I. How we collect, use, disclose, retain, and protect personal information.
Thecouch.com, Inc. and its subsidiaries and affiliates (collectively hereinafter referred to as the “The Couch”) respects and is committed to protecting the privacy rights of its psychiatrists, patients, prospects, business partners, and employees. To this end, this Privacy Notice provides an understanding of The Couch’s practices with respect to the collection, use, disclosure, and/or retention of personal data, including sensitive confidential health and financial information, obtained in connection with our Services and business processes.
As used in this Privacy notice “Personal Data” and/or “Personal Information” means information about an identified or identifiable natural person. The Couch’s medical practice platform also processes Protected Health Information Under the U.S. Health Insurance Portability and Accountability Act (“HIPAA”) meaning information, including demographic data, that relates to: 1) the individual’s past, present, or future physical or mental health condition; 2) the provision of the health care to the individual; or 3) the past, present, future, payment for the provision of health care to the individual; and that information identifies an individual; as well as, Sensitive Personal Data/Information meaning information about an identified or identifiable natural person that if loss, misused, or accessed/modified without authority, would adversely affect the privacy to which the individual is entitled under 5 U.S.C. Section 552a (the Privacy Act)*. Sensitive Personal Data includes Protected Health Information which means individually identifiable health information that is transmitted or maintained in any form or medium by a covered entity or its business associates, excluding certain educational and employment records.
The Couch, depending on the circumstances and applicable data protection law, will use different legal basis for processing personal information depending on the context in which that information is collected, used, disclosed, and/or retained. The Couch may process personal data when it is in its legitimate interest and/or based upon explicit consent from the end user to deliver its Services.
This Privacy Notice applies to the websites, products and/or services offered by The Couch through its practice management system.
II. How we use personal information
The Couch uses personal data in a variety of categories to provide its Services to its psychiatrists, patients, prospects, business partners, platform users, and employees. The type, sources, and purposes of personal information collected, used, disclosed, and/or retained depend on the context by which the personal data is provided by the end user.
The Couch processes the following types of personal data:
- Individual Identifiers
- Medical Record Information (i.e. medical history, diagnosis, prognosis)
- Employment/Professional Record (i.e. licensing credentialing)
- Commercial Record
- Geolocation Information
- Audio/Visual, electronic, or similar information (Sensitive Personal Information as Session)
- Sensitive Information Protection under law (Protected Health Information)
- The Couch processes the following categories of personal data:
- Medical Record Information, including minors
- Prescription Information, including minors
- Subscription Information (i.e. insurance; accounting/billing services)
- Payment Information
- Product/Services Information
- Technical Information
NIST SP 800-175B Rev. 1*
III. Personal Information we Collect From You
As a customer of The Couch’s platform Services you provide your name, contact details, employment/professional information, gender and preferred gender of therapist, relationship status, payment information, subscription type, insurance information, referral source, and other personal data, directly to The Couch when you register for the Services
Additionally, The Couch may collect personal data about the use of our Services. Data you provide when using the Services may include, information you disclose in a chat and your chat sharing preferences, audio/visual communication, documents you share with your doctor through the platform, geolocation and/or or other personal data elements through your use of The Couch’s services and websites. The Couch processes IP address, device identifier, geographic location, and/or usage information such as authentication, analytics, and other information that allows for a more personalized experience while using our Services. Please see the Cookies and Tracking section below for more detail about how The Couch processes personal data using your consent.
The Couch collects the following personal data in the following contexts:
- Medical Practice Management - The Couch’s practice management system allows medical practices to use one system to manage their practice including the processing of medical record information in a secure and confidential manner, facilitating communication between the practice and the patient, managing medical licensing and credentialing information through background checks and screening, offering phone support for the platform, and providing billing and tax services
- Psychiatric Marketplace - As a psychiatrist who uses our unique platform to start or expand your existing practice, The Couch processes personal information to match you to new patients based on your preferences.
- Patient Subscriptions – As a patient or prospective patient we may process your personal information to connect you with the medical services. We process your location, medical provider preferences, and contact information to facilitate information sharing between you and your doctor so that you can get the help you need. Additionally, we process PHI and other sensitive information such as prescription information and medical records information, as well as video and chat recordings of sessions with your medical provider.
- Confirm Secure Access – We process personal information in order to verify your identity and secure your account, as well as to communicate with you to resolve technical issues.
- Practice Management System Monitoring – We process information like cancelled sessions, “no shows”, ratings, reviews, complaints, and other client feedback to ensure quality services are being provided to each patient by our medical professional. If you consent, a The Couch employee medical professional may review your correspondence with your medical provider for quality assurance purposes. For example we may have a concerns about a specific medical professional’s clinical care and if you consented, we may contact you to acquire additional information about the quality of your session. Additionally we may process some data to offer you new features and make the services more convenient for you, as well understand how you use our services. For example we might assess the usage of various features and decide to divest unpopular features based on your use of the services. As a medical provider who uses our platform to run their practice we may process personal information to send you opportunities, promotions, news, updated, and reminders about our Services and/or your account support and maintenance.
- New platform features – We process personal data to enhance the website or application features such as adding additional questions to improve the matching algorithm to better match you with a psychiatrist in the Psychiatric Marketplace. We may process certain forms of sensitive information like religious preference to match you with a psychiatrist that is more closely aligned with your values.
- Compliance with all Laws – We may process personal data to comply with applicable laws including a court ordered subpoena requesting personal information. As a general rule we defer to your medical practice/professional, to decide to produce any health information, including psychiatric notes or messages. Many jurisdictions have strict rules governing protected health information and the patient/doctor relationship. We encourage you to discuss these disclosure obligations with your medical professional. The Couch does process personal and sensitive personal information on behalf of your medical professional and is committed to processing this type of personal information to protect patient and doctor privacy under all applicable data law.
- Your Safety and Safety of Others – We may process personal data to protect your safety or the safety of others when there is reason to believe that you or any other person may be in immediate danger, or your privacy infringed upon. We may use information to investigate and reach out to appropriate authorities accordingly if it is legally appropriate and permitted to do so.
IV. Personal Information we receive from others
In addition to the personal data we collect from you, we may also receive personal information about you from other sources and through our own independent research. We may receive your personal data from business partners and/or educational institutions and professional credentialing organizations. We may also receive your personal data from other third-party marketing partners. This third-party data may include credentialing information, demographic information, and other personal information such as contact details and/or professional practice information. The Couch obtains consent when applicable to receive personal information from other.
V. How we sell/share personal information
The Couch is a supplier of a unique practice management system that matches patients with compatible psychiatrists and allows any medical professional to run an independent online practice, while providing a mechanism for patients to receive quality health care. Through the use of The Couch platform we sell/share your personal data, including sensitive personal information, in order to provide you with the Services.
- Your data may be sold/shared to comply with applicable law.
- Your data may be handled by a select few employees who support the delivery of the technology and services. These employees are under strict duties of confidentiality and are vetted to ensure they are qualified to perform their job duties.
- We sell/share certain data with our platform partners and infrastructure Service Providers to operate a secure Platform to deliver our Services. Examples include: data hosting and storage providers, technology service providers, customer service providers, prescription service provider, billing and payment processing Service Providers, and Reporting and analytics Service Providers.
- We may sell/share some of your data in connection with an asset sale, merger, or bankruptcy.
- We also use a few APIs and SDKs to improve your experience. These business partners are included as subprocessors in The Couch subprocessor list. The location you share while these tools are running may be read, accessed, and collected by that site in accordance with applicable data privacy law. Note that if you make any information publicly available on the Platform, such as with a public post, anyone may see and use such information.
If you opt-in to “performance cookies”, we may use Third Party analytics cookie from trusted partners to process data for activities including but not limited to analyzing traffic sources, visits, and site interactions. This analysis helps us improve our products and services.
If you opt-in to “targeting cookies” and web beacons, information regarding your activity on our website, excluding activity when your are logged in as a patient, may be shared for advertising purposes.
We are not paid by anyone for your personal data, however, under the California Consumer Privacy Act, the law defines “sale” very broadly to potentially include the sharing of personal data in exchange for anything of value. Opting-in to the use of “targeting cookies” and web beacons may be considered the “sale” of personal information under this California law.
VI. Cookies and Tracking
A “cookie” is a small data file that is placed on your computer and used for record-keeping purposes. Cookies are used to enhance performance of the Platform and for Third Party tracking.
A web beacon or pixel is a an invisible image or embedded code, placed on a web page or email that can report your visit or use to a Third Party. In general, these tools help monitor activity of users for the purpose of web analytics, advertising optimization and page tagging.
Currently, The Couch does not use a cookie mechanism to obtain consent rather under HIPAA it requires consent through various applicable medical forms and consents upon registration.
VII. How we Protect your information
We apply industry standard security and best practices to prevent the unauthorized access and disclosure of personal data, including sensitive personal information. The Couch relies on a secure proprietary practice management system for the processing of medical record data and couples this with reputable commercial applications to deliver its Services.
Please refer to the Security Policy for additional information on the technical and organizational measures of The Couch.
VIII. User Data Access Requests
The Couch implements data access requests to exercise your privacy rights. Please email firstname.lastname@example.org to exercise your privacy rights. The Couch may verify your identity when needed to comply with the request, which may include reviewing government identification, and may be unable to proceed with your request if we are not able to verify your identify. You have the right to request that The Couch correct or otherwise amend your personal information. If you use The Couch may process personal information on behalf of a customer, and we may ask that you work with the customer to amend your personal information.
If you are a California resident, the rights described in the section above apply, and you may exercise these additional rights or designate an authorized agent to exercise these rights on your behalf.
Once per calendar year, you may request that The Couch disclose to you what “Personal Information” as defined in the California Consumer Privacy Act as amended by the California Privacy Rights Act (referred to in a consolidated way as “CPRA”) we collect, use, disclose and sell, and the specific Personal Information we have collected about you in the prior 12 months.
You have the right to request to know more details about the categories or specific pieces of Personal Information we collect (including how we use and disclose this Personal Information), to delete your Personal Information, to opt out of any “sales” (as defined in the CPRA) that may be occurring, and to not be discriminated against for exercising these rights.
These rights apply, in addition to the rights described in the first paragraph of this section, if you are located in the EEA, Switzerland or the UK. If you are located in another country in Europe this section does not apply and your rights are described in the first paragraph.
Subject to the exemptions under law, you may have the right to request access or delete your personal information. Under certain circumstances, you have the right to receive personal information that The Couch process about you and transmit that information to another organization, i.e., a right to data portability. You may also request that we restrict or block future processing of your personal information.
Where we previously obtained your consent in order to process your personal information, you have the right to withdraw that consent.
If you would like to exercise any of your privacy rights, please contact The Couch at email@example.com. We will validate these requests and carry out valid requests. If the request is not deemed valid, then we will share the reasons why it is not valid and your options for seeking resolution through a supervisory authority and through judicial remedy.
IX. Contact Information.
If you would like to exercise your privacy rights, please email us at firstname.lastname@example.org If you have questions about our privacy practices or this Privacy Notice you may write to us at: email@example.com.