacy Policy

This section applies to information collected through our website (www.consciousconnectionstherapy.org) and is separate from clinical health information protected by HIPAA and CMIA.

Information Collected Automatically

Our website may automatically collect the following through standard web technologies (cookies, analytics, etc.):

•       IP address and approximate geographic location

•       Browser type, operating system, and device information

•       Pages visited and time spent on each page

•       Date and time of visit

•       Referring website or source

This data is used solely to understand and improve website performance and is not linked to your clinical record.

Information You Voluntarily Provide

If you submit a contact form, inquiry, or appointment request, we may collect your name, email address, phone number, and the general content of your message.

IMPORTANT: Do not include sensitive health information in online contact forms. Website contact forms are not encrypted to HIPAA standards and are not an appropriate method for sharing protected health information.

Third-Party Services:

Our website may use the following third-party services, each of which has its own privacy policy:

•       Squarespace (website hosting and analytics)

•       Google Analytics (website traffic analysis)

•       Scheduling platforms (e.g., appointment booking tools)

•       Payment processors (for applicable fees)

We do not sell, rent, or share your personal information for marketing purposes. Third-party tools operate under their own privacy practices, which we encourage you to review.

As a California-based business serving California residents, we are subject to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). Please note that information protected by HIPAA and the CMIA is generally exempt from CCPA/CPRA requirements; this section applies primarily to non-PHI website data.

Your CCPA/CPRA Rights

•       Right to Know: You have the right to know what personal information we collect, use, disclose, and sell.

•       Right to Access: You may request a copy of the personal information we have collected about you in the prior 12 months.

•       Right to Delete: You may request deletion of personal information we have collected, subject to certain legal exceptions.

•       Right to Correct: You have the right to request correction of inaccurate personal information.

•       Right to Opt Out of Sale or Sharing: Conscious Connections Therapy does not sell or share your personal information for cross-context behavioral advertising.

•       Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information to what is necessary to provide services.

•       Right to Non-Discrimination: You will not be discriminated against for exercising your CCPA/CPRA rights.

Exercising Your CCPA/CPRA Rights

To exercise any of the above rights, please contact us in writing at LynzieGenelLCSW@consciousconnectionstherapy.org. We will verify your identity and respond within 45 calendar days of receipt of your request (or within 90 days if we notify you of the need for an extension). We respond to at least two requests per year at no charge.

Conscious Connections Therapy operates in accordance with the National Association of Social Workers (NASW) Code of Ethics (2021), which establishes the following ethical standards related to privacy and confidentiality:

•       Standard 1.07(a): Social workers should respect clients' right to privacy and seek only information relevant to professional services.

•       Standard 1.07(b): Social workers may disclose confidential information only with valid client consent, except where legally required.

•       Standard 1.07(c): Social workers protect the confidentiality of all information in the course of professional service, except for compelling professional reasons.

•       Standard 1.07(e): Social workers should discuss confidentiality policies and procedures at the outset of services and whenever there are changes.

•       Standard 1.07(f): Social workers must uphold confidentiality in all aspects of practice including supervision, consultation, electronic records, and publications.

•       Standard 1.07(m): Social workers should take reasonable precautions to protect client confidentiality in the event of unintended termination or death of the practitioner.

•       Standard 1.07(r): Social workers should be aware of laws and policies governing digital technology and take reasonable precautions related to its use.

Conscious Connections Therapy affirms the dignity, privacy, and autonomy of every client. We do not discriminate on the basis of gender identity, gender expression, sexual orientation, sex characteristics, race, ethnicity, national origin, religion, disability, age, marital or family status, or any other characteristic protected under state or federal law.

Confidentiality of Identity-Related Information

In accordance with California law and BBS professional standards, the following information is treated as confidential health information and will not be disclosed without your written authorization except as required by law:

•       Gender identity, gender expression, and pronouns

•       Legal name vs. chosen/preferred name

•       Transition status or gender-affirming care history

•       Sexual orientation

Clients may request that their identified name and pronouns be used in all communications and documentation. We will honor these preferences to the fullest extent possible while maintaining compliance with insurance, billing, and mandatory regulatory requirements.

Sensitive Services — AB 352 Protections

Pursuant to AB 352, medical information related to gender-affirming care is classified as sensitive services and receives heightened protection under the CMIA (effective January 1, 2024). We have implemented systems to segregate this information and prevent its disclosure to entities outside California without your authorization.

To protect your confidentiality and maintain appropriate therapeutic boundaries:

•       Email and text messaging: These channels are appropriate only for scheduling and non-urgent, non-clinical communication. They are not considered secure or HIPAA-compliant for clinical content. By communicating via email or text, you accept the associated privacy risks.

•       Secure client portal: All clinical communication, documents, and sensitive information should be exchanged through our HIPAA-compliant secure client portal.

•       Social media: We do not communicate with current or former clients via social media platforms. We cannot accept friend requests, follows, or direct messages from clients to protect your confidentiality and the therapeutic relationship.

•       Reviews and public comments: We are ethically prohibited from responding to public reviews or acknowledging therapeutic relationships.

•       Monitoring: Email, website contact forms, and voicemail are not monitored 24 hours a day, 7 days a week. They are not appropriate for crisis communication.

Conscious Connections Therapy does not provide emergency or crisis services. If you are experiencing a mental health crisis or emergency, please contact the following resources immediately:

•       Dial 988 — Suicide & Crisis Lifeline (call or text, available 24/7)

•       Dial 911 — If you or someone else is in immediate physical danger

•       Kern County Crisis Hotline: (661) 872-6600

•       Go to your nearest emergency room

•       Contact your local mobile crisis team

Contact forms, emails, and voicemails are not monitored in real time and must not be used for crisis communication. You are encouraged to establish a personalized safety plan with your therapist.

Services for minors are provided in accordance with California law governing minor consent and parental rights.

Minor Consent

California law permits minors to consent to certain health care services without parental authorization, including outpatient mental health treatment (Health & Safety Code § 124260). When a minor independently consents to services, parents or guardians generally do not have the right to access those records without the minor's consent. We will clarify applicable consent rights and confidentiality parameters with all minor clients and their families at the outset of services.

Children's Online Privacy (COPPA)

We do not knowingly collect personal information from children under the age of 13 through our website. If you believe a child under 13 has submitted information through our website, please contact us immediately and we will take steps to delete it. Parents and guardians should supervise their children's internet use.

Security Safeguards

We implement the following safeguards to protect your information:

•       Administrative safeguards: Staff training on HIPAA and California privacy law; policies and procedures governing access to PHI; business associate agreements with all applicable vendors.

•       Technical safeguards: HIPAA-compliant encrypted EHR/client portal; encrypted electronic communications; secure backup systems; access controls limiting PHI access to authorized individuals.

•       Physical safeguards: Secure access to devices containing PHI; secure disposal of paper records; policies for device loss or theft.

Records Retention

Client records are retained for a minimum of seven (7) years following the last date of service, or for seven (7) years after a minor reaches the age of 18, whichever is later, in accordance with California Health & Safety Code § 123111 and applicable regulations. Records are disposed of in a confidential manner.

Breach Notification

In the event of a breach of unsecured PHI, we will notify affected individuals within 60 days of discovery of the breach, as required by the HIPAA Breach Notification Rule (45 CFR §§ 164.400–414) and California law. Notification will include a description of the breach, the types of information involved, steps you can take to protect yourself, and the steps we are taking to investigate and mitigate the breach.

Non-U.S. Residents

Our website and servers are operated in the United States. If you access our website from outside the United States, any information you submit will be transferred to and processed in the United States. By using our website, you consent to such transfer.

External Website Links

Our website may contain links to third-party websites. We have no control over, and are not responsible for, the privacy practices or content of any third-party sites. We encourage you to review the privacy policies of any site you visit.

Do Not Track

California law requires us to disclose how we respond to 'Do Not Track' signals. Our website does not currently alter its data collection practices in response to Do Not Track browser signals. You may disable cookies through your browser settings to limit data collection.

Informational Purpose Only

The content of this website, including blog posts and educational materials, is for general informational purposes only and does not constitute clinical, psychological, or medical advice. Viewing this website or submitting a contact form does not establish a therapist-client relationship.

Filing a Complaint

If you believe your privacy rights have been violated, you may file a complaint with:

•       Conscious Connections Therapy directly (see contact information below)

•       California Board of Behavioral Sciences: www.bbs.ca.gov | (916) 574-7830 | 1625 North Market Blvd., Suite S-200, Sacramento, CA 95834

•       U.S. Department of Health and Human Services, Office for Civil Rights: www.hhs.gov/ocr | 1-800-368-1019

We will not retaliate against you for filing a complaint.

Contact Information

Conscious Connections Therapy, A Professional Corporation

Lynzie Genel, LCSW #116340, Supervising Clinician

Email: LynzieGenelLCSW@consciousconnectionstherapy.org.

Website: www.consciousconnectionstherapy.org

Service Area: California (Telehealth Only)

Policy Updates

We reserve the right to update this Privacy Policy and Notice of Privacy Practices at any time. Material changes will be posted on our website with an updated effective date. Clients will be informed of significant changes and provided with an updated copy upon request or at the next session following any material change.