PRIVACY POLICY & NOTICE OF PRIVACY PRACTICES

Beyond the Horizon Counseling

Effective Date: January 14, 2025

1. INTRODUCTION


This Privacy Policy and Notice of Privacy Practices describes how Beyond the Horizon Counseling ("we," "our," or "us") collects, uses, discloses, and protects your personal information and protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA), New Jersey state law, and other applicable privacy regulations.


We are committed to maintaining the privacy and security of your information. This policy applies to all services provided by Shannon Rizzo, MSW, LCSW, through Beyond the Horizon Counseling.


2. CONTACT INFORMATION


Practice Name: Beyond the Horizon Counseling

Therapist/Privacy Officer: Shannon Rizzo, MSW, LCSW

Email: shannon@beyondthehorizoncounseling.com

Phone: (973) 229-5895

Service Area: All of New Jersey (Virtual/Telehealth Services Only)

Website: beyond-the-horizon-counseling.multiscreensite.com


3. INFORMATION WE COLLECT


We collect and maintain various types of information to provide you with quality mental health services:

3.1 Personal and Contact Information

Full name, date of birth, and contact details (email, phone number, mailing address)

Emergency contact information

Insurance information (if applicable)

Demographic information as relevant to treatment

3.2 Protected Health Information (PHI)

Mental health treatment history and current concerns

Therapy session notes and treatment plans

Diagnosis and assessment information

Appointment dates, times, and session summaries

Medical history relevant to mental health treatment

Medication information

3.3 Payment and Billing Information

Payment method details (processed securely through our payment processor)

Billing and invoicing records

Insurance claims and correspondence (if applicable)

3.4 Website and Technical Information

Browser type, device information, and IP address

Website usage patterns (pages visited, time spent on site)

Cookie data (see Section 10 for details)

Accessibility preferences (collected by UserWay widget)


4. HOW WE COLLECT INFORMATION


We collect information through multiple methods:

Directly from you through intake forms, consultations, and therapy sessions

Through our secure Electronic Health Records (EHR) system

Via telehealth video sessions conducted through our HIPAA-compliant platform

Through email, phone, or text communications

Via online appointment scheduling and our client portal

From insurance companies (when you use insurance benefits)

From other healthcare providers (only with your written authorization)

Through website cookies and analytics (anonymized usage data)


5. HOW WE USE YOUR INFORMATION


We use your information for the following purposes:

5.1 Treatment

Providing mental health counseling and therapy services

Developing and implementing treatment plans

Coordinating care with other healthcare providers (with your authorization)

Monitoring treatment progress and outcomes

5.2 Payment

Processing payments for services rendered

Billing insurance companies and submitting claims

Managing payment plans and financial arrangements

Responding to insurance inquiries and authorizations

5.3 Healthcare Operations

Scheduling and managing appointments

Sending appointment reminders via email or text

Quality improvement and clinical effectiveness monitoring

Professional training and clinical supervision (with identifying information removed when appropriate)

Legal and regulatory compliance

5.4 Communication

Responding to your questions and concerns

Providing information about services and scheduling

Sending administrative communications about your account


6. INFORMATION SHARING AND DISCLOSURE


We take your privacy seriously and limit the sharing of your information. We may share your information with the following third parties and only as necessary to provide services to you:

6.1 Electronic Health Records (EHR) System

We use a secure, HIPAA-compliant EHR system to maintain your clinical records, manage appointments, process billing, and provide telehealth services. This system provider acts as a Business Associate under HIPAA and is contractually obligated to protect your information.

6.2 Payment Processors

We use secure, HIPAA-compliant payment processors to handle credit card and payment transactions. These processors only receive the information necessary to process payments and are bound by strict confidentiality requirements.

6.3 Insurance Companies

If you use insurance benefits, we will share information with your insurance company as required for claims processing and payment, including diagnosis, treatment dates, and session notes as requested. We share only the minimum necessary information required for payment.

6.4 Website Hosting and Technology Providers

Website Hosting: Our website is hosted on a secure platform. The hosting provider may collect technical information such as IP addresses and browser data for site functionality and security purposes.

Accessibility Widget (UserWay): Our website uses the UserWay accessibility widget to ensure ADA and WCAG compliance. UserWay does NOT collect any personally identifiable information from website visitors. The widget collects only anonymous, aggregated metrics on widget usage (such as how many times accessibility features were activated) to improve accessibility functionality. UserWay's practices are designed with privacy-by-design principles. For more information, see UserWay's Privacy Policy at https://userway.org/privacy

6.5 Legal Requirements and Safety

We may disclose your information without your authorization when required or permitted by law, including:

When we believe in good faith that there is an imminent threat of serious harm to you or others

To report suspected abuse or neglect of children, elderly persons, or disabled individuals to appropriate authorities

In response to a court order, subpoena, or other legal process

To comply with state or federal regulations

To law enforcement officials as required by law

In workers' compensation proceedings

6.6 With Your Authorization

We will not share your information with family members, other healthcare providers, or any other third parties without your written authorization, except as described in this policy or as required by law. You may revoke your authorization at any time by contacting us in writing.


7. DATA SECURITY MEASURES


We implement comprehensive security measures to protect your information:

7.1 Technical Safeguards

End-to-end encryption for all electronic PHI transmission

Secure Socket Layer (SSL) encryption for website communications

Password-protected access to all systems containing PHI

Multi-factor authentication for administrative access

Regular security updates and patches to all systems

Secure, encrypted cloud storage with automatic backups

Firewall protection and intrusion detection systems

7.2 Administrative Safeguards

Comprehensive privacy and security policies and procedures

Regular risk assessments and security audits

Ongoing HIPAA training and compliance education

Business Associate Agreements with all third-party service providers

Documented breach notification procedures

7.3 Physical Safeguards

Secure storage of any physical records

Private, secure location for conducting telehealth sessions

Workstation security controls

Device encryption for all computers and mobile devices


8. DATA RETENTION AND DESTRUCTION


Record Retention Period: We retain your clinical records in accordance with New Jersey state law and professional standards:

For adult clients: A minimum of seven (7) years from the date of the last service

For minor clients: Seven (7) years from the last service OR two (2) years after the client reaches age 18, whichever is longer

HIPAA compliance documentation: Six (6) years from creation or last effective date

Secure Destruction: After the retention period expires, records are securely destroyed using methods that prevent reconstruction or retrieval of PHI, including:

Electronic records: Secure deletion with overwriting to prevent recovery

Physical records: Shredding or other destruction methods that render information unreadable

Early Destruction Requests: While we maintain records for the legally required period, you may request early destruction of your records. We will evaluate such requests on a case-by-case basis, considering legal, ethical, and clinical obligations. We may decline requests if retention is required for ongoing care, legal compliance, or other legitimate purposes.


9. BREACH NOTIFICATION


In the unlikely event of a breach of your unsecured PHI, we will notify you in accordance with HIPAA and New Jersey state law. A breach is defined as an unauthorized acquisition, access, use, or disclosure of PHI that compromises the security or privacy of your information.

Notification Timeline: We will notify you without unreasonable delay and no later than 60 days following discovery of the breach.

Notification Method: You will be notified by first-class mail to your last known address, or by email if you have agreed to electronic communication and we have a current email address on file.

Information Included: The notification will include:

A description of the breach and the date it occurred

The types of information involved

Steps you should take to protect yourself

What we are doing to investigate, mitigate, and prevent future breaches

Contact information for questions


10. COOKIES AND WEBSITE TRACKING


Our website uses cookies and similar tracking technologies to improve your experience. Here's what you should know:

10.1 Types of Cookies We Use

Essential Cookies: These are necessary for the website to function properly, including session management and security features. These cannot be disabled.

Functionality Cookies: These remember your preferences and settings, such as accessibility options selected through the UserWay widget.

Analytics Cookies: These collect anonymous information about how visitors use our website to help us improve its functionality and content. No personally identifiable information is collected.

10.2 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or delete specific cookies. However, please note that disabling cookies may affect the functionality of our website. To learn how to manage cookies in your browser, visit your browser's help section.

10.3 Do Not Track

Our website does not respond to Do Not Track (DNT) signals because there is no industry standard for how to respond to such signals.


11. YOUR RIGHTS UNDER HIPAA


Under HIPAA and New Jersey law, you have the following rights regarding your health information:

11.1 Right to Access Your Records

You have the right to inspect and obtain a copy of your health records. To request access, please submit a written request to the contact information provided in Section 2. We will respond within 30 days and may charge reasonable copying fees. In certain limited circumstances permitted by law, we may deny your request for access.

11.2 Right to Request Amendments

If you believe your health information is incorrect or incomplete, you may request an amendment. We will respond to your request within 60 days. We may deny your request if we determine the information is accurate and complete, or if we did not create the information. If we deny your request, you have the right to submit a written statement of disagreement.

11.3 Right to an Accounting of Disclosures

You have the right to receive an accounting of certain disclosures of your PHI made by us within the past six years (or shorter period if you request). This accounting will not include disclosures made for treatment, payment, healthcare operations, or disclosures made with your authorization. To request an accounting, submit a written request to the contact information in Section 2.

11.4 Right to Request Restrictions

You have the right to request restrictions on how we use or disclose your information for treatment, payment, or healthcare operations. You may also request limits on disclosures to family members or others involved in your care. We are not required to agree to your request except in one circumstance: if you pay for a service out-of-pocket in full and request that we not share that information with your health insurance company, we must honor that request.

11.5 Right to Request Confidential Communications

You have the right to request that we communicate with you about your health information by alternative means or at alternative locations. For example, you may request that we only contact you at a work phone number or through a specific email address. We will accommodate reasonable requests.

11.6 Right to a Paper Copy of This Notice

You have the right to receive a paper copy of this Privacy Policy at any time. To request a copy, contact us using the information in Section 2.

11.7 Right to File a Complaint

If you believe your privacy rights have been violated, you have the right to file a complaint with us or with the U.S. Department of Health and Human Services (HHS). To file a complaint with us, contact Shannon Rizzo at shannon@beyondthehorizoncounseling.com or (973) 229-5895. You will not be retaliated against for filing a complaint.

To file a complaint with HHS:

Office for Civil Rights U.S. Department of Health and Human Services 200 Independence Avenue, S.W. Washington, D.C. 20201 Phone: 1-877-696-6775 Website: www.hhs.gov/ocr/privacy/hipaa/complaints/


12. TELEHEALTH PRIVACY AND SECURITY


All services provided by Beyond the Horizon Counseling are delivered virtually through secure, HIPAA-compliant telehealth platforms. We take the following measures to protect your privacy during telehealth sessions:

End-to-end encryption for all video and audio communications

Secure waiting room features to prevent unauthorized access

Sessions are not recorded unless you provide explicit written consent

Private, secure location for conducting sessions on our end

Your Responsibilities: To maintain confidentiality during telehealth sessions, please:

Ensure you are in a private location where you cannot be overheard

Use headphones if others are nearby

Use a secure internet connection (avoid public Wi-Fi)

Keep your device password-protected

Close the session link/window immediately after the session ends


13. INFORMATION ABOUT MINORS


When providing services to minors (individuals under 18 years of age), we follow New Jersey laws regarding parental rights and minor confidentiality:

Parents or legal guardians generally have the right to access their minor child's health information

Certain exceptions exist where minors may have independent rights to privacy regarding treatment

We will discuss confidentiality and its limits with both parents/guardians and minor clients at the start of treatment

Records for minors are retained for seven years from the last service OR two years after the minor reaches age 18, whichever is longer


14. UPDATES TO THIS PRIVACY POLICY


We reserve the right to update this Privacy Policy at any time. When we make changes, we will update the effective date at the top of this document. Material changes to this policy will be communicated to you through:

Email notification to your last known email address

Posting a notice on our website

Providing a copy during your next session

The updated policy will apply to all information we maintain, including information collected before the change. The most current version of this Privacy Policy will always be available on our website and upon request.


15. NEW JERSEY STATE-SPECIFIC INFORMATION


As a mental health practice licensed in New Jersey, we comply with all applicable state laws and regulations, including:

New Jersey Board of Social Work Examiners regulations

New Jersey mental health confidentiality statutes

New Jersey record retention requirements (7 years for adult records, extended period for minors)

New Jersey mandatory reporting laws for abuse, neglect, and danger to self or others

New Jersey License Information:

Shannon Rizzo, MSW, LCSW Licensed Clinical Social Worker in New Jersey New Jersey Board of Social Work Examiners P.O. Box 45036 Newark, NJ 07101 Phone: (973) 504-6495

16. QUESTIONS AND CONTACT INFORMATION

If you have questions or concerns about this Privacy Policy, your rights, or our privacy practices, please contact:

Shannon Rizzo, MSW, LCSW Privacy Officer Beyond the Horizon Counseling Email: shannon@beyondthehorizoncounseling.com Phone: (973) 229-5895 Website: beyond-the-horizon-counseling.multiscreensite.com


17. ACKNOWLEDGMENT OF RECEIPT


By beginning services with Beyond the Horizon Counseling, you acknowledge that you have received, read, and understand this Privacy Policy and Notice of Privacy Practices. You understand that this document explains how your health information may be used and disclosed, and how you can access your information.


You acknowledge that you have been given the opportunity to ask questions about this policy and have received satisfactory answers. A signed acknowledgment form will be maintained in your client file.



© 2025 Beyond the Horizon Counseling. All Rights Reserved.

This document was last updated on January 14, 2025