iTel’s Privacy Policy

iTel Companies, Inc. (iTel®) and its websites are committed to your security and privacy.  From the registration process to every access point, both patients and providers will find that their unique identity and subsequent security starts with iTel’s Secure Cloud, which is HIPAA/HITRUST and PCI certified.  From the onset, this added security assures both the patient and provider that no one has unauthorized access to your private healthcare data.  This significantly improves protection of the identity of all users that have access to secure information.

  1.  Definitions

For the purposes of this notice, the term “Provider” includes all of the following (but is not limited to): therapists, psychologists, psychiatrists, physicians (i.e., doctors), nurse practitioners, physician assistants, licensed prescribers, coaches, nutritionists, and those trained in the practice of providing treatment or services to patients and/or clients.  The term “User” or “Users” is inclusive of (but not limited to) the following:  the general public, patients and their families, and any individual or entity that views, registers, makes use of, or makes entrance thereof into one of the iTel websites, irrespective of purpose.

  1.  Security Standards

iTel has implemented safeguards for electronic Protected Health Information (ePHI) user data through a number of additional procedures including (but are not limited to) administrative, physical, and technical measures such as:

256-bit AES of all user data and transmissions, including (but not limited to) the following:

  • Healthcare data
  • Credit card information
  • Email
  • Audio and video communications
  • User demographic data
  • Continuous 24/7 monitoring and risk analysis of all access points to our system 365 days a year
  • Continuous 24/7 monitoring and risk analysis of all hardware and software applications 365 days a year by outside security vendors/business partners with iTel
  • Technology that steps users off of web browser applications that have inherent security risks to our desktop application that allows for a 1:1 connection between patients and providers
  • iTel’s employees are educated and trained in our security policy and procedures with routine updates
  • Routine audits of iTel’s security are performed on a regular basis
  • Assignment of oversight and implementation of security measures to our security officer and technical team
  • Storage of patient & provider data will reside only on iTel’s secure cloud and will only transmit with user permission(s)
  • Back-up storage of all user data is behind a firewall and encrypted with 256-bit encryption
  • User authentication certificates to ensure recognition of those granted permission(s) for data access—regardless of location
  • Physical security at all areas of the center housing iTel’s hardware and software are monitored and recorded using closed circuit TV
    • all access points are controlled
    • staffing includes 24-hour security officers to augment physical security features
    • visitors are screened upon entry to verify their identity and escorted to appropriate locations
  • Access history is recorded 24/7
  • Storage of all essential hardware and software necessary for functionality of our websites and user interfaces in a secure location that includes:
    • Certified Security Staff
    • Managed Firewall & VPN Services
    • Vulnerability Assessment Services
    • Incident Management
    • Intrusion Detection Services
    • Patch Management
    • Denial of Service Attack Mitigation
    • Visa CISP & MasterCard SDP Certified
    • PCI 2.0 Compliance
    • HIPAA & SOX Compliance
    • Anti-Spam / Anti-Virus protection
  1.  Collection and Use of Data

When using our Services, we will ask you for certain personally identifiable information.  This refers to information about you that can be used to contact or identify you, and information on your use or potential use of the Services and related services (collectively, “Personal Information”).  Personal Information that we might collect would include things like your name, phone number, gender, date of birth, diagnostic coding for billing purposes, occupation, hometown, personal interests, credit card or other billing and/or payment information, your email address and the email address of your contacts, home and business postal addresses, website URLs, insurance data (such as your insurance carrier and insurance plan policy numbers), certain health information (such as health care providers you have seen, your reason for scheduling an appointment with a Provider, and parts of your medical history), and any other information or data that you provide when using the Services.  We also collect information you provide voluntarily in free-form text boxes on the Site, and through responses to surveys, standardized questionnaires and rating scales, and the like.  If you communicate with us by, for example, email, facsimile or letter, any information provided in such communication may be collected as Personal Information.

We collect Personal Information from you to provide you a safe, smooth, efficient, and customized user experience and allow for necessary billing and payment(s) through our third party business partners.  The collection of Personal Information also enables our users to establish a user account and profile that can be used to interact with Providers and authorized administrators, and other users through the Site.  We only collect Personal Information necessary to conduct your appointments and billing for the Services.  You always have the option not to provide some, or any, Personal Information by either choosing not to become a registered user of the Services, or else by skipping the particular feature of the Services for which the Personal Information is being collected.  You can view our websites anonymously, but once you become a registered user of the Services, we will ask you to provide Personal Information, such as:

  • Contact and identity information (e.g., mailing address and phone number)
  • Insurance and other billing information (e.g., credit card number)
  • Health information (e.g., date of birth)
  • Other personal information as indicated (our forms indicate what information is required, and what information is optional)

You are under no obligation to provide us with this Personal Information.  We use your Personal Information to provide the Services and administer your inquiries.

  1.  De-identified Health information

Some of the Personal Information we collect from you is unrelated to your receipt of counseling and therapy services through the Services.  Examples of how we may use your Personal Information include, but are not limited to, the following:

  • Improved navigation of the Services
  • Provide customer services to address service and billing problems via telephone or email
  • Troubleshoot and address technical or user problems
  • Collect or bill any amounts due from you
  • Better understand users’ needs and interests
  • Personalize and customize your experience
  • Detect and protect the Services against error, fraud, and other criminal activity
  • Enforce and administrate our Terms of Use
  • Provide you with system or administrative messages, and as otherwise described to you at the time of payment for the Services
  • Provide you with further information, educational materials, and offers from us that we believe you may find useful or interesting

If you decide at any time that you no longer wish to receive certain communications from us, please follow the opt out instructions provided in any of the communications or select the appropriate applicable option in your user profile if available. You may edit your user profile in the settings section of your dashboard.  You cannot elect to unsubscribe some administrative communications, such as notification of new messages from your Provider or clinic messages.  To stop receiving these communications, you will need to deactivate your account by submitting a request to us at support@itelcompanies.com.

  1.  Electronic Personal Health Information (ePHI)

We are dedicated to maintaining the privacy and integrity of your electronic protected health information (“ePHI”).  This ePHI is information about you that may be used to identify you (such as your name, social security number, date of birth, phone number, or address), and that relates to (a) your past, present, or future physical or mental health or condition; (b) the provision of health care to you, or; (c) your past, present, or future payment for the provision of your health care.  In providing the Services, we will receive and create records containing your ePHI, and may use it to assist you in scheduling appointments, remind you of upcoming or follow-up appointments, inform you of canceled appointments, allow Providers to make appointments with other Providers on your behalf through the Services, bill amounts due for health care services provided by a Provider under the Services or the Site, develop and conduct surveys with you to assist in providing you better Services, conduct our management and administrative activities of the Site, and otherwise as stated in this Privacy Policy.  We may also use your de-identified ePHI to run (or authorize third parties to run) statistical research on individual or aggregate health or medical trends.  Such research would only use your ePHI in an anonymous manner that cannot be tied directly back to you.  We are required by law to maintain the privacy and confidentiality of your ePHI, and we operate the Services consistent with applicable federal and state laws governing health information privacy and security.

This Privacy Policy describes how we protect your privacy as a general user of the Services, not as a patient receiving mental health advice or consultation through the Services from a Provider.  If you are a patient receiving mental health advice or consultations through the Services from a Provider, you have other rights with respect to the access, use, and disclosure of ePHI.  For a more complete description of a patient’s rights under HIPAA, please refer to your Provider’s Notice of Privacy Practices, which provides important information to you about how your ePHI may be used and disclosed.

HIPAA Compliance:  In accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) iTel has established policies and procedures that are dedicated to the assurance of patient and provider privacy and security.  iTel’s technology team, employees, and Medical Advisory Board have contributed to the development and maintenance of our policies and procedures.

iTel websites comply with the HIPAA Privacy Rule (45 CFR Parts 160 and 164) and the HIPAA-HITECH Security Rule (45 C.F.R. §164.308(a)(8)), which provide the “federal floor” of privacy protection for health information in the United States, while allowing more protective (“stringent”) state laws to continue in force. Under the Privacy Rule, electronic Protected Health Information (ePHI) is defined very broadly.  ePHI includes individually identifiable health information related to the past, present, or future physical or mental health condition, the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.  Even the fact that an individual received medical care is protected information under the regulation, and iTel strictly enforces compliance of these regulations.

iTel recognized that the Privacy Rule establishes a federal mandate for individual rights in health information, imposes restrictions on uses and disclosures of individually identifiable health information, and provides for civil and criminal penalties for violations.  The complementary Security Rule includes standards for protection of health information in electronic form as noted in the above Security Standards.

Rights Under the Privacy Rule

iTel recognizes that the individual, who is the subject of electronic Protected Health Information (ePHI), has the following rights under the Privacy Rule:

  • Right to access, inspect and copy ePHI held by hospitals, clinics, health plans and other “covered entities,” with some exceptions
  • Right to request amendments to ePHI held by “covered entities”
  • Right to request an accounting of disclosures that have been made without authorization to anyone other than the individual for purposes other than treatment, payment and health care operations
  • Right to receive a Notice of Privacy Practices from doctors, hospitals, health plans and others in the health care system
  • Right to request confidential communications of ePHI, e.g., having ePHI transmitted to a different address or a different telephone number
  • Right to request restrictions on uses or disclosures, although the “covered entity” receiving the request is not obligated to accept it
  • Right to complain about privacy practices to the “covered entity” and to the Secretary of Health and Human Services

Limits on Uses and Disclosures
The “covered entities” (Providers and other third party administrators) that utilize and operate iTel’s websites and partner in providing its services are not employees of iTel Companies, Inc., and although they may hold ePHI, they may use it without an individual’s consent for the purposes of providing treatment to the individual.  iTel provides the portal and relay of that information for payment activities such as claims adjudication and premium setting, and for operation of the businesses that provide those services. They are also permitted to use and disclose ePHI as required or permitted by other laws (e.g., laws related to reporting of child or elder abuse, public health oversight and national security investigations).

iTel does not allow for use of ePHI in marketing, research, fundraising, or any other activities that are not part of treatment, payment, health care operations, and other categories specifically identified under the Privacy Rule.  New disclosures of ePHI not previously authorized by users will be required to allow iTel to release that information by requiring the user to complete permission(s) to be checked off prior to transmission.  Based on the permissions authorized by users, disclosures of selected ePHI will be granted to those individuals that are non-medical entities such as family members or responsible parties involved in the payment of their care.

In addition to specific restrictions on uses and disclosures, iTel adheres to the Privacy Rule that imposes a general “minimum necessary” requirement on those who hold and use ePHI.  Except for disclosures to the individual who is the subject of ePHI or disclosures for treatment purposes, iTel limits their uses and disclosures to “minimum necessary” information required to perform a task.  iTel’s policies and procedures specify what ePHI can be viewed by different classes of its employees, what ePHI should be released in response to routine inquiries, and includes a process that is in place for deciding what ePHI should be released in response to non-routine requests.

THIRD PARTIES:  iTel requires that formal business contracts specify compliance with HIPAA policy with all business partners and third party administrators which use ePHI to perform functions on its behalf. iTel’s business partners may include (but are not limited to) law firms, accounting firms, accreditation organizations, credentialing services, billing services, pharmacy benefit managers, pharmacies, laboratories, insurance companies, and other third-party administrators.  All formal business agreements with iTel stipulate that the business partner or vendor will safeguard ePHI and will assist the “covered entity” in complying with its obligations with regard to individual rights and oversight by the Secretary of Health and Human Services (HHS).  However, links that navigate users away from iTel websites are not covered by iTel’s Privacy Policy.

a. iTel Employees
Every one of our employees, whose job might allow them to come into contact with your electronic Personal Information has completed HIPAA training and job-specific training on how to protect and respect your Personal Information, including your PHI.  We have clear policies in place in the event of a privacy or security concern regarding your Personal Information, so we can react quickly and resolve the issue appropriately.  We will limit access to your Personal Information to personnel who have a need to know it for purposes of delivering our Services.  All of our personnel must comply with our restrictions on access, use, and disclosure of ePHI or face disciplinary action, up to and including termination.

b. Psychotherapy Notes
iTel’s Privacy Policy takes special note of Psychotherapy Notes, which are afforded special treatment and heightened protection.  For most purposes, a covered entity may not use or disclose information contained in psychotherapy notes without an authorization from the individual that meets the Privacy Rule’s requirements. Such an authorization must specify, among other requirements, who is authorized to receive the information and include an expiration date or event as specified by 45 CFR §164.508(a)(2).  iTel will enable Providers to verify with their Patients what (if any) psychotherapy notes would be released by providing template user forms which allow Patients to authorize their release.  Any changes or modifications to an authorization to release psychotherapy notes by a Patient will be communicated immediately by iTel to their Provider by secure email notification.  iTel requires that covered entities strictly adhere to the Privacy Rule, which prohibits a covered Health Care Provider or a health plan from conditioning treatment, payment, enrollment in the health plan, or the provision of benefits on the individual’s authorization for the release of psychotherapy notes.

DEFINITIONS:  The Privacy Rule defines “psychotherapy notes” as “notes recorded (in any medium) by a Health Care Provider who is a mental health professional documenting or analyzing the contents of conversation during a private counseling session or a group, joint, or family counseling session and that are separated from the rest of the individual’s medical record. Psychotherapy notes excludes medication prescription and monitoring, counseling session start and stop times, the modalities and frequencies of treatment furnished, results of clinical tests, and any summary of the following items: diagnosis, functional status, the treatment plan, symptoms, prognosis, and progress to date” 45 CFR §164.501.  Further, the diagnosis (or disease code) and certain other information, including prescribed medications, are not considered to be psychotherapy notes and may be disclosed for treatment, payment, or health care operational purposes.

  1.  Patriot Act Privacy Requirements

Under the USA Patriot and Terrorism Prevention Reauthorization Act (HR 3199 passed and signed into law on March 9th, 2006) section 215 of the law requires that Providers are required to release patients’ medical records when requested by the FBI as part of a counter-terrorism or counterintelligence investigation. Section 215 prohibits Providers to divulge to their patients that their records have been disclosed.  However, provisions of the Patriot Act grant Providers the right to challenge requests for patients’ medical records and restrictions against patient notification.

Revisions to this current version of the Patriot Act have established prerequisites that the FBI must meet before agents can obtain a court order to search private records. The FBI’s director or deputy director must approve, in writing, any request to search private records. The bureau also must submit to the court a “statement of facts” that establishes reasonable grounds to believe the records sought are relevant to a counter-terrorism investigation.

Additional safeguards added to the latest version of the Patriot Act allow Providers to consult an attorney when ordered by the FBI to produce medical records or other information as part of a counter-terrorism investigation without penalty.  The FBI cannot demand the names of attorneys consulted by parties ordered to produce the requested documents.  However, under the provisions of the Patriot Act the Provider is prohibited from disclosing to patients or their families that a request has been received, or whether any documents have been given to governmental authorities.  iTel maintains the position that the sole ownership of ePHI is that of both the patient and Provider.  Although iTel will cooperate with all requirements of both federal and state laws regarding ePHI, it will act to protect all patient information retained on its servers in 256-bit encryption version.

  1.  Privacy for Children and Minors

 Although iTel’s websites are not intended for use or directed to children under the age of 18, parents or authorized guardians may supervise and oversee their use.  Protection of login and password information, credit card information, ePHI, along with monitoring for safe use of iTel’s websites and conducting sessions remains the full responsibility of the parent and/or guardian.  It is the full responsibility of the Provider to verify that the parent and/or guardian is present before proceeding with the session.

  1.  Disclosures in Connection with Abuse, Neglect, or Domestic Violence

iTel’s Privacy Policy notes that as a covered entity, Providers may disclose information about individuals believed to be victims of abuse, neglect, or domestic violence to a government authority to the extent the disclosure is required by law, or if the individual agrees to such disclosure per 45 CFR §164.512(c). Additionally, a covered entity may disclose this type of information if such a disclosure is expressly permitted by a law or statute and certain specified criteria are met. Special provisions apply when the individual is unable to agree to the disclosure because of incapacity or when disclosure is needed to prevent serious harm. Disclosures related to possible child abuse may only be made to public health authorities or appropriate government agencies authorized by law to receive reports of child abuse or neglect.

  1.  Emailing and Messaging

We may use a third-party vendor to help us manage some of our email communications with you.  While we may supply this vendor with email addresses of those we wish them to contact, your email address is never used for any purpose other than to communicate with you on our or your Treatment Provider’s behalf. When you click on a link in an email, you may temporarily be redirected through one of the vendor’s servers (although this process will be invisible to you) which will register that you have clicked on that link, and have visited our Services.  We also often receive a confirmation when you open an email from iTel if your computer supports this type of program.  iTel uses this confirmation to help us make emails more useful to you.

Secure electronic messaging is always preferred to unsecure email, but under specific circumstances, insecure email communication containing PHI may take place between you and ITel.

For your convenience, iTel lets you choose whether to receive email communications containing PHI.  This email communication is not encrypted and may include messages from your Provider, appointment reminders, treatment referrals, and prescription information.

You should consider that standard email is not a secure means of communication.  There is some risk that any PHI contained in email may be disclosed to, or intercepted, printed, or stored by, unauthorized third parties.  iTel cannot ensure the security or confidentiality of messages sent by email.

You will receive email communication from iTel and Providers.  If you choose to receive PHI in emails, you authorize iTel to send you messages that include PHI, which may include disclosure of mental illness, substance abuse, and sexually transmitted disease.  This authorization indicates you understand and accept the risks involved with insecure email communication of your PHI.

You may always elect not to receive message content containing PHI. In that case, you would instead receive secure notifications of new messages that require you to log in to iTel’s secure site to read message content.  We recommend this option if you want to increase the security and confidentiality of your communications on iTel.

Even if you have requested us to send email containing PHI to you, you may revoke this request by submitting a formal written request to:  support@itelcompanies.com.

Even if you have given us permission to send emails to you, you may revoke that permission at any time by following the “opt out” information at the bottom of each such email.

Comments or questions sent to us using email or secure messaging forms will be shared with our staff who are most able to address your concerns. We will archive your messages once we have made our best effort to provide you with a complete and satisfactory response. However, these communications will not become part of your medical record (or other appropriate treatment record) unless and until you use the Services to obtain mental health advice or a consultation from a Treatment Provider.

When you use a service on the secure section of the Services to interact directly with Providers, some information you provide may be documented in your medical record or other appropriate treatment record, and available for use to guide your treatment as a patient.

  1.  Use of Cookies

iTel web pages use two types of “cookies”:  session-based and persistent.  The majority of cookies used are session-based.  These bits of information are stored temporarily in your computer’s random access memory (RAM) as a line of text.  When you close your browser, the cookie is destroyed and no trace of it remains on your hard drive. These session cookies are used solely as a method to improve the user experience for those visiting the site.  In very few cases, iTel web sites my use persistent cookies to store information for a longer period. In those cases, the webpage is clearly noted and the user can choose not to use that webpage feature. As noted above, in no case does iTel disclose, give, sell, or transfer any personal information about iTel web site visitors unless required for law enforcement or otherwise required by law.

  1.  Group Session & Webinar Privacy

iTel enables connections of both patients and Providers for group therapy sessions.  Those sessions shall be conducted by licensed Providers (which are not employees of iTel) and are intended to provide both therapeutic and educational value to patients.  iTel is not responsible for the content of the sessions or webinars (online web seminar(s)), which resides solely as that provided by the source, which will be disclosed and displayed to patients both prior and during those sessions.  If content is sponsored by a third party or entity, that will also be disclosed to those patients and/or clients participating in the group session or webinar.

In the course of group sessions, and prior to them, there will be a registration process that discloses to users (see “User Terms”) what information will be displayed during those sessions and/or webinars.  Only first names will be displayed on user screens.  Any personal information or ePHI that is disclosed during those sessions is considered to be a public disclosure, based on the user(s)’/patient(s)’ own recognizance.  iTel is not responsible for those disclosures or how other patients may use or interpret that information.  However, participation in group sessions or webinars will be governed by online verification of identity and background and may be conducted one of iTel’s business partners (see “Terms of Use” during registration), so as to offer users the optimal assurance that another user participating in those sessions does not have a criminal background, and/or to provide disclosure to group participants prior to sessions initiating, thus allowing them the ability to “opt out” of participation in the session.  iTel will not allow posting or dissemination of any other ePHI to users participating in the group sessions or webinars, except to third parties, such as health insurance companies involved in payment and for billing purposes.

  1.  Substance Abuse Privacy Policy & Disclosures

NOTE: The Confidentiality of Alcohol and Drug Abuse Patient Records Regulation and the HIPAA Privacy Rule impart many implications for Alcohol and Substance Abuse Programs, Providers, and Patients. Therefore, iTel has adopted this portion of its Privacy Policy from the June 2004 Rules published by the U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES, Substance Abuse and Mental Health Services Administration, Center for Substance Abuse Treatment.

DEFINITIONS: The Privacy Rule generally defines a Health Care Provider to include a person or organization who furnishes, bills or is paid for health care in the normal course of business, which would include substance abuse treatment programs.  A substance abuse treatment program is defined as an individual or entity that provides alcohol or drug abuse diagnosis, treatment or referral. For the purposes of this document, the term “program” includes both individual substance abuse Providers and substance abuse provider organizations.

BACKGROUND: In the early 1970’s, Congress recognized that the stigma associated with substance abuse and fear of prosecution deterred people from entering treatment and enacted legislation that gave patients a right to confidentiality. For the almost three decades since the Federal confidentiality regulations (42 CFR Part 2 or Part 2) were issued, confidentiality has been a cornerstone practice for substance abuse treatment programs across the country.

In December, 2000, the Department of Health and Human Services (HHS) issued the “Standards for Privacy of Individually Identifiable Health Information” final rule (Privacy Rule), pursuant to the Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), 45 CFR Parts 160 and 164, Subparts A and E.[1]   Substance abuse treatment programs that are subject to HIPAA must comply with the Privacy Rule.[2] [3]  Substance abuse treatment programs that already are complying with Part 2 should not have a difficult time complying with the Privacy Rule, as it parallels the requirements of Part 2 in many areas. Programs subject to both sets of rules must comply with both, unless there is a conflict between them. Generally, this will mean that substance abuse treatment programs should continue to follow the Part 2 regulations. In some instances, programs will have to establish new policies and procedures or alter existing policies and practices. In the event a program identifies a conflict between the rules, it should notify the Substance Abuse and Mental Health Services Administration of HHS immediately for assistance in resolving the conflict.

This guidance is for substance abuse treatment programs that are subject to and already complying with the confidentiality requirements of Part 2.[4]  It explains which programs must also comply with the Privacy Rule and outlines what compliance will require. The guidance is not a legal opinion.

To assist Providers in complying with the Privacy Rule, iTel has included as a service to all its users further explanation of these policies in the “Terms & Conditions of Use” section of the registration process for both Providers, Patients, and Staff.  Further, iTel has provided templates that allow Patients to designate to whom and to which entities are allowed to view their ePHI as it specifically pertains to substance abuse treatment, in addition to those permissions they designated regarding all other ePHI.  Providers will have ready access to these authorizations and permissions as designated by Patients, and in the instance of any changes or modifications, the Provider will receive immediate notification of these changes by email from iTel.

Programs & Providers to which the Privacy Rule Applies
iTel requires full compliance with the Privacy Rule as it applies to “covered entities” which are health plans, health care clearinghouses and Health Care Providers[5] who transmit health information in electronic form (i.e., via computer-based technology) in connection with transactions for which HHS has adopted a HIPAA standard in 45 CFR Part 162. See 45 CFR §160.103. HIPAA transactions that a substance abuse treatment program[6] might engage in include:

  • Submission of claims to health plans
  • Coordination of benefits with health plans
  • Inquiries to health plans regarding eligibility, coverage or benefits or status of health care claims
  • Transmission of enrollment and other information related to payment to health plans
  • Referral certification and authorization (i.e., requests for review of health care to obtain an authorization for providing healthcare or requests to obtain authorization for referring an individual to another Health Care Provider)

If a substance abuse treatment program transmits health information electronically in connection with one or more of these Part 162 transactions, then it must comply with the Privacy Rule. Part 162 may be amended in the future to cover additional transactions.[7]

  1.  Special Authorization for Confidential HIV-related Information

Confidential HIV-related information (for example, information regarding whether you have ever been the subject of an HIV test, have HIV infection, HIV-related illness or AIDS, or any information which could indicate that you have ever been potentially exposed to HIV) will not be used or disclosed to any person without your specific written authorization, except to certain other persons who need to know such information in connection with your medical care, and, in certain limited circumstances, to public health or other government officials (as required by law), to persons specified in a court order, to insurers as necessary for payment for your care or treatment, or to public authorities in order to contact persons with whom you have had sexual contact or have shared needles or syringes (in accordance with  specified processes as set forth in applicable laws within your state).

  1.  Response to an Imminent Threat to Any Person or the Public

iTel’s Privacy Policy requires that Providers remain consistent with applicable law and standards of ethical conduct, where a covered entity may use or disclose ePHI if the covered entity, in good faith, believes that the disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public and the disclosure is to a person reasonably able to prevent or lessen the threat, which could include the target of the threat, or that the disclosure is necessary for law enforcement authorities to identify or apprehend an individual under certain circumstances.  iTel directs users to refer to the Privacy Rule 45 CFR §164.512(j) for further reference.

  1.  Workers Compensation

iTel’s Privacy Policy notes that as a covered entity under the Privacy Rule, a Provider may disclose protected health information as authorized by laws relating to workers’ compensation or other similar programs. Workers’ compensation carriers are not considered health plans under the Privacy Rule, and are, therefore, not covered entities under the Privacy Rule. 45 CFR §164.512(l).

  1.  Inmates and Correctional Institutions

iTel may provide technological services to allow Providers to perform secure video-conferenced treatment within the confines of a Correctional Institution to inmates who are in need of medical and/or mental health services.  iTel’s Privacy Policy notes that as a covered entity, Providers may disclose your health information to (but not limited to) prison officers, nurses, physicians, psychologists, or other law enforcement officers while you are an inmate—if it is necessary to provide you with health care, or to maintain safety, security and good order at the place where you are confined. This includes sharing information that is necessary to protect the health and safety of other inmates or persons involved in supervising or transporting inmates.

  1.  Revisions to iTel’s Privacy Policy

Future revisions to iTel’s Privacy Policy will be updated on a routine basis, and as new laws and amendments are enacted.  Users of iTel websites will be notified by email of future updates if they indicate their desire for notification during the registration process via a check off box.  Otherwise, users are advised to periodically return to review our policies on a regular basis.  Revision dates will be posted at the top of the page of iTel’s Privacy Policy.

  1.  Use of Other Collected Information

Information that does not contain ePHI may be used to report treatment outcomes for designated diagnoses and diagnostic categories.  iTel may provide such statistical information to third parties such as governmental agencies including (but not limited to):

Other third parties that may collect information that does not contain ePHI may include pharmacies, pharmaceutical companies, pharmacy benefit management companies, and health insurance companies. iTel may be reimbursed by these third parties for compiling statistical data that has had all ePHI removed (otherwise known as “de-identified” information or data).

  1.  Information Sharing and Disclosure

We will not rent, sell, or share Personal Information about you with other people or non-affiliated companies except to provide the Services, when we otherwise have your permission, or under the following circumstances:

Providers. When you use the Site to access mental health services, you will be sharing your Personal Information with a Treatment Provider via the Services. By using the Services, you expressly consent to sharing your Personal Information with your Treatment Provider, and you understand that all information shared with your Treatment Provider is subject to your Treatment Provider’s professional and legal duties of confidentiality and responsibility, which iTel does not control. To increase coordination of care and reduce overhead for you, you authorize the sharing of this information with other Treatment Providers on iTel who you elect to contact.

Group Sessions. If you enter a group session, any information you provide during the session, which could include posts, video, and audio, will be shared with the other group participants.

User Profiles. User profile information, including your name, location, and other information you enter in your profile, may be displayed to your Treatment Providers to facilitate user interaction with the Site.

Communications in Response to User Submissions. As part of the Site and the Services, you may receive from iTel and other users email and other communications relating to your requests, mental health services, and other transactions. When you transmit information relating to your mental health services needs, ITel and the Treatment Providers you select may send you emails and other communications that they determine in their sole discretion relate to your mental health services needs.

Aggregate Information and Non-Identifying Information. We may share aggregated information that does not include Personal Information and we may otherwise disclose non-identifying Information and Log Data with third parties for industry analysis, demographic profiling, and other purposes. Any aggregated information shared in these contexts will not contain your Personal Information.

Service Providers. We may employ third-party companies and individuals to process your payments, facilitate our Services, to provide the Services on our behalf, to perform Services-related services (including, without limitation, maintenance services, database management, web analytics and improvement of the Services’ features), or to assist us in analyzing how our Services are used. These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Compliance with Laws and Law Enforcement. We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of ITel or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, any illegal, unethical or legally actionable activity. This includes, without limitation, exchanging information with Treatment Providers and law enforcement in response to Treatment Providers’ professional and legal responsibilities.

Business Transfers. We may sell, transfer or otherwise share some or all of our assets, including your Personal Information, in connection with a merger, acquisition, reorganization or sale of assets, or in the event of bankruptcy.

PLEASE NOTE THAT ANY INFORMATION, TEXT AND IMAGES THAT YOU POST OR DISCLOSE ON OR THROUGH PUBLIC PORTIONS OF THE SITE, OR ANY OTHER PUBLIC FORUMS, BECOMES PUBLIC INFORMATION AND MAY BE AVAILABLE TO VISITORS TO THE SITE AND/OR SEARCHABLE VIA THE INTERNET. Information regarding your activities in such Services may also be available for view by other users (for example, other users may be able to view a list of all postings you have made in all available forums). We urge you to exercise discretion and caution when deciding to disclose your Personal Information through a forum or otherwise through the Site. ITEL IS NOT RESPONSIBLE FOR THE USE OF ANY PERSONAL INFORMATION YOU VOLUNTARILY DISCLOSE THROUGH A FORUM OR OTHERWISE THROUGH THE SITE OR THE SERVICES.

  1.  Links to Other Sites

We may offer you the opportunity to access third-party content, services, or products by linking to a third party’s website. If you choose to visit an advertiser by “clicking on” a banner ad or other type of advertisement, or click on another third party link, you will be directed to that third party’s website. The fact that we may link to a website or present a banner ad or other type of advertisement is not an endorsement, authorization, or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not exercise control over third-party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit personal information from you. Other services follow different rules regarding the use or disclosure of the Personal Information you submit to them. Our Privacy Policy only applies to the Services and we are not responsible for the privacy practices or the content of other websites. You should check the privacy policies of those sites before providing your Personal Information to them.

  1.  Business Transfers

We may sell, transfer or otherwise share some or all of our assets, including your Personal Information, in connection with a merger, acquisition, reorganization or sale of assets, or in the event of bankruptcy.

PLEASE NOTE THAT ANY INFORMATION, TEXT AND IMAGES THAT YOU POST OR DISCLOSE ON OR THROUGH PUBLIC PORTIONS OF THE SITE, OR ANY OTHER PUBLIC FORUMS, BECOMES PUBLIC INFORMATION AND MAY BE AVAILABLE TO VISITORS TO THE SITE AND/OR SEARCHABLE VIA THE INTERNET. Information regarding your activities in such Services may also be available for view by other users (for example, other users may be able to view a list of all postings you have made in all available forums). We urge you to exercise discretion and caution when deciding to disclose your Personal Information through a forum or otherwise through the Site. ITEL IS NOT RESPONSIBLE FOR THE USE OF ANY PERSONAL INFORMATION YOU VOLUNTARILY DISCLOSE THROUGH A FORUM OR OTHERWISE THROUGH THE SITE OR THE SERVICES.

  1.  Agreement and Changes

By using the Services, you agree to the current Privacy Policy and our Terms, into which this Privacy Policy is incorporated. We reserve the right, in our sole discretion, to modify, discontinue, or terminate the Services or to modify this Privacy Policy at any time. If we modify this Privacy Policy, we will notify you of such changes by posting them on the Services or providing you with notice of the modification. We will also indicate when such terms are effective below. By continuing to access or use the Services after we have posted a modification or have provided you with notice of a modification, you are indicating that you agree to be bound by the modified Privacy Policy. If the modified Privacy Policy is not acceptable to you, your only recourse is to cease using the Services.

  1.  Contacting iTel Regarding Privacy Policy Issues

Concerns and questions regarding iTel’s Privacy Policy or issues pertaining to the application of its policy may be directed to:  privacy@itelcompanies.com or contact us by calling:  (480)-314-7407 or 1-800-553-8610 in the United States.  iTel fax number: (480)-551-5209.

Our mailing address:
ATTN:  Privacy Officer
iTel Companies, Inc.
10165 N 92nd St., Suite 101
Scottsdale, AZ  85258  USA

Effective: October 13th, 2014
Revised: September, 2015
Copyright © 2014 iTel Companies, Inc.  All rights reserved.

Footnotes for Substance Abuse Privacy Policy & Disclosures
[1] In August 2002, HHS adopted modifications to the Privacy Rule.
[2] The compliance date for the Privacy Rule was April 14, 2003. However, small health plans, as defined by the Privacy Rule, are not required to be in compliance until April 14, 2004.
[3] This guidance applies to substance abuse treatment programs that are also covered entities as defined by the Privacy Rule. Programs should seek legal counsel for assistance in determining whether they are covered entities.
[4] The Part 2 regulations apply to substance abuse treatment “programs” as defined by 42 CFR §2.11 that are “federally assisted” as defined by 42 CFR §2.12(b).
[5] The Privacy Rule generally defines a health care provider to include a person or organization who furnishes, bills or is paid for health care in the normal course of business, which would include substance abuse treatment programs.
[6] A substance abuse treatment program is defined as an individual or entity that provides alcohol or drug abuse diagnosis, treatment or referral. For the purposes of this document, the term “program” includes both individual substance abuse providers and substance abuse provider organizations.
[7] Neither Part 2 nor the Privacy Rule protects employment records held by a program in its role as employer. Note that while 42 CFR Part 2 arguably applies to substance abuse patient records covered by the Family Educational Rights and Privacy Act (FERPA) (20 USC §1232g; 34 CFR Part 99), the Privacy Rule does not.